]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
480af99e | 5 | Changes between 1.0.0 and 1.1.0 [xx XXX xxxx] |
aaf35f11 | 6 | |
ee2ffc27 BL |
7 | *) Add Next Protocol Negotiation, |
8 | http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be | |
9 | disabled with a no-npn flag to config or Configure. Code donated | |
10 | by Google. | |
11 | [Adam Langley <agl@google.com> and Ben Laurie] | |
12 | ||
eb1c48be DSH |
13 | *) Use type ossl_ssize_t instad of ssize_t which isn't available on |
14 | all platforms. Move ssize_t definition from e_os.h to the public | |
15 | header file e_os2.h as it now appears in public header file cms.h | |
16 | [Steve Henson] | |
17 | ||
1bf508c9 DSH |
18 | *) New function OPENSSL_gmtime_diff to find the difference in days |
19 | and seconds between two tm structures. This will be used to provide | |
20 | additional functionality for ASN1_TIME. | |
21 | [Steve Henson] | |
22 | ||
be449448 | 23 | *) New -sigopt option to the ca, req and x509 utilities. Additional |
4c623cdd | 24 | signature parameters can be passed using this option and in |
be449448 | 25 | particular PSS. |
4c623cdd DSH |
26 | [Steve Henson] |
27 | ||
f26cf995 | 28 | *) Add RSA PSS signing function. This will generate and set the |
17c63d1c DSH |
29 | appropriate AlgorithmIdentifiers for PSS based on those in the |
30 | corresponding EVP_MD_CTX structure. No application support yet. | |
31 | [Steve Henson] | |
32 | ||
85522a07 DSH |
33 | *) Support for companion algorithm specific ASN1 signing routines. |
34 | New function ASN1_item_sign_ctx() signs a pre-initialised | |
35 | EVP_MD_CTX structure and sets AlgorithmIdentifiers based on | |
36 | the appropriate parameters. | |
37 | [Steve Henson] | |
38 | ||
31904ecd DSH |
39 | *) Add new algorithm specific ASN1 verification initialisation function |
40 | to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1 | |
41 | handling will be the same no matter what EVP_PKEY_METHOD is used. | |
42 | Add a PSS handler to support verification of PSS signatures: checked | |
43 | against a number of sample certificates. | |
44 | [Steve Henson] | |
45 | ||
46 | *) Add signature printing for PSS. Add PSS OIDs. | |
ff04bbe3 | 47 | [Steve Henson, Martin Kaiser <lists@kaiser.cx>] |
fa1ba589 | 48 | |
ff04bbe3 DSH |
49 | *) Add algorithm specific signature printing. An individual ASN1 method |
50 | can now print out signatures instead of the standard hex dump. | |
51 | ||
52 | More complex signatures (e.g. PSS) can print out more meaningful | |
53 | information. Include DSA version that prints out the signature | |
54 | parameters r, s. | |
fa1ba589 DSH |
55 | [Steve Henson] |
56 | ||
db28aa86 DSH |
57 | *) Add -trusted_first option which attempts to find certificates in the |
58 | trusted store even if an untrusted chain is also supplied. | |
59 | [Steve Henson] | |
60 | ||
fbd21640 DSH |
61 | *) Initial experimental support for explicitly trusted non-root CAs. |
62 | OpenSSL still tries to build a complete chain to a root but if an | |
63 | intermediate CA has a trust setting included that is used. The first | |
64 | setting is used: whether to trust or reject. | |
65 | [Steve Henson] | |
66 | ||
67 | *) New -verify_name option in command line utilities to set verification | |
68 | parameters by name. | |
69 | [Steve Henson] | |
70 | ||
8c968e03 | 71 | *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE. |
c8ef656d | 72 | Add CMAC pkey methods. |
8c968e03 DSH |
73 | [Steve Henson] |
74 | ||
08c23970 | 75 | *) Experiemental regnegotiation in s_server -www mode. If the client |
c2bf7208 | 76 | browses /reneg connection is renegotiated. If /renegcert it is |
da454e4c | 77 | renegotiated requesting a certificate. |
08c23970 DSH |
78 | [Steve Henson] |
79 | ||
5e631217 DSH |
80 | *) Add an "external" session cache for debugging purposes to s_server. This |
81 | should help trace issues which normally are only apparent in deployed | |
82 | multi-process servers. | |
83 | [Steve Henson] | |
84 | ||
d2a53c22 DSH |
85 | *) Experiemental password based recipient info support for CMS library: |
86 | implementing RFC3211. | |
87 | [Steve Henson] | |
88 | ||
3d63b396 DSH |
89 | *) Split password based encryption into PBES2 and PBKDF2 functions. This |
90 | neatly separates the code into cipher and PBE sections and is required | |
91 | for some algorithms that split PBES2 into separate pieces (such as | |
92 | password based CMS). | |
18e503f3 DSH |
93 | [Steve Henson] |
94 | ||
b6dcdbfc DSH |
95 | *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where |
96 | return value is ignored. NB. The functions RAND_add(), RAND_seed(), | |
97 | BIO_set_cipher() and some obscure PEM functions were changed so they | |
98 | can now return an error. The RAND changes required a change to the | |
99 | RAND_METHOD structure. | |
100 | [Steve Henson] | |
101 | ||
acf20c7d DSH |
102 | *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of |
103 | a gcc attribute to warn if the result of a function is ignored. This | |
104 | is enable if DEBUG_UNUSED is set. Add to several functions in evp.h | |
105 | whose return value is often ignored. | |
106 | [Steve Henson] | |
3cbb15ee | 107 | |
173350bc | 108 | Changes between 1.0.0a and 1.0.1 [xx XXX xxxx] |
f96ccf36 | 109 | |
04daec86 BM |
110 | *) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for |
111 | elliptic curve NIST-P224 with constant-time single point multiplication on | |
112 | typical inputs. EC_GROUP_new_by_curve_name() will automatically use this | |
113 | (while EC_GROUP_new_curve_GFp() currently won't and prefers the more | |
114 | flexible implementations). | |
115 | ||
116 | The implementation requires support for the nonstandard type __uint128_t, | |
117 | and so is disabled by default. To include this in your build of OpenSSL, | |
118 | use -DEC_NISTP224_64_GCC_128 on the Configure (or config) command line, | |
119 | and run "make depend" (or "make update"). | |
120 |