]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
399a6f0b DSH |
5 | Changes between 0.9.8b and 0.9.9 [xx XXX xxxx] |
6 | ||
856640b5 DSH |
7 | *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. |
8 | [Steve Henson] | |
9 | ||
34b3c72e | 10 | *) Replace the algorithm specific calls to generate keys in "req" with the |
959e8dfe DSH |
11 | new API. |
12 | [Steve Henson] | |
13 | ||
399a6f0b DSH |
14 | *) Update PKCS#7 enveloped data routines to use new API. This is now |
15 | supported by any public key method supporting the encrypt operation. A | |
16 | ctrl is added to allow the public key algorithm to examine or modify | |
17 | the PKCS#7 RecipientInfo structure if it needs to: for RSA this is | |
18 | a no op. | |
19 | [Steve Henson] | |
28e4fe34 | 20 | |
03919683 DSH |
21 | *) Add a ctrl to asn1 method to allow a public key algorithm to express |
22 | a default digest type to use. In most cases this will be SHA1 but some | |
23 | algorithms (such as GOST) need to specify an alternative digest. The | |
24 | return value indicates how strong the prefernce is 1 means optional and | |
25 | 2 is mandatory (that is it is the only supported type). Modify | |
26 | ASN1_item_sign() to accept a NULL digest argument to indicate it should | |
27 | use the default md. Update openssl utilities to use the default digest | |
28 | type for signing if it is not explicitly indicated. | |
29 | [Steve Henson] | |
30 | ||
ee1d9ec0 DSH |
31 | *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New |
32 | EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant | |
33 | signing method from the key type. This effectively removes the link | |
34 | between digests and public key types. | |
35 | [Steve Henson] | |
36 | ||
d2027098 DSH |
37 | *) Add an OID cross reference table and utility functions. Its purpose is to |
38 | translate between signature OIDs such as SHA1WithrsaEncryption and SHA1, | |
39 | rsaEncryption. This will allow some of the algorithm specific hackery | |
40 | needed to use the correct OID to be removed. | |
41 | [Steve Henson] | |
42 | ||
492a9e24 DSH |
43 | *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO |
44 | structures for PKCS7_sign(). They are now set up by the relevant public | |
45 | key ASN1 method. | |
46 | [Steve Henson] | |
47 | ||
9ca7047d DSH |
48 | *) Add provisional EC pkey method with support for ECDSA and ECDH. |
49 | [Steve Henson] | |
50 | ||
ffb1ac67 DSH |
51 | *) Add support for key derivation (agreement) in the API, DH method and |
52 | pkeyutl. | |
53 | [Steve Henson] | |
54 | ||
3ba0885a DSH |
55 | *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support |
56 | public and private key formats. As a side effect these add additional | |
57 | command line functionality not previously available: DSA signatures can be | |
58 | generated and verified using pkeyutl and DH key support and generation in | |
59 | pkey, genpkey. | |
60 | [Steve Henson] | |
61 | ||
4700aea9 UM |
62 | *) BeOS support. |
63 | [Oliver Tappe <zooey@hirschkaefer.de>] | |
64 | ||
65 | *) New make target "install_html_docs" installs HTML renditions of the | |
66 | manual pages. | |
67 | [Oliver Tappe <zooey@hirschkaefer.de>] | |
68 | ||
f5cda4cb DSH |
69 | *) New utility "genpkey" this is analagous to "genrsa" etc except it can |
70 | generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to | |
71 | support key and parameter generation and add initial key generation | |
72 | functionality for RSA. | |
73 | [Steve Henson] | |
74 | ||
f733a5ef DSH |
75 | *) Add functions for main EVP_PKEY_method operations. The undocumented |
76 | functions EVP_PKEY_{encrypt,decrypt} have been renamed to | |
77 | EVP_PKEY_{encrypt,decrypt}_old. | |
78 | [Steve Henson] | |
79 | ||
0b6f3c66 DSH |
80 | *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public |
81 | key API, doesn't do much yet. | |
82 | [Steve Henson] | |
83 | ||
0b33dac3 DSH |
84 | *) New function EVP_PKEY_asn1_get0_info() to retrieve information about |
85 | public key algorithms. New option to openssl utility: | |
86 | "list-public-key-algorithms" to print out info. | |
87 | [Steve Henson] | |
88 | ||
33273721 BM |
89 | *) Implement the Supported Elliptic Curves Extension for |
90 | ECC ciphersuites from draft-ietf-tls-ecc-12.txt. | |
91 | [Douglas Stebila] | |
92 | ||
246e0931 DSH |
93 | *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or |
94 | EVP_CIPHER structures to avoid later problems in EVP_cleanup(). | |
95 | [Steve Henson] | |
96 | ||
3e4585c8 | 97 | *) New utilities pkey and pkeyparam. These are similar to algorithm specific |
f5cda4cb | 98 | utilities such as rsa, dsa, dsaparam etc except they process any key |
3e4585c8 | 99 | type. |
3e84b6e1 DSH |
100 | [Steve Henson] |
101 | ||
35208f36 DSH |
102 | *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New |
103 | functions EVP_PKEY_print_public(), EVP_PKEY_print_private(), | |
104 | EVP_PKEY_print_param() to print public key data from an EVP_PKEY | |
105 | structure. | |
106 | [Steve Henson] | |
107 | ||
448be743 DSH |
108 | *) Initial support for pluggable public key ASN1. |
109 | De-spaghettify the public key ASN1 handling. Move public and private | |
110 | key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate | |
111 | algorithm specific handling to a single module within the relevant | |
112 | algorithm directory. Add functions to allow (near) opaque processing | |
113 | of public and private key structures. | |
114 | [Steve Henson] | |
115 | ||
36ca4ba6 BM |
116 | *) Implement the Supported Point Formats Extension for |
117 | ECC ciphersuites from draft-ietf-tls-ecc-12.txt. | |
118 | [Douglas Stebila] | |
119 | ||
ddac1974 NL |
120 | *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members |
121 | for the psk identity [hint] and the psk callback functions to the | |
122 | SSL_SESSION, SSL and SSL_CTX structure. | |
123 | ||
124 | New ciphersuites: | |
125 | PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA, | |
126 | PSK-AES256-CBC-SHA | |
127 | ||
128 | New functions: | |
129 | SSL_CTX_use_psk_identity_hint | |
130 | SSL_get_psk_identity_hint | |
131 | SSL_get_psk_identity | |
132 | SSL_use_psk_identity_hint | |
133 | ||
134 | [Mika Kousa and Pasi Eronen of Nokia Corporation] | |
135 | ||
c7235be6 UM |
136 | *) Add RFC 3161 compliant time stamp request creation, response generation |
137 | and response verification functionality. | |
138 |