projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 81a6c781 | 1 | |
| f1c236f8 | 2 | OpenSSL CHANGES |
| 651d0aff RE |
3 | _______________ |
| 4 | ||
| 4d94ae00 BM |
5 | Changes between 0.9.7 and 0.9.8 [xx XXX 2002] |
| 6 | ||
| 1dc920c8 BM |
7 | *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. |
| 8 | Polynomials are represented as BIGNUMs (where the sign bit is not | |
| 9 | used) in the following functions [macros]: | |
| 10 | ||
| 11 | BN_GF2m_add | |
| 12 | BN_GF2m_sub [= BN_GF2m_add] | |
| 13 | BN_GF2m_mod [wrapper for BN_GF2m_mod_arr] | |
| 14 | BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr] | |
| 15 | BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr] | |
| 16 | BN_GF2m_mod_inv | |
| 17 | BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr] | |
| 18 | BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr] | |
| 19 | BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr] | |
| 20 | BN_GF2m_cmp [= BN_ucmp] | |
| 21 | ||
| 22 | (Note that only the 'mod' functions are actually for fields GF(2^m). | |
| 23 | BN_GF2m_add() is misnomer, but this is for the sake of consistency.) | |
| 24 | ||
| 25 | For some functions, an the irreducible polynomial defining a | |
| 26 | field can be given as an 'unsigned int[]' with strictly | |
| 27 | decreasing elements giving the indices of those bits that are set; | |
| 28 | i.e., p[] represents the polynomial | |
| 29 | f(t) = t^p[0] + t^p[1] + ... + t^p[k] | |
| 30 | where | |
| 31 | p[0] > p[1] > ... > p[k] = 0. | |
| 32 | This applies to the following functions: | |
| 33 | ||
| 34 | BN_GF2m_mod_arr | |
| 35 | BN_GF2m_mod_mul_arr | |
| 36 | BN_GF2m_mod_sqr_arr | |
| 37 | BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv] | |
| 38 | BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div] | |
| 39 | BN_GF2m_mod_exp_arr | |
| 40 | BN_GF2m_mod_sqrt_arr | |
| 41 | BN_GF2m_mod_solve_quad_arr | |
| 42 | BN_GF2m_poly2arr | |
| 43 | BN_GF2m_arr2poly | |
| 44 | ||
| 45 | Conversion can be performed by the following functions: | |
| 46 | ||
| 47 | BN_GF2m_poly2arr | |
| 48 | BN_GF2m_arr2poly | |
| 49 | ||
| 50 | bntest.c has additional tests for binary polynomial arithmetic. | |
| 51 | ||
| 52 | Two implementations for BN_GF2m_mod_div() are available (selected | |
| 53 | at compile-time). ... | |
| 54 | TBD ... OPENSSL_NO_SUN_DIV ... --Bodo | |
| 55 | ||
| 56 | [Sheueling Chang Shantz and Douglas Stebila | |
| 57 | (Sun Microsystems Laboratories)] | |
| 58 | ||
| 16dc1cfb BM |
59 | *) Add more WAP/WTLS elliptic curve OIDs. |
| 60 | [Douglas Stebila <douglas.stebila@sun.com>] | |
| 61 | ||
| 62 | *) Add new error code 'ERR_R_DISABLED' that can be used when some | |
| 63 | functionality is disabled at compile-time. | |
| 64 | [Douglas Stebila <douglas.stebila@sun.com>] | |
| 65 | ||
| ea4f109c BM |
66 | *) Change default behaviour of 'openssl asn1parse' so that more |
| 67 | information is visible when viewing, e.g., a certificate: | |
| 68 | ||
| 69 | Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump' | |
| 70 | mode the content of non-printable OCTET STRINGs is output in a | |
| 71 | style similar to INTEGERs, but with '[HEX DUMP]' prepended to | |
| 72 | avoid the appearance of a printable string. | |
| 73 | [Nils Larsch <nla@trustcenter.de>] | |
| 74 | ||
| 254ef80d BM |
75 | *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access |
| 76 | functions | |
| 77 | EC_GROUP_set_asn1_flag() | |
| 78 | EC_GROUP_get_asn1_flag() | |
| 79 | EC_GROUP_set_point_conversion_form() | |
| 80 | EC_GROUP_get_point_conversion_form() | |
| 81 | These control ASN1 encoding details: | |
| b8e0e123 BM |
82 | - Curves (i.e., groups) are encoded explicitly unless asn1_flag |
| 83 | has been set to OPENSSL_EC_NAMED_CURVE. | |
| 5f3d6f70 | 84 | - Points are encoded in uncompressed form by default; options for |
| 254ef80d BM |
85 | asn1_for are as for point2oct, namely |
| 86 | POINT_CONVERSION_COMPRESSED | |
| 87 | POINT_CONVERSION_UNCOMPRESSED | |
| 88 | POINT_CONVERSION_HYBRID | |
| 5f3d6f70 BM |
89 | |
| 90 | Also add 'seed' and 'seed_len' members to EC_GROUP with access | |
| 91 | functions | |
| 92 | EC_GROUP_set_seed() | |
| 93 | EC_GROUP_get0_seed() | |
| 94 | EC_GROUP_get_seed_len() | |
| 95 | This is used only for ASN1 purposes (so far). | |
| 458c2917 BM |
96 | [Nils Larsch <nla@trustcenter.de>] |
| 97 | ||
| 98 | *) Add 'field_type' member to EC_METHOD, which holds the NID | |
| 99 | of the appropriate field type OID. The new function | |
| 100 | EC_METHOD_get_field_type() returns this value. | |
| 101 | [Nils Larsch <nla@trustcenter.de>] | |
| 102 | ||
| 6cbe6382 BM |
103 | *) Add functions |
| 104 | EC_POINT_point2bn() | |
| 105 | EC_POINT_bn2point() | |
| 106 | EC_POINT_point2hex() | |
| 107 | EC_POINT_hex2point() | |
| 108 | providing useful interfaces to EC_POINT_point2oct() and | |
| 109 | EC_POINT_oct2point(). | |
| 110 | [Nils Larsch <nla@trustcenter.de>] | |
| 111 | ||
| b6db386f BM |
112 | *) Change internals of the EC library so that the functions |
| 113 | EC_GROUP_set_generator() | |
| 114 | EC_GROUP_get_generator() | |
| 115 | EC_GROUP_get_order() | |
| 116 | EC_GROUP_get_cofactor() | |
| 117 | are implemented directly in crypto/ec/ec_lib.c and not dispatched | |
| 118 | to methods, which would lead to unnecessary code duplication when | |
| 119 | adding different types of curves. | |
| 6cbe6382 | 120 | [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller] |
| b6db386f | 121 | |
| 47234cd3 BM |
122 | *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM |
| 123 | arithmetic, and such that modified wNAFs are generated | |
| 124 | (which avoid length expansion in many cases). | |
| 125 | [Bodo Moeller] | |
| 126 | ||
| 82652aaf BM |
127 | *) Add a function EC_GROUP_check_discriminant() (defined via |
| 128 | EC_METHOD) that verifies that the curve discriminant is non-zero. | |
| 129 | ||
| 130 | Add a function EC_GROUP_check() that makes some sanity tests | |
| 131 | on a EC_GROUP, its generator and order. This includes | |
| 132 | EC_GROUP_check_discriminant(). | |
| 133 | [Nils Larsch <nla@trustcenter.de>] | |
| 134 | ||
| 4d94ae00 BM |
135 | *) Add ECDSA in new directory crypto/ecdsa/. |
| 136 | ||
| 5dbd3efc BM |
137 | Add applications 'openssl ecparam' and 'openssl ecdsa' |
| 138 | (these are based on 'openssl dsaparam' and 'openssl dsa'). | |
| 4d94ae00 BM |
139 | |
| 140 | ECDSA support is also included in various other files across the | |
| 141 | library. Most notably, | |
| 142 | - 'openssl req' now has a '-newkey ecdsa:file' option; | |
| 143 | - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; | |
| 144 | - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and | |
| 145 | d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make | |
| 146 | them suitable for ECDSA where domain parameters must be | |
| 147 | extracted before the specific public key. | |
| f8e21776 | 148 | [Nils Larsch <nla@trustcenter.de>] |
| 4d94ae00 | 149 | |
| af28dd6c BM |
150 | *) Include some named elliptic curves, and add OIDs from X9.62, |
| 151 | SECG, and WAP/WTLS. The curves can be obtained from the new | |
| 152 | functions | |
| 4d94ae00 BM |
153 | EC_GROUP_new_by_nid() |
| 154 | EC_GROUP_new_by_name() | |
| 254ef80d BM |
155 | Also add a 'curve_name' member to EC_GROUP objects, which can be |
| 156 | accessed via | |
| 4d94ae00 BM |
157 | EC_GROUP_set_nid() |
| 158 | EC_GROUP_get_nid() | |
| 159 | [Nils Larsch <nla@trustcenter.de, Bodo Moeller] | |
| 160 | ||
| 063a8905 | 161 | Changes between 0.9.6e and 0.9.7 [XX xxx 2002] |
| dc014d43 | 162 | |
| f013c7f2 RL |
163 | *) Make sure tests can be performed even if the corresponding algorithms |
| 164 | have been removed entirely. This was also the last step to make | |
| 165 | OpenSSL compilable with DJGPP under all reasonable conditions. | |
| 166 | [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>] | |
| 167 | ||
| 648765ba | 168 | *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT |
| c6ccf055 LJ |
169 | to allow version independent disabling of normally unselected ciphers, |
| 170 | which may be activated as a side-effect of selecting a single cipher. | |
| 648765ba BM |
171 | |
| 172 | (E.g., cipher list string "RSA" enables ciphersuites that are left | |
| 173 | out of "ALL" because they do not provide symmetric encryption. | |
| 174 | "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.) | |
| c6ccf055 LJ |
175 | [Lutz Jaenicke, Bodo Moeller] |
| 176 | ||
| 041843e4 RL |
177 | *) Add appropriate support for separate platform-dependent build |
| 178 | directories. The recommended way to make a platform-dependent | |
| 179 | build directory is the following (tested on Linux), maybe with | |
| 180 | some local tweaks: | |
| 181 | ||
| 182 | # Place yourself outside of the OpenSSL source tree. In | |
| 183 | # this example, the environment variable OPENSSL_SOURCE | |
| 184 | # is assumed to contain the absolute OpenSSL source directory. | |
| 185 | mkdir -p objtree/`uname -s`-`uname -r`-`uname -m` | |
| 186 | cd objtree/`uname -s`-`uname -r`-`uname -m` | |
| 187 | (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do | |
| 188 | mkdir -p `dirname $F` | |
| 189 | ln -s $OPENSSL_SOURCE/$F $F | |
| 190 | done | |
| 191 | ||
| 192 | To be absolutely sure not to disturb the source tree, a "make clean" | |
| 193 | is a good thing. If it isn't successfull, don't worry about it, | |
| 194 | it probably means the source directory is very clean. | |
| 195 | [Richard Levitte] | |
| 196 | ||
| a6c6874a GT |
197 | *) Make sure any ENGINE control commands make local copies of string |
| 198 | pointers passed to them whenever necessary. Otherwise it is possible | |
| 199 | the caller may have overwritten (or deallocated) the original string | |
| 200 | data when a later ENGINE operation tries to use the stored values. | |
| 201 |