]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
4d94ae00 BM |
5 | Changes between 0.9.7 and 0.9.8 [xx XXX 2002] |
6 | ||
ea4f109c BM |
7 | *) Change default behaviour of 'openssl asn1parse' so that more |
8 | information is visible when viewing, e.g., a certificate: | |
9 | ||
10 | Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump' | |
11 | mode the content of non-printable OCTET STRINGs is output in a | |
12 | style similar to INTEGERs, but with '[HEX DUMP]' prepended to | |
13 | avoid the appearance of a printable string. | |
14 | [Nils Larsch <nla@trustcenter.de>] | |
15 | ||
254ef80d BM |
16 | *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access |
17 | functions | |
18 | EC_GROUP_set_asn1_flag() | |
19 | EC_GROUP_get_asn1_flag() | |
20 | EC_GROUP_set_point_conversion_form() | |
21 | EC_GROUP_get_point_conversion_form() | |
22 | These control ASN1 encoding details: | |
b8e0e123 BM |
23 | - Curves (i.e., groups) are encoded explicitly unless asn1_flag |
24 | has been set to OPENSSL_EC_NAMED_CURVE. | |
5f3d6f70 | 25 | - Points are encoded in uncompressed form by default; options for |
254ef80d BM |
26 | asn1_for are as for point2oct, namely |
27 | POINT_CONVERSION_COMPRESSED | |
28 | POINT_CONVERSION_UNCOMPRESSED | |
29 | POINT_CONVERSION_HYBRID | |
5f3d6f70 BM |
30 | |
31 | Also add 'seed' and 'seed_len' members to EC_GROUP with access | |
32 | functions | |
33 | EC_GROUP_set_seed() | |
34 | EC_GROUP_get0_seed() | |
35 | EC_GROUP_get_seed_len() | |
36 | This is used only for ASN1 purposes (so far). | |
458c2917 BM |
37 | [Nils Larsch <nla@trustcenter.de>] |
38 | ||
39 | *) Add 'field_type' member to EC_METHOD, which holds the NID | |
40 | of the appropriate field type OID. The new function | |
41 | EC_METHOD_get_field_type() returns this value. | |
42 | [Nils Larsch <nla@trustcenter.de>] | |
43 | ||
6cbe6382 BM |
44 | *) Add functions |
45 | EC_POINT_point2bn() | |
46 | EC_POINT_bn2point() | |
47 | EC_POINT_point2hex() | |
48 | EC_POINT_hex2point() | |
49 | providing useful interfaces to EC_POINT_point2oct() and | |
50 | EC_POINT_oct2point(). | |
51 | [Nils Larsch <nla@trustcenter.de>] | |
52 | ||
b6db386f BM |
53 | *) Change internals of the EC library so that the functions |
54 | EC_GROUP_set_generator() | |
55 | EC_GROUP_get_generator() | |
56 | EC_GROUP_get_order() | |
57 | EC_GROUP_get_cofactor() | |
58 | are implemented directly in crypto/ec/ec_lib.c and not dispatched | |
59 | to methods, which would lead to unnecessary code duplication when | |
60 | adding different types of curves. | |
6cbe6382 | 61 | [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller] |
b6db386f | 62 | |
47234cd3 BM |
63 | *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM |
64 | arithmetic, and such that modified wNAFs are generated | |
65 | (which avoid length expansion in many cases). | |
66 | [Bodo Moeller] | |
67 | ||
82652aaf BM |
68 | *) Add a function EC_GROUP_check_discriminant() (defined via |
69 | EC_METHOD) that verifies that the curve discriminant is non-zero. | |
70 | ||
71 | Add a function EC_GROUP_check() that makes some sanity tests | |
72 | on a EC_GROUP, its generator and order. This includes | |
73 | EC_GROUP_check_discriminant(). | |
74 | [Nils Larsch <nla@trustcenter.de>] | |
75 | ||
4d94ae00 BM |
76 | *) Add ECDSA in new directory crypto/ecdsa/. |
77 | ||
5dbd3efc BM |
78 | Add applications 'openssl ecparam' and 'openssl ecdsa' |
79 | (these are based on 'openssl dsaparam' and 'openssl dsa'). | |
4d94ae00 BM |
80 | |
81 | ECDSA support is also included in various other files across the | |
82 | library. Most notably, | |
83 | - 'openssl req' now has a '-newkey ecdsa:file' option; | |
84 | - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; | |
85 | - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and | |
86 | d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make | |
87 | them suitable for ECDSA where domain parameters must be | |
88 | extracted before the specific public key. | |
f8e21776 | 89 | [Nils Larsch <nla@trustcenter.de>] |
4d94ae00 | 90 | |
af28dd6c BM |
91 | *) Include some named elliptic curves, and add OIDs from X9.62, |
92 | SECG, and WAP/WTLS. The curves can be obtained from the new | |
93 | functions | |
4d94ae00 BM |
94 | EC_GROUP_new_by_nid() |
95 | EC_GROUP_new_by_name() | |
254ef80d BM |
96 | Also add a 'curve_name' member to EC_GROUP objects, which can be |
97 | accessed via | |
4d94ae00 BM |
98 | EC_GROUP_set_nid() |
99 | EC_GROUP_get_nid() | |
100 | [Nils Larsch <nla@trustcenter.de, Bodo Moeller] | |
101 | ||
063a8905 | 102 | Changes between 0.9.6e and 0.9.7 [XX xxx 2002] |
dc014d43 | 103 | |
041843e4 RL |
104 | *) Add appropriate support for separate platform-dependent build |
105 | directories. The recommended way to make a platform-dependent | |
106 | build directory is the following (tested on Linux), maybe with | |
107 | some local tweaks: | |
108 | ||
109 | # Place yourself outside of the OpenSSL source tree. In | |
110 | # this example, the environment variable OPENSSL_SOURCE | |
111 | # is assumed to contain the absolute OpenSSL source directory. | |
112 | mkdir -p objtree/`uname -s`-`uname -r`-`uname -m` | |
113 | cd objtree/`uname -s`-`uname -r`-`uname -m` | |
114 | (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do | |
115 | mkdir -p `dirname $F` | |
116 | ln -s $OPENSSL_SOURCE/$F $F | |
117 | done | |
118 | ||
119 | To be absolutely sure not to disturb the source tree, a "make clean" | |
120 | is a good thing. If it isn't successfull, don't worry about it, | |
121 | it probably means the source directory is very clean. | |
122 | [Richard Levitte] | |
123 | ||
a6c6874a GT |
124 | *) Make sure any ENGINE control commands make local copies of string |
125 | pointers passed to them whenever necessary. Otherwise it is possible | |
126 | the caller may have overwritten (or deallocated) the original string | |
127 | data when a later ENGINE operation tries to use the stored values. | |
128 |