[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.7 and 0.9.8  [xx XXX 2002]

  *) Change default behaviour of 'openssl asn1parse' so that more
     information is visible when viewing, e.g., a certificate:

     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
     mode the content of non-printable OCTET STRINGs is output in a
     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
     avoid the appearance of a printable string.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
     functions
          EC_GROUP_set_asn1_flag()
          EC_GROUP_get_asn1_flag()
          EC_GROUP_set_point_conversion_form()
          EC_GROUP_get_point_conversion_form()
     These control ASN1 encoding details:
     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
       has been set to OPENSSL_EC_NAMED_CURVE.
     - Points are encoded in uncompressed form by default; options for
       asn1_for are as for point2oct, namely
          POINT_CONVERSION_COMPRESSED
          POINT_CONVERSION_UNCOMPRESSED
          POINT_CONVERSION_HYBRID

     Also add 'seed' and 'seed_len' members to EC_GROUP with access
     functions
          EC_GROUP_set_seed()
          EC_GROUP_get0_seed()
          EC_GROUP_get_seed_len()
     This is used only for ASN1 purposes (so far).
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'field_type' member to EC_METHOD, which holds the NID
     of the appropriate field type OID.  The new function
     EC_METHOD_get_field_type() returns this value.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add functions 
          EC_POINT_point2bn()
          EC_POINT_bn2point()
          EC_POINT_point2hex()
          EC_POINT_hex2point()
     providing useful interfaces to EC_POINT_point2oct() and
     EC_POINT_oct2point().
     [Nils Larsch <nla@trustcenter.de>]

  *) Change internals of the EC library so that the functions
          EC_GROUP_set_generator()
          EC_GROUP_get_generator()
          EC_GROUP_get_order()
          EC_GROUP_get_cofactor()
     are implemented directly in crypto/ec/ec_lib.c and not dispatched
     to methods, which would lead to unnecessary code duplication when
     adding different types of curves.
     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]

  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
     arithmetic, and such that modified wNAFs are generated
     (which avoid length expansion in many cases).
     [Bodo Moeller]

  *) Add a function EC_GROUP_check_discriminant() (defined via
     EC_METHOD) that verifies that the curve discriminant is non-zero.

     Add a function EC_GROUP_check() that makes some sanity tests
     on a EC_GROUP, its generator and order.  This includes
     EC_GROUP_check_discriminant().
     [Nils Larsch <nla@trustcenter.de>]

  *) Add ECDSA in new directory crypto/ecdsa/.

     Add applications 'openssl ecparam' and 'openssl ecdsa'
     (these are based on 'openssl dsaparam' and 'openssl dsa').

     ECDSA support is also included in various other files across the
     library.  Most notably,
     - 'openssl req' now has a '-newkey ecdsa:file' option;
     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
       them suitable for ECDSA where domain parameters must be
       extracted before the specific public key.
     [Nils Larsch <nla@trustcenter.de>]

  *) Include some named elliptic curves, and add OIDs from X9.62,
     SECG, and WAP/WTLS.  The curves can be obtained from the new
     functions
          EC_GROUP_new_by_nid()
          EC_GROUP_new_by_name()
     Also add a 'curve_name' member to EC_GROUP objects, which can be
     accessed via
         EC_GROUP_set_nid()
         EC_GROUP_get_nid()
     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
 
 Changes between 0.9.6e and 0.9.7  [XX xxx 2002]

  *) Add appropriate support for separate platform-dependent build
     directories.  The recommended way to make a platform-dependent
     build directory is the following (tested on Linux), maybe with
     some local tweaks:

	# Place yourself outside of the OpenSSL source tree.  In
	# this example, the environment variable OPENSSL_SOURCE
	# is assumed to contain the absolute OpenSSL source directory.
	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	cd objtree/`uname -s`-`uname -r`-`uname -m`
	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
		mkdir -p `dirname $F`
		ln -s $OPENSSL_SOURCE/$F $F
	done

     To be absolutely sure not to disturb the source tree, a "make clean"
     is a good thing.  If it isn't successfull, don't worry about it,
     it probably means the source directory is very clean.
     [Richard Levitte]

  *) Make sure any ENGINE control commands make local copies of string
     pointers passed to them whenever necessary. Otherwise it is possible
     the caller may have overwritten (or deallocated) the original string
     data when a later ENGINE operation tries to use the stored values.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
4d94ae00 BM	5	Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
4d94ae00 BM	6
ea4f109c BM	7	*) Change default behaviour of 'openssl asn1parse' so that more
	8	information is visible when viewing, e.g., a certificate:
	9
	10	Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
	11	mode the content of non-printable OCTET STRINGs is output in a
	12	style similar to INTEGERs, but with '[HEX DUMP]' prepended to
	13	avoid the appearance of a printable string.
	14	[Nils Larsch <nla@trustcenter.de>]
	15
254ef80d BM	16	*) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
	17	functions
	18	EC_GROUP_set_asn1_flag()
	19	EC_GROUP_get_asn1_flag()
	20	EC_GROUP_set_point_conversion_form()
	21	EC_GROUP_get_point_conversion_form()
	22	These control ASN1 encoding details:
b8e0e123 BM	23	- Curves (i.e., groups) are encoded explicitly unless asn1_flag
b8e0e123 BM	24	has been set to OPENSSL_EC_NAMED_CURVE.
5f3d6f70	25	- Points are encoded in uncompressed form by default; options for
254ef80d BM	26	asn1_for are as for point2oct, namely
	27	POINT_CONVERSION_COMPRESSED
	28	POINT_CONVERSION_UNCOMPRESSED
	29	POINT_CONVERSION_HYBRID
5f3d6f70 BM	30
	31	Also add 'seed' and 'seed_len' members to EC_GROUP with access
	32	functions
	33	EC_GROUP_set_seed()
	34	EC_GROUP_get0_seed()
	35	EC_GROUP_get_seed_len()
	36	This is used only for ASN1 purposes (so far).
458c2917 BM	37	[Nils Larsch <nla@trustcenter.de>]
	38
	39	*) Add 'field_type' member to EC_METHOD, which holds the NID
	40	of the appropriate field type OID. The new function
	41	EC_METHOD_get_field_type() returns this value.
	42	[Nils Larsch <nla@trustcenter.de>]
	43
6cbe6382 BM	44	*) Add functions
	45	EC_POINT_point2bn()
	46	EC_POINT_bn2point()
	47	EC_POINT_point2hex()
	48	EC_POINT_hex2point()
	49	providing useful interfaces to EC_POINT_point2oct() and
	50	EC_POINT_oct2point().
	51	[Nils Larsch <nla@trustcenter.de>]
	52
b6db386f BM	53	*) Change internals of the EC library so that the functions
	54	EC_GROUP_set_generator()
	55	EC_GROUP_get_generator()
	56	EC_GROUP_get_order()
	57	EC_GROUP_get_cofactor()
	58	are implemented directly in crypto/ec/ec_lib.c and not dispatched
	59	to methods, which would lead to unnecessary code duplication when
	60	adding different types of curves.
6cbe6382	61	[Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
b6db386f	62
47234cd3 BM	63	*) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
	64	arithmetic, and such that modified wNAFs are generated
	65	(which avoid length expansion in many cases).
	66	[Bodo Moeller]
	67
82652aaf BM	68	*) Add a function EC_GROUP_check_discriminant() (defined via
	69	EC_METHOD) that verifies that the curve discriminant is non-zero.
	70
	71	Add a function EC_GROUP_check() that makes some sanity tests
	72	on a EC_GROUP, its generator and order. This includes
	73	EC_GROUP_check_discriminant().
	74	[Nils Larsch <nla@trustcenter.de>]
	75
4d94ae00 BM	76	*) Add ECDSA in new directory crypto/ecdsa/.
4d94ae00 BM	77
5dbd3efc BM	78	Add applications 'openssl ecparam' and 'openssl ecdsa'
5dbd3efc BM	79	(these are based on 'openssl dsaparam' and 'openssl dsa').
4d94ae00 BM	80
	81	ECDSA support is also included in various other files across the
	82	library. Most notably,
	83	- 'openssl req' now has a '-newkey ecdsa:file' option;
	84	- EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
	85	- X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
	86	d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
	87	them suitable for ECDSA where domain parameters must be
	88	extracted before the specific public key.
f8e21776	89	[Nils Larsch <nla@trustcenter.de>]
4d94ae00	90
af28dd6c BM	91	*) Include some named elliptic curves, and add OIDs from X9.62,
	92	SECG, and WAP/WTLS. The curves can be obtained from the new
	93	functions
4d94ae00 BM	94	EC_GROUP_new_by_nid()
4d94ae00 BM	95	EC_GROUP_new_by_name()
254ef80d BM	96	Also add a 'curve_name' member to EC_GROUP objects, which can be
254ef80d BM	97	accessed via
4d94ae00 BM	98	EC_GROUP_set_nid()
	99	EC_GROUP_get_nid()
	100	[Nils Larsch <nla@trustcenter.de, Bodo Moeller]
	101
063a8905	102	Changes between 0.9.6e and 0.9.7 [XX xxx 2002]
dc014d43	103
041843e4 RL	104	*) Add appropriate support for separate platform-dependent build
	105	directories. The recommended way to make a platform-dependent
	106	build directory is the following (tested on Linux), maybe with
	107	some local tweaks:
	108
	109	# Place yourself outside of the OpenSSL source tree. In
	110	# this example, the environment variable OPENSSL_SOURCE
	111	# is assumed to contain the absolute OpenSSL source directory.
	112	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	113	cd objtree/`uname -s`-`uname -r`-`uname -m`
	114	(cd $OPENSSL_SOURCE; find . -type f -o -type l) \| while read F; do
	115	mkdir -p `dirname $F`
	116	ln -s $OPENSSL_SOURCE/$F $F
	117	done
	118
	119	To be absolutely sure not to disturb the source tree, a "make clean"
	120	is a good thing. If it isn't successfull, don't worry about it,
	121	it probably means the source directory is very clean.
	122	[Richard Levitte]
	123
a6c6874a GT	124	*) Make sure any ENGINE control commands make local copies of string
	125	pointers passed to them whenever necessary. Otherwise it is possible
	126	the caller may have overwritten (or deallocated) the original string
	127	data when a later ENGINE operation tries to use the stored values.
	128