[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.7 and 0.9.8  [xx XXX 2002]

  *) Add Makefile.shared, a helper makefile to build shared
     libraries.  Addapt Makefile.org.
     [Richard Levitte]

  *) Add version info to Win32 DLLs.
     [Peter 'Luna' Runestig" <peter@runestig.com>]

  *) Add new 'medium level' PKCS#12 API. Certificates and keys
     can be added using this API to created arbitrary PKCS#12
     files while avoiding the low level API.

     New options to PKCS12_create(), key or cert can be NULL and
     will then be omitted from the output file. The encryption
     algorithm NIDs can be set to -1 for no encryption, the mac
     iteration count can be set to 0 to omit the mac.

     Enhance pkcs12 utility by making the -nokeys and -nocerts
     options work when creating a PKCS#12 file. New option -nomac
     to omit the mac, NONE can be set for an encryption algorithm.
     New code is modified to use the enhanced PKCS12_create()
     instead of the low level API.
     [Steve Henson]

  *) Extend ASN1 encoder to support indefinite length constructed
     encoding. This can output sequences tags and octet strings in
     this form. Modify pk7_asn1.c to support indefinite length
     encoding. This is experimental and needs additional code to
     be useful, such as an ASN1 bio and some enhanced streaming
     PKCS#7 code.

     Extend template encode functionality so that tagging is passed
     down to the template encoder.
     [Steve Henson]

  *) Let 'openssl req' fail if an argument to '-newkey' is not
     recognized instead of using RSA as a default.
     [Bodo Moeller]

  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
     As these are not official, they are not included in "ALL";
     the "ECCdraft" ciphersuite group alias can be used to select them.
     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]

  *) Add ECDH engine support.
     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]

  *) Add ECDH in new directory crypto/ecdh/.
TODO: more general interface (return  x  coordinate, not its hash)
TODO: bug: pad  x  with leading zeros if necessary
     [Douglas Stebila (Sun Microsystems Laboratories)]

  *) Let BN_rand_range() abort with an error after 100 iterations
     without success (which indicates a broken PRNG).
     [Bodo Moeller]

  *) Change BN_mod_sqrt() so that it verifies that the input value
     is really the square of the return value.  (Previously,
     BN_mod_sqrt would show GIGO behaviour.)
     [Bodo Moeller]

  *) Add named elliptic curves over binary fields from X9.62, SECG,
     and WAP/WTLS; add OIDs that were still missing.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Extend the EC library for elliptic curves over binary fields
     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
     New EC_METHOD:

          EC_GF2m_simple_method

     New API functions:

          EC_GROUP_new_curve_GF2m
          EC_GROUP_set_curve_GF2m
          EC_GROUP_get_curve_GF2m
          EC_POINT_set_affine_coordinates_GF2m
          EC_POINT_get_affine_coordinates_GF2m
          EC_POINT_set_compressed_coordinates_GF2m

     Point compression for binary fields is disabled by default for
     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
     enable it).

     As binary polynomials are represented as BIGNUMs, various members
     of the EC_GROUP and EC_POINT data structures can be shared
     between the implementations for prime fields and binary fields;
     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
     are essentially identical to their ..._GFp counterparts.
     (For simplicity, the '..._GFp' prefix has been dropped from
     various internal method names.)

     An internal 'field_div' method (similar to 'field_mul' and
     'field_sqr') has been added; this is used only for binary fields.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
     through methods ('mul', 'precompute_mult').

     The generic implementations (now internally called 'ec_wNAF_mul'
     and 'ec_wNAF_precomputed_mult') remain the default if these
     methods are undefined.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) New function EC_GROUP_get_degree, which is defined through
     EC_METHOD.  For curves over prime fields, this returns the bit
     length of the modulus.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) New functions EC_GROUP_dup, EC_POINT_dup.
     (These simply call ..._new  and ..._copy).

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
     Polynomials are represented as BIGNUMs (where the sign bit is not
     used) in the following functions [macros]:  

          BN_GF2m_add
          BN_GF2m_sub             [= BN_GF2m_add]
          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
          BN_GF2m_mod_inv
          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
          BN_GF2m_cmp             [= BN_ucmp]

     (Note that only the 'mod' functions are actually for fields GF(2^m).
     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)

     For some functions, an the irreducible polynomial defining a
     field can be given as an 'unsigned int[]' with strictly
     decreasing elements giving the indices of those bits that are set;
     i.e., p[] represents the polynomial
          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
     where
          p[0] > p[1] > ... > p[k] = 0.
     This applies to the following functions:

          BN_GF2m_mod_arr
          BN_GF2m_mod_mul_arr
          BN_GF2m_mod_sqr_arr
          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
          BN_GF2m_mod_exp_arr
          BN_GF2m_mod_sqrt_arr
          BN_GF2m_mod_solve_quad_arr
          BN_GF2m_poly2arr
          BN_GF2m_arr2poly

     Conversion can be performed by the following functions:

          BN_GF2m_poly2arr
          BN_GF2m_arr2poly

     bntest.c has additional tests for binary polynomial arithmetic.

     Two implementations for BN_GF2m_mod_div() are available.
     The default algorithm simply uses BN_GF2m_mod_inv() and
     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
     copyright notice in crypto/bn/bn_gf2m.c before enabling it).

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Add new error code 'ERR_R_DISABLED' that can be used when some
     functionality is disabled at compile-time.
     [Douglas Stebila <douglas.stebila@sun.com>]

  *) Change default behaviour of 'openssl asn1parse' so that more
     information is visible when viewing, e.g., a certificate:

     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
     mode the content of non-printable OCTET STRINGs is output in a
     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
     avoid the appearance of a printable string.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
     functions
          EC_GROUP_set_asn1_flag()
          EC_GROUP_get_asn1_flag()
          EC_GROUP_set_point_conversion_form()
          EC_GROUP_get_point_conversion_form()
     These control ASN1 encoding details:
     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
       has been set to OPENSSL_EC_NAMED_CURVE.
     - Points are encoded in uncompressed form by default; options for
       asn1_for are as for point2oct, namely
          POINT_CONVERSION_COMPRESSED
          POINT_CONVERSION_UNCOMPRESSED
          POINT_CONVERSION_HYBRID

     Also add 'seed' and 'seed_len' members to EC_GROUP with access
     functions
          EC_GROUP_set_seed()
          EC_GROUP_get0_seed()
          EC_GROUP_get_seed_len()
     This is used only for ASN1 purposes (so far).
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'field_type' member to EC_METHOD, which holds the NID
     of the appropriate field type OID.  The new function
     EC_METHOD_get_field_type() returns this value.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add functions 
          EC_POINT_point2bn()
          EC_POINT_bn2point()
          EC_POINT_point2hex()
          EC_POINT_hex2point()
     providing useful interfaces to EC_POINT_point2oct() and
     EC_POINT_oct2point().
     [Nils Larsch <nla@trustcenter.de>]

  *) Change internals of the EC library so that the functions
          EC_GROUP_set_generator()
          EC_GROUP_get_generator()
          EC_GROUP_get_order()
          EC_GROUP_get_cofactor()
     are implemented directly in crypto/ec/ec_lib.c and not dispatched
     to methods, which would lead to unnecessary code duplication when
     adding different types of curves.
     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]

  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
     arithmetic, and such that modified wNAFs are generated
     (which avoid length expansion in many cases).
     [Bodo Moeller]

  *) Add a function EC_GROUP_check_discriminant() (defined via
     EC_METHOD) that verifies that the curve discriminant is non-zero.

     Add a function EC_GROUP_check() that makes some sanity tests
     on a EC_GROUP, its generator and order.  This includes
     EC_GROUP_check_discriminant().
     [Nils Larsch <nla@trustcenter.de>]

  *) Add ECDSA in new directory crypto/ecdsa/.

     Add applications 'openssl ecparam' and 'openssl ecdsa'
     (these are based on 'openssl dsaparam' and 'openssl dsa').

     ECDSA support is also included in various other files across the
     library.  Most notably,
     - 'openssl req' now has a '-newkey ecdsa:file' option;
     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
       them suitable for ECDSA where domain parameters must be
       extracted before the specific public key;
     - ECDSA engine support has been added.
     [Nils Larsch <nla@trustcenter.de>]

  *) Include some named elliptic curves, and add OIDs from X9.62,
     SECG, and WAP/WTLS.  Each curve can be obtained from the new
     function
          EC_GROUP_new_by_nid(),
     and the list of available named curves can be obtained with
          EC_get_builtin_curves().
     Also add a 'curve_name' member to EC_GROUP objects, which can be
     accessed via
         EC_GROUP_set_nid()
         EC_GROUP_get_nid()
     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
 
 Changes between 0.9.6g and 0.9.7  [XX xxx 2002]

  *) Change the SSL kerb5 codes to match RFC 2712.
     [Richard Levitte]

  *) Make -nameopt work fully for req and add -reqopt switch.
     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]

  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]

  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
     [Steve Henson]

  *) Make sure tests can be performed even if the corresponding algorithms
     have been removed entirely.  This was also the last step to make
     OpenSSL compilable with DJGPP under all reasonable conditions.
     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]

  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
     to allow version independent disabling of normally unselected ciphers,
     which may be activated as a side-effect of selecting a single cipher.

     (E.g., cipher list string "RSA" enables ciphersuites that are left
     out of "ALL" because they do not provide symmetric encryption.
     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
     [Lutz Jaenicke, Bodo Moeller]

  *) Add appropriate support for separate platform-dependent build
     directories.  The recommended way to make a platform-dependent
     build directory is the following (tested on Linux), maybe with
     some local tweaks:

	# Place yourself outside of the OpenSSL source tree.  In
	# this example, the environment variable OPENSSL_SOURCE
	# is assumed to contain the absolute OpenSSL source directory.
	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	cd objtree/`uname -s`-`uname -r`-`uname -m`
	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
		mkdir -p `dirname $F`
		ln -s $OPENSSL_SOURCE/$F $F
	done

     To be absolutely sure not to disturb the source tree, a "make clean"
     is a good thing.  If it isn't successfull, don't worry about it,
     it probably means the source directory is very clean.
     [Richard Levitte]

  *) Make sure any ENGINE control commands make local copies of string
     pointers passed to them whenever necessary. Otherwise it is possible
     the caller may have overwritten (or deallocated) the original string
     data when a later ENGINE operation tries to use the stored values.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
4d94ae00 BM	5	Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
4d94ae00 BM	6
30afcc07 RL	7	*) Add Makefile.shared, a helper makefile to build shared
	8	libraries. Addapt Makefile.org.
	9	[Richard Levitte]
	10
fc6a6a10 DSH	11	*) Add version info to Win32 DLLs.
	12	[Peter 'Luna' Runestig" <peter@runestig.com>]
	13
9a48b07e DSH	14	*) Add new 'medium level' PKCS#12 API. Certificates and keys
	15	can be added using this API to created arbitrary PKCS#12
	16	files while avoiding the low level API.
	17
	18	New options to PKCS12_create(), key or cert can be NULL and
	19	will then be omitted from the output file. The encryption
	20	algorithm NIDs can be set to -1 for no encryption, the mac
	21	iteration count can be set to 0 to omit the mac.
	22
	23	Enhance pkcs12 utility by making the -nokeys and -nocerts
	24	options work when creating a PKCS#12 file. New option -nomac
	25	to omit the mac, NONE can be set for an encryption algorithm.
	26	New code is modified to use the enhanced PKCS12_create()
	27	instead of the low level API.
	28	[Steve Henson]
	29
230fd6b7 DSH	30	*) Extend ASN1 encoder to support indefinite length constructed
	31	encoding. This can output sequences tags and octet strings in
	32	this form. Modify pk7_asn1.c to support indefinite length
	33	encoding. This is experimental and needs additional code to
	34	be useful, such as an ASN1 bio and some enhanced streaming
	35	PKCS#7 code.
	36
	37	Extend template encode functionality so that tagging is passed
	38	down to the template encoder.
	39	[Steve Henson]
	40
9226e218 BM	41	*) Let 'openssl req' fail if an argument to '-newkey' is not
	42	recognized instead of using RSA as a default.
	43	[Bodo Moeller]
	44
ea262260 BM	45	*) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
	46	As these are not official, they are not included in "ALL";
	47	the "ECCdraft" ciphersuite group alias can be used to select them.
	48	[Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
	49
e172d60d BM	50	*) Add ECDH engine support.
	51	[Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
	52
	53	*) Add ECDH in new directory crypto/ecdh/.
49a0f778 BM	54	TODO: more general interface (return x coordinate, not its hash)
49a0f778 BM	55	TODO: bug: pad x with leading zeros if necessary
e172d60d BM	56	[Douglas Stebila (Sun Microsystems Laboratories)]
e172d60d BM	57
95ecacf8 BM	58	*) Let BN_rand_range() abort with an error after 100 iterations
	59	without success (which indicates a broken PRNG).
	60	[Bodo Moeller]
	61
6fb60a84 BM	62	*) Change BN_mod_sqrt() so that it verifies that the input value
	63	is really the square of the return value. (Previously,
	64	BN_mod_sqrt would show GIGO behaviour.)
	65	[Bodo Moeller]
	66
7793f30e BM	67	*) Add named elliptic curves over binary fields from X9.62, SECG,
	68	and WAP/WTLS; add OIDs that were still missing.
	69
	70	[Sheueling Chang Shantz and Douglas Stebila
	71	(Sun Microsystems Laboratories)]
	72
	73	*) Extend the EC library for elliptic curves over binary fields
	74	(new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
	75	New EC_METHOD:
	76
	77	EC_GF2m_simple_method
	78
	79	New API functions:
	80
	81	EC_GROUP_new_curve_GF2m
	82	EC_GROUP_set_curve_GF2m
	83	EC_GROUP_get_curve_GF2m
7793f30e BM	84	EC_POINT_set_affine_coordinates_GF2m
	85	EC_POINT_get_affine_coordinates_GF2m
	86	EC_POINT_set_compressed_coordinates_GF2m
	87
	88	Point compression for binary fields is disabled by default for
	89	patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
	90	enable it).
	91
	92	As binary polynomials are represented as BIGNUMs, various members
	93	of the EC_GROUP and EC_POINT data structures can be shared
	94	between the implementations for prime fields and binary fields;
	95	the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
	96	are essentially identical to their ..._GFp counterparts.
9e4f9b36 BM	97	(For simplicity, the '..._GFp' prefix has been dropped from
9e4f9b36 BM	98	various internal method names.)
7793f30e BM	99
	100	An internal 'field_div' method (similar to 'field_mul' and
	101	'field_sqr') has been added; this is used only for binary fields.
	102
	103	[Sheueling Chang Shantz and Douglas Stebila
	104	(Sun Microsystems Laboratories)]
	105
9e4f9b36	106	*) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
7793f30e BM	107	through methods ('mul', 'precompute_mult').
	108
	109	The generic implementations (now internally called 'ec_wNAF_mul'
	110	and 'ec_wNAF_precomputed_mult') remain the default if these
	111	methods are undefined.
	112
	113	[Sheueling Chang Shantz and Douglas Stebila
	114	(Sun Microsystems Laboratories)]
	115
	116	*) New function EC_GROUP_get_degree, which is defined through
	117	EC_METHOD. For curves over prime fields, this returns the bit
	118	length of the modulus.
	119
	120	[Sheueling Chang Shantz and Douglas Stebila
	121	(Sun Microsystems Laboratories)]
	122
	123	*) New functions EC_GROUP_dup, EC_POINT_dup.
	124	(These simply call ..._new and ..._copy).
	125
	126	[Sheueling Chang Shantz and Douglas Stebila
	127	(Sun Microsystems Laboratories)]
	128
1dc920c8 BM	129	*) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
	130	Polynomials are represented as BIGNUMs (where the sign bit is not
	131	used) in the following functions [macros]:
	132
	133	BN_GF2m_add
	134	BN_GF2m_sub [= BN_GF2m_add]
	135	BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
	136	BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
	137	BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
	138	BN_GF2m_mod_inv
	139	BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
	140	BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
	141	BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
	142	BN_GF2m_cmp [= BN_ucmp]
	143
	144	(Note that only the 'mod' functions are actually for fields GF(2^m).
	145	BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
	146
	147	For some functions, an the irreducible polynomial defining a
	148	field can be given as an 'unsigned int[]' with strictly
	149	decreasing elements giving the indices of those bits that are set;
	150	i.e., p[] represents the polynomial
	151	f(t) = t^p[0] + t^p[1] + ... + t^p[k]
	152	where
	153	p[0] > p[1] > ... > p[k] = 0.
	154	This applies to the following functions:
	155
	156	BN_GF2m_mod_arr
	157	BN_GF2m_mod_mul_arr
	158	BN_GF2m_mod_sqr_arr
	159	BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
	160	BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
	161	BN_GF2m_mod_exp_arr
	162	BN_GF2m_mod_sqrt_arr
	163	BN_GF2m_mod_solve_quad_arr
	164	BN_GF2m_poly2arr
	165	BN_GF2m_arr2poly
	166
	167	Conversion can be performed by the following functions:
	168
	169	BN_GF2m_poly2arr
	170	BN_GF2m_arr2poly
	171
	172	bntest.c has additional tests for binary polynomial arithmetic.
	173
909abce8 BM	174	Two implementations for BN_GF2m_mod_div() are available.
	175	The default algorithm simply uses BN_GF2m_mod_inv() and
	176	BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
	177	if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
	178	copyright notice in crypto/bn/bn_gf2m.c before enabling it).
1dc920c8 BM	179
	180	[Sheueling Chang Shantz and Douglas Stebila
	181	(Sun Microsystems Laboratories)]
	182
16dc1cfb BM	183	*) Add new error code 'ERR_R_DISABLED' that can be used when some
	184	functionality is disabled at compile-time.
	185	[Douglas Stebila <douglas.stebila@sun.com>]
	186
ea4f109c BM	187	*) Change default behaviour of 'openssl asn1parse' so that more
	188	information is visible when viewing, e.g., a certificate:
	189
	190	Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
	191	mode the content of non-printable OCTET STRINGs is output in a
	192	style similar to INTEGERs, but with '[HEX DUMP]' prepended to
	193	avoid the appearance of a printable string.
	194	[Nils Larsch <nla@trustcenter.de>]
	195
254ef80d BM	196	*) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
	197	functions
	198	EC_GROUP_set_asn1_flag()
	199	EC_GROUP_get_asn1_flag()
	200	EC_GROUP_set_point_conversion_form()
	201	EC_GROUP_get_point_conversion_form()
	202	These control ASN1 encoding details:
b8e0e123 BM	203	- Curves (i.e., groups) are encoded explicitly unless asn1_flag
b8e0e123 BM	204	has been set to OPENSSL_EC_NAMED_CURVE.
5f3d6f70	205	- Points are encoded in uncompressed form by default; options for
254ef80d BM	206	asn1_for are as for point2oct, namely
	207	POINT_CONVERSION_COMPRESSED
	208	POINT_CONVERSION_UNCOMPRESSED
	209	POINT_CONVERSION_HYBRID
5f3d6f70 BM	210
	211	Also add 'seed' and 'seed_len' members to EC_GROUP with access
	212	functions
	213	EC_GROUP_set_seed()
	214	EC_GROUP_get0_seed()
	215	EC_GROUP_get_seed_len()
	216	This is used only for ASN1 purposes (so far).
458c2917 BM	217	[Nils Larsch <nla@trustcenter.de>]
	218
	219	*) Add 'field_type' member to EC_METHOD, which holds the NID
	220	of the appropriate field type OID. The new function
	221	EC_METHOD_get_field_type() returns this value.
	222	[Nils Larsch <nla@trustcenter.de>]
	223
6cbe6382 BM	224	*) Add functions
	225	EC_POINT_point2bn()
	226	EC_POINT_bn2point()
	227	EC_POINT_point2hex()
	228	EC_POINT_hex2point()
	229	providing useful interfaces to EC_POINT_point2oct() and
	230	EC_POINT_oct2point().
	231	[Nils Larsch <nla@trustcenter.de>]
	232
b6db386f BM	233	*) Change internals of the EC library so that the functions
	234	EC_GROUP_set_generator()
	235	EC_GROUP_get_generator()
	236	EC_GROUP_get_order()
	237	EC_GROUP_get_cofactor()
	238	are implemented directly in crypto/ec/ec_lib.c and not dispatched
	239	to methods, which would lead to unnecessary code duplication when
	240	adding different types of curves.
6cbe6382	241	[Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
b6db386f	242
47234cd3 BM	243	*) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
	244	arithmetic, and such that modified wNAFs are generated
	245	(which avoid length expansion in many cases).
	246	[Bodo Moeller]
	247
82652aaf BM	248	*) Add a function EC_GROUP_check_discriminant() (defined via
	249	EC_METHOD) that verifies that the curve discriminant is non-zero.
	250
	251	Add a function EC_GROUP_check() that makes some sanity tests
	252	on a EC_GROUP, its generator and order. This includes
	253	EC_GROUP_check_discriminant().
	254	[Nils Larsch <nla@trustcenter.de>]
	255
4d94ae00 BM	256	*) Add ECDSA in new directory crypto/ecdsa/.
4d94ae00 BM	257
5dbd3efc BM	258	Add applications 'openssl ecparam' and 'openssl ecdsa'
5dbd3efc BM	259	(these are based on 'openssl dsaparam' and 'openssl dsa').
4d94ae00 BM	260
	261	ECDSA support is also included in various other files across the
	262	library. Most notably,
	263	- 'openssl req' now has a '-newkey ecdsa:file' option;
	264	- EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
	265	- X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
	266	d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
	267	them suitable for ECDSA where domain parameters must be
e172d60d BM	268	extracted before the specific public key;
e172d60d BM	269	- ECDSA engine support has been added.
f8e21776	270	[Nils Larsch <nla@trustcenter.de>]
4d94ae00	271
af28dd6c	272	*) Include some named elliptic curves, and add OIDs from X9.62,
ed5e37c3	273	SECG, and WAP/WTLS. Each curve can be obtained from the new
7eb18f12	274	function
ed5e37c3 BM	275	EC_GROUP_new_by_nid(),
	276	and the list of available named curves can be obtained with
	277	EC_get_builtin_curves().
254ef80d BM	278	Also add a 'curve_name' member to EC_GROUP objects, which can be
254ef80d BM	279	accessed via
4d94ae00 BM	280	EC_GROUP_set_nid()
	281	EC_GROUP_get_nid()
	282	[Nils Larsch <nla@trustcenter.de, Bodo Moeller]
	283
fbe792f0	284	Changes between 0.9.6g and 0.9.7 [XX xxx 2002]
dc014d43	285
7ba3a4c3 RL	286	*) Change the SSL kerb5 codes to match RFC 2712.
	287	[Richard Levitte]
	288
ba111217 BM	289	*) Make -nameopt work fully for req and add -reqopt switch.
	290	[Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
	291
3f6db7f5 DSH	292	*) The "block size" for block ciphers in CFB and OFB mode should be 1.
	293	[Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
	294
	295	*) The "block size" for block ciphers in CFB and OFB mode should be 1.
	296	[Steve Henson]
	297
f013c7f2 RL	298	*) Make sure tests can be performed even if the corresponding algorithms
	299	have been removed entirely. This was also the last step to make
	300	OpenSSL compilable with DJGPP under all reasonable conditions.
	301	[Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
	302
648765ba	303	*) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
c6ccf055 LJ	304	to allow version independent disabling of normally unselected ciphers,
c6ccf055 LJ	305	which may be activated as a side-effect of selecting a single cipher.
648765ba BM	306
	307	(E.g., cipher list string "RSA" enables ciphersuites that are left
	308	out of "ALL" because they do not provide symmetric encryption.
	309	"RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
c6ccf055 LJ	310	[Lutz Jaenicke, Bodo Moeller]
c6ccf055 LJ	311
041843e4 RL	312	*) Add appropriate support for separate platform-dependent build
	313	directories. The recommended way to make a platform-dependent
	314	build directory is the following (tested on Linux), maybe with
	315	some local tweaks:
	316
	317	# Place yourself outside of the OpenSSL source tree. In
	318	# this example, the environment variable OPENSSL_SOURCE
	319	# is assumed to contain the absolute OpenSSL source directory.
	320	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	321	cd objtree/`uname -s`-`uname -r`-`uname -m`
	322	(cd $OPENSSL_SOURCE; find . -type f -o -type l) \| while read F; do
	323	mkdir -p `dirname $F`
	324	ln -s $OPENSSL_SOURCE/$F $F
	325	done
	326
	327	To be absolutely sure not to disturb the source tree, a "make clean"
	328	is a good thing. If it isn't successfull, don't worry about it,
	329	it probably means the source directory is very clean.
	330	[Richard Levitte]
	331
a6c6874a GT	332	*) Make sure any ENGINE control commands make local copies of string
	333	pointers passed to them whenever necessary. Otherwise it is possible
	334	the caller may have overwritten (or deallocated) the original string
	335	data when a later ENGINE operation tries to use the stored values.
	336