[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]

  *) Add an OID cross reference table and utility functions. Its purpose is to
     translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
     rsaEncryption. This will allow some of the algorithm specific hackery
     needed to use the correct OID to be removed. 
     [Steve Henson]

  *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
     structures for PKCS7_sign(). They are now set up by the relevant public
     key ASN1 method.
     [Steve Henson]

  *) Add provisional EC pkey method with support for ECDSA and ECDH.
     [Steve Henson]

  *) Add support for key derivation (agreement) in the API, DH method and
     pkeyutl.
     [Steve Henson]

  *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
     public and private key formats. As a side effect these add additional 
     command line functionality not previously available: DSA signatures can be
     generated and verified using pkeyutl and DH key support and generation in
     pkey, genpkey.
     [Steve Henson]

  *) BeOS support.
     [Oliver Tappe <zooey@hirschkaefer.de>]

  *) New make target "install_html_docs" installs HTML renditions of the
     manual pages.
     [Oliver Tappe <zooey@hirschkaefer.de>]

  *) New utility "genpkey" this is analagous to "genrsa" etc except it can
     generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
     support key and parameter generation and add initial key generation
     functionality for RSA.
     [Steve Henson]

  *) Add functions for main EVP_PKEY_method operations. The undocumented
     functions EVP_PKEY_{encrypt,decrypt} have been renamed to
     EVP_PKEY_{encrypt,decrypt}_old. 
     [Steve Henson]

  *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
     key API, doesn't do much yet.
     [Steve Henson]

  *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
     public key algorithms. New option to openssl utility:
     "list-public-key-algorithms" to print out info.
     [Steve Henson]

  *) Implement the Supported Elliptic Curves Extension for
     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
     [Douglas Stebila]

  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
     EVP_CIPHER structures to avoid later problems in EVP_cleanup().
     [Steve Henson]

  *) New utilities pkey and pkeyparam. These are similar to algorithm specific
     utilities such as rsa, dsa, dsaparam etc except they process any key
     type.
     [Steve Henson]

  *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New 
     functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
     EVP_PKEY_print_param() to print public key data from an EVP_PKEY
     structure.
     [Steve Henson]

  *) Initial support for pluggable public key ASN1.
     De-spaghettify the public key ASN1 handling. Move public and private
     key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
     algorithm specific handling to a single module within the relevant
     algorithm directory. Add functions to allow (near) opaque processing
     of public and private key structures.
     [Steve Henson]

  *) Implement the Supported Point Formats Extension for
     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
     [Douglas Stebila]

  *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
     for the psk identity [hint] and the psk callback functions to the
     SSL_SESSION, SSL and SSL_CTX structure.
     
     New ciphersuites:
         PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
         PSK-AES256-CBC-SHA
 
     New functions:
         SSL_CTX_use_psk_identity_hint
         SSL_get_psk_identity_hint
         SSL_get_psk_identity
         SSL_use_psk_identity_hint

     [Mika Kousa and Pasi Eronen of Nokia Corporation]

  *) Add RFC 3161 compliant time stamp request creation, response generation
     and response verification functionality.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
bf3d6c0c	5	Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
28e4fe34	6
d2027098 DSH	7	*) Add an OID cross reference table and utility functions. Its purpose is to
	8	translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
	9	rsaEncryption. This will allow some of the algorithm specific hackery
	10	needed to use the correct OID to be removed.
	11	[Steve Henson]
	12
492a9e24 DSH	13	*) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
	14	structures for PKCS7_sign(). They are now set up by the relevant public
	15	key ASN1 method.
	16	[Steve Henson]
	17
9ca7047d DSH	18	*) Add provisional EC pkey method with support for ECDSA and ECDH.
	19	[Steve Henson]
	20
ffb1ac67 DSH	21	*) Add support for key derivation (agreement) in the API, DH method and
	22	pkeyutl.
	23	[Steve Henson]
	24
3ba0885a DSH	25	*) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
	26	public and private key formats. As a side effect these add additional
	27	command line functionality not previously available: DSA signatures can be
	28	generated and verified using pkeyutl and DH key support and generation in
	29	pkey, genpkey.
	30	[Steve Henson]
	31
4700aea9 UM	32	*) BeOS support.
	33	[Oliver Tappe <zooey@hirschkaefer.de>]
	34
	35	*) New make target "install_html_docs" installs HTML renditions of the
	36	manual pages.
	37	[Oliver Tappe <zooey@hirschkaefer.de>]
	38
f5cda4cb DSH	39	*) New utility "genpkey" this is analagous to "genrsa" etc except it can
	40	generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
	41	support key and parameter generation and add initial key generation
	42	functionality for RSA.
	43	[Steve Henson]
	44
f733a5ef DSH	45	*) Add functions for main EVP_PKEY_method operations. The undocumented
	46	functions EVP_PKEY_{encrypt,decrypt} have been renamed to
	47	EVP_PKEY_{encrypt,decrypt}_old.
	48	[Steve Henson]
	49
0b6f3c66 DSH	50	*) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
	51	key API, doesn't do much yet.
	52	[Steve Henson]
	53
0b33dac3 DSH	54	*) New function EVP_PKEY_asn1_get0_info() to retrieve information about
	55	public key algorithms. New option to openssl utility:
	56	"list-public-key-algorithms" to print out info.
	57	[Steve Henson]
	58
33273721 BM	59	*) Implement the Supported Elliptic Curves Extension for
	60	ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
	61	[Douglas Stebila]
	62
246e0931 DSH	63	*) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
	64	EVP_CIPHER structures to avoid later problems in EVP_cleanup().
	65	[Steve Henson]
	66
3e4585c8	67	*) New utilities pkey and pkeyparam. These are similar to algorithm specific
f5cda4cb	68	utilities such as rsa, dsa, dsaparam etc except they process any key
3e4585c8	69	type.
3e84b6e1 DSH	70	[Steve Henson]
3e84b6e1 DSH	71
35208f36 DSH	72	*) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
	73	functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
	74	EVP_PKEY_print_param() to print public key data from an EVP_PKEY
	75	structure.
	76	[Steve Henson]
	77
448be743 DSH	78	*) Initial support for pluggable public key ASN1.
	79	De-spaghettify the public key ASN1 handling. Move public and private
	80	key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
	81	algorithm specific handling to a single module within the relevant
	82	algorithm directory. Add functions to allow (near) opaque processing
	83	of public and private key structures.
	84	[Steve Henson]
	85
36ca4ba6 BM	86	*) Implement the Supported Point Formats Extension for
	87	ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
	88	[Douglas Stebila]
	89
ddac1974 NL	90	*) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
	91	for the psk identity [hint] and the psk callback functions to the
	92	SSL_SESSION, SSL and SSL_CTX structure.
	93
	94	New ciphersuites:
	95	PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
	96	PSK-AES256-CBC-SHA
	97
	98	New functions:
	99	SSL_CTX_use_psk_identity_hint
	100	SSL_get_psk_identity_hint
	101	SSL_get_psk_identity
	102	SSL_use_psk_identity_hint
	103
	104	[Mika Kousa and Pasi Eronen of Nokia Corporation]
	105
c7235be6 UM	106	*) Add RFC 3161 compliant time stamp request creation, response generation
	107	and response verification functionality.
	108