[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________


 Changes between 0.9.3a and 0.9.4

  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
     ciphers. NOTE: although the key derivation function has been verified
     against some published test vectors it has not been extensively tested
     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
     of v2.0.
     [Steve Henson]

  *) Instead of "mkdir -p", which is not fully portable, use new
     Perl script "util/mkdir-p.pl".

  *) Rewrite the way password based encryption (PBE) is handled. It used to
     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
     the 'parameter' field of the AlgorithmIdentifier is passed to the
     underlying key generation function so it must do its own ASN1 parsing.
     This has also changed the EVP_PBE_CipherInit() function which now has a
     'parameter' argument instead of literal salt and iteration count values
     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
     [Steve Henson]

  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
     KEY" because this clashed with PKCS#8 unencrypted string. Since this
     value was just used as a "magic string" and not used directly its
     value doesn't matter.
     [Steve Henson]

  *) Introduce some semblance of const correctness to BN. Shame C doesn't
     support mutable.
     [Ben Laurie]

  *) "linux-sparc64" configuration (ultrapenguin).
     [Ray Miller <ray.miller@oucs.ox.ac.uk>]
     "linux-sparc" configuration.
     [Christian Forster <fo@hawo.stw.uni-erlangen.de>]

  *) config now generates no-xxx options for missing ciphers.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
	4
	5
0cceb1c7 BM	6	Changes between 0.9.3a and 0.9.4
0cceb1c7 BM	7
8eb57af5 DSH	8	*) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
	9	used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
	10	ciphers. NOTE: although the key derivation function has been verified
	11	against some published test vectors it has not been extensively tested
	12	yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
	13	of v2.0.
	14	[Steve Henson]
	15
d4443edc BM	16	*) Instead of "mkdir -p", which is not fully portable, use new
	17	Perl script "util/mkdir-p.pl".
	18
69cbf468 DSH	19	*) Rewrite the way password based encryption (PBE) is handled. It used to
	20	assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
	21	structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
	22	but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
	23	the 'parameter' field of the AlgorithmIdentifier is passed to the
	24	underlying key generation function so it must do its own ASN1 parsing.
	25	This has also changed the EVP_PBE_CipherInit() function which now has a
	26	'parameter' argument instead of literal salt and iteration count values
	27	and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
	28	[Steve Henson]
	29
ef8335d9	30	*) Support for PKCS#5 v1.5 compatible password based encryption algorithms
e7871ffa DSH	31	and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
	32	Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
	33	KEY" because this clashed with PKCS#8 unencrypted string. Since this
	34	value was just used as a "magic string" and not used directly its
	35	value doesn't matter.
ef8335d9 DSH	36	[Steve Henson]
ef8335d9 DSH	37
84c15db5 BL	38	*) Introduce some semblance of const correctness to BN. Shame C doesn't
	39	support mutable.
	40	[Ben Laurie]
	41
272c9333	42	*) "linux-sparc64" configuration (ultrapenguin).
885982dc	43	[Ray Miller <ray.miller@oucs.ox.ac.uk>]
272c9333 BM	44	"linux-sparc" configuration.
272c9333 BM	45	[Christian Forster <fo@hawo.stw.uni-erlangen.de>]
885982dc	46
a53955d8 UM	47	*) config now generates no-xxx options for missing ciphers.
	48