]> git.ipfire.org Git - thirdparty/openssl.git/blame - CHANGES
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Initial indirect CRL support.
[thirdparty/openssl.git] / CHANGES
CommitLineData
81a6c781 1
f1c236f8 2 OpenSSL CHANGES
651d0aff
RE		 3 _______________
4
8528128b 5 Changes between 0.9.8i and 0.9.9 [xx XXX xxxx]
3ff55e96 6
d0fff69d
DSH		 7 *) Initial indirect CRL support. Currently only supported in the CRLs
8 passed directly and not via lookup. Process certificate issuer
9 CRL entry extension and lookup CRL entries by bother issuer name
10 and serial number. Check and proces CRL issuer entry in IDP extension.
11
12 This work was sponsored by Google.
13 [Steve Henson]
14
9d84d4ed
DSH		 15 *) Add support for distinct certificate and CRL paths. The CRL issuer
16 certificate is validated separately in this case. Only enabled if
17 an extended CRL support flag is set: this flag will enable additional
18 CRL functionality in future.
19
20 This work was sponsored by Google.
21 [Steve Henson]
9d84d4ed 22
002e66c0
DSH		 23 *) Add support for policy mappings extension.
24
25 This work was sponsored by Google.
26 [Steve Henson]
27
e9746e03
DSH		 28 *) Fixes to pathlength constraint, self issued certificate handling,
29 policy processing to align with RFC3280 and PKITS tests.
30
31 This work was sponsored by Google.
32 [Steve Henson]
33
34 *) Support for name constraints certificate extension. DN, email, DNS
35 and URI types are currently supported.
36
37 This work was sponsored by Google.
38 [Steve Henson]
39
4c329696
GT		 40 *) To cater for systems that provide a pointer-based thread ID rather
41 than numeric, deprecate the current numeric thread ID mechanism and
42 replace it with a structure and associated callback type. This
43 mechanism allows a numeric "hash" to be extracted from a thread ID in
44 either case, and on platforms where pointers are larger than 'long',
45 mixing is done to help ensure the numeric 'hash' is usable even if it
46 can't be guaranteed unique. The default mechanism is to use "&errno"
47 as a pointer-based thread ID to distinguish between threads.
48
49 Applications that want to provide their own thread IDs should now use
50 CRYPTO_THREADID_set_callback() to register a callback that will call
51 either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
52
2ecd2ede
BM		 53 Note that ERR_remove_state() is now deprecated, because it is tied
54 to the assumption that thread IDs are numeric. ERR_remove_state(0)
55 to free the current thread's error state should be replaced by
56 ERR_remove_thread_state(NULL).
57
4c329696
GT		 58 (This new approach replaces the functions CRYPTO_set_idptr_callback(),
59 CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
60 OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
61 application was previously providing a numeric thread callback that
62 was inappropriate for distinguishing threads, then uniqueness might
63 have been obtained with &errno that happened immediately in the
64 intermediate development versions of OpenSSL; this is no longer the
65 case, the numeric thread callback will now override the automatic use
66 of &errno.)
67 [Geoff Thorpe, with help from Bodo Moeller]
68
5cbd2033
DSH		 69 *) Initial support for different CRL issuing certificates. This covers a
70 simple case where the self issued certificates in the chain exist and
71 the real CRL issuer is higher in the existing chain.
e9746e03
DSH		 72
73 This work was sponsored by Google.
5cbd2033
DSH		 74 [Steve Henson]
75
5ce278a7
BL		 76 *) Removed effectively defunct crypto/store from the build.
77 [Ben Laurie]
78
79 *) Revamp of STACK to provide stronger type-checking. Still to come:
80 TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
81 ASN1_STRING, CONF_VALUE.
82 [Ben Laurie]
83
8671b898
BL		 84 *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
85 RAM on SSL connections. This option can save about 34k per idle SSL.
86 [Nick Mathewson]
87
3c1d6bbc
BL		 88 *) Revamp of LHASH to provide stronger type-checking. Still to come:
89 STACK, TXT_DB, bsearch, qsort.
90 [Ben Laurie]
91
8931b30d
DSH		 92 *) Initial support for Cryptographic Message Syntax (aka CMS) based
93 on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
fd47c361 94 support for data, signedData, compressedData, digestedData and
eb9d8d8c
DSH		 95 encryptedData, envelopedData types included. Scripts to check against
96 RFC4134 examples draft and interop and consistency checks of many
97 content types and variants.
8931b30d
DSH		 98 [Steve Henson]
99
3df93571 100 *) Add options to enc utility to support use of zlib compression BIO.
8931b30d
DSH		 101 [Steve Henson]
102
73980531
DSH		 103 *) Extend mk1mf to support importing of options and assembly language
104 files from Configure script, currently only included in VC-WIN32.
105 The assembly language rules can now optionally generate the source
106 files from the associated perl scripts.
107 [Steve Henson]
108
0e1dba93
DSH		 109 *) Implement remaining functionality needed to support GOST ciphersuites.
110 Interop testing has been performed using CryptoPro implementations.
111 [Victor B. Wagner <vitus@cryptocom.ru>]
112
0023adb4
AP		 113 *) s390x assembler pack.
114 [Andy Polyakov]
115
4c7c5ff6
AP		 116 *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
117 "family."
118 [Andy Polyakov]
119
761772d7
BM		 120 *) Implement Opaque PRF Input TLS extension as specified in
121 draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an
122 official specification yet and no extension type assignment by
123 IANA exists, this extension (for now) will have to be explicitly
124 enabled when building OpenSSL by providing the extension number
125 to use. For example, specify an option
126
127 -DTLSEXT_TYPE_opaque_prf_input=0x9527
128
129 to the "config" or "Configure" script to enable the extension,
130 assuming extension number 0x9527 (which is a completely arbitrary
131 and unofficial assignment based on the MD5 hash of the Internet
132 Draft). Note that by doing so, you potentially lose
133 interoperability with other TLS implementations since these might
134 be using the same extension number for other purposes.
135
136 SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
137 opaque PRF input value to use in the handshake. This will create
138 an interal copy of the length-'len' string at 'src', and will
139 return non-zero for success.
140
141 To get more control and flexibility, provide a callback function
142 by using
143
144 SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
145 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
146
147 where
148
149 int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
150 void *arg;
151
152 Callback function 'cb' will be called in handshakes, and is
153 expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
154 Argument 'arg' is for application purposes (the value as given to
155 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
156 be provided to the callback function). The callback function
157 has to return non-zero to report success: usually 1 to use opaque
158 PRF input just if possible, or 2 to enforce use of the opaque PRF
159 input. In the latter case, the library will abort the handshake
160 if opaque PRF input is not successfully negotiated.
161
162 Arguments 'peerinput' and 'len' given to the callback function
163 will always be NULL and 0 in the case of a client. A server will
164 see the client's opaque PRF input through these variables if
165 available (NULL and 0 otherwise). Note that if the server
166 provides an opaque PRF input, the length must be the same as the
167 length of the client's opaque PRF input.
168
169 Note that the callback function will only be called when creating
170 a new session (session resumption can resume whatever was
171 previously negotiated), and will not be called in SSL 2.0
172 handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
173 SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
174 for applications that need to enforce opaque PRF input.
175
176 [Bodo Moeller]
177
81025661
DSH		 178 *) Update ssl code to support digests other than SHA1+MD5 for handshake
179 MAC.
180
181 [Victor B. Wagner <vitus@cryptocom.ru>]
182
6434abbf
DSH		 183 *) Add RFC4507 support to OpenSSL. This includes the corrections in
184 RFC4507bis. The encrypted ticket format is an encrypted encoded
185 SSL_SESSION structure, that way new session features are automatically
186 supported.
187
ba0e826d
DSH		 188 If a client application caches session in an SSL_SESSION structure
189 support is transparent because tickets are now stored in the encoded
190 SSL_SESSION.
191
192 The SSL_CTX structure automatically generates keys for ticket
193 protection in servers so again support should be possible
6434abbf
DSH		 194 with no application modification.
195
196 If a client or server wishes to disable RFC4507 support then the option
197 SSL_OP_NO_TICKET can be set.
198
199 Add a TLS extension debugging callback to allow the contents of any client
200 or server extensions to be examined.
ec5d7473
DSH		 201
202 This work was sponsored by Google.
6434abbf
DSH		 203 [Steve Henson]
204
3c07d3a3
DSH		 205 *) Final changes to avoid use of pointer pointer casts in OpenSSL.
206 OpenSSL should now compile cleanly on gcc 4.2
207 [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
208
b948e2c5
DSH		 209 *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
210 support including streaming MAC support: this is required for GOST
211 ciphersuite support.
212 [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
213
9cfc8a9d
DSH		 214 *) Add option -stream to use PKCS#7 streaming in smime utility. New
215 function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
216 to output in BER and PEM format.
217 [Steve Henson]
218
47b71e6e
DSH		 219 *) Experimental support for use of HMAC via EVP_PKEY interface. This
220 allows HMAC to be handled via the EVP_DigestSign*() interface. The
221 EVP_PKEY "key" in this case is the HMAC key, potentially allowing
2022cfe0
DSH		 222 ENGINE support for HMAC keys which are unextractable. New -mac and
223 -macopt options to dgst utility.
47b71e6e
DSH		 224 [Steve Henson]
225
d952c79a
DSH		 226 *) New option -sigopt to dgst utility. Update dgst to use
227 EVP_Digest{Sign,Verify}*. These two changes make it possible to use
228 alternative signing paramaters such as X9.31 or PSS in the dgst
229 utility.
230 [Steve Henson]
231
fd5bc65c
BM		 232 *) Change ssl_cipher_apply_rule(), the internal function that does
233 the work each time a ciphersuite string requests enabling
234 ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
235 removing ("!foo+bar") a class of ciphersuites: Now it maintains
236 the order of disabled ciphersuites such that those ciphersuites
237 that most recently went from enabled to disabled not only stay
238 in order with respect to each other, but also have higher priority
239 than other disabled ciphersuites the next time ciphersuites are
240 enabled again.
241
242 This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
243 the same ciphersuites as with "HIGH" alone, but in a specific
244 order where the PSK ciphersuites come first (since they are the
245 most recently disabled ciphersuites when "HIGH" is parsed).
246
247 Also, change ssl_create_cipher_list() (using this new
248 funcionality) such that between otherwise identical
249 cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
250 the default order.
251 [Bodo Moeller]
252
0a05123a
BM		 253 *) Change ssl_create_cipher_list() so that it automatically
254 arranges the ciphersuites in reasonable order before starting
255 to process the rule string. Thus, the definition for "DEFAULT"
256 (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
257 remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
258 This makes it much easier to arrive at a reasonable default order
259 in applications for which anonymous ciphers are OK (meaning
260 that you can't actually use DEFAULT).
261 [Bodo Moeller; suggested by Victor Duchovni]
262
52b8dad8
BM		 263 *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
264 processing) into multiple integers instead of setting
265 "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
266 "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
267 (These masks as well as the individual bit definitions are hidden
268 away into the non-exported interface ssl/ssl_locl.h, so this
269 change to the definition of the SSL_CIPHER structure shouldn't
270 affect applications.) This give us more bits for each of these
271 categories, so there is no longer a need to coagulate AES128 and
272 AES256 into a single algorithm bit, and to coagulate Camellia128
273 and Camellia256 into a single algorithm bit, which has led to all
274 kinds of kludges.
275
276 Thus, among other things, the kludge introduced in 0.9.7m and
277 0.9.8e for masking out AES256 independently of AES128 or masking
278 out Camellia256 independently of AES256 is not needed here in 0.9.9.
279
280 With the change, we also introduce new ciphersuite aliases that
281 so far were missing: "AES128", "AES256", "CAMELLIA128", and
282 "CAMELLIA256".
283 [Bodo Moeller]
284
357d5de5
NL		 285 *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
286 Use the leftmost N bytes of the signature input if the input is
287 larger than the prime q (with N being the size in bytes of q).
288 [Nils Larsch]
289
11d8cdc6
DSH		 290 *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
291 it yet and it is largely untested.
292 [Steve Henson]
293
06e2dd03
NL		 294 *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
295 [Nils Larsch]
296
de121164 297 *) Initial incomplete changes to avoid need for function casts in OpenSSL
297e6f19 298 some compilers (gcc 4.2 and later) reject their use. Safestack is
a6fbcb42 299 reimplemented. Update ASN1 to avoid use of legacy functions.
de121164
DSH		 300 [Steve Henson]
301
3189772e
AP		 302 *) Win32/64 targets are linked with Winsock2.
303 [Andy Polyakov]
304
010fa0b3
DSH		 305 *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
306 to external functions. This can be used to increase CRL handling
307 efficiency especially when CRLs are very large by (for example) storing
308 the CRL revoked certificates in a database.
309 [Steve Henson]
310
5d20c4fb
DSH		 311 *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
312 new CRLs added to a directory can be used. New command line option
313 -verify_return_error to s_client and s_server. This causes real errors
314 to be returned by the verify callback instead of carrying on no matter
315 what. This reflects the way a "real world" verify callback would behave.
316 [Steve Henson]
317
318 *) GOST engine, supporting several GOST algorithms and public key formats.
319 Kindly donated by Cryptocom.
320 [Cryptocom]
321
bc7535bc
DSH		 322 *) Partial support for Issuing Distribution Point CRL extension. CRLs
323 partitioned by DP are handled but no indirect CRL or reason partitioning
324 (yet). Complete overhaul of CRL handling: now the most suitable CRL is
325 selected via a scoring technique which handles IDP and AKID in CRLs.
326 [Steve Henson]
327
328 *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
329 will ultimately be used for all verify operations: this will remove the
330 X509_STORE dependency on certificate verification and allow alternative
331 lookup methods. X509_STORE based implementations of these two callbacks.
332 [Steve Henson]
333
f6e7d014
DSH		 334 *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
335 Modify get_crl() to find a valid (unexpired) CRL if possible.
336 [Steve Henson]
337
edc54021
DSH		 338 *) New function X509_CRL_match() to check if two CRLs are identical. Normally
339 this would be called X509_CRL_cmp() but that name is already used by
340 a function that just compares CRL issuer names. Cache several CRL
341 extensions in X509_CRL structure and cache CRLDP in X509.
342 [Steve Henson]
343
450ea834
DSH		 344 *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
345 this maps equivalent X509_NAME structures into a consistent structure.
346 Name comparison can then be performed rapidly using memcmp().
347 [Steve Henson]
348
454dbbc5
DSH		 349 *) Non-blocking OCSP request processing. Add -timeout option to ocsp
350 utility.
c1c6c0bf
DSH		 351 [Steve Henson]
352
b7683e3a
DSH		 353 *) Allow digests to supply their own micalg string for S/MIME type using
354 the ctrl EVP_MD_CTRL_MICALG.
355 [Steve Henson]
356
357 *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
358 EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
359 ctrl. It can then customise the structure before and/or after signing
360 if necessary.
361 [Steve Henson]
362
0ee2166c
DSH		 363 *) New function OBJ_add_sigid() to allow application defined signature OIDs
364 to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
365 to free up any added signature OIDs.
366 [Steve Henson]
367
5ba4bf35
DSH		 368 *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
369 EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
370 digest and cipher tables. New options added to openssl utility:
371 list-message-digest-algorithms and list-cipher-algorithms.
372 [Steve Henson]
373
c4e7870a
BM		 374 *) Change the array representation of binary polynomials: the list
375 of degrees of non-zero coefficients is now terminated with -1.
376 Previously it was terminated with 0, which was also part of the
377 value; thus, the array representation was not applicable to
378 polynomials where t^0 has coefficient zero. This change makes
379 the array representation useful in a more general context.
380 [Douglas Stebila]
381
89bbe14c
BM		 382 *) Various modifications and fixes to SSL/TLS cipher string
383 handling. For ECC, the code now distinguishes between fixed ECDH
384 with RSA certificates on the one hand and with ECDSA certificates
385 on the other hand, since these are separate ciphersuites. The
386 unused code for Fortezza ciphersuites has been removed.
387
388 For consistency with EDH, ephemeral ECDH is now called "EECDH"
389 (not "ECDHE"). For consistency with the code for DH
390 certificates, use of ECDH certificates is now considered ECDH
391 authentication, not RSA or ECDSA authentication (the latter is
392 merely the CA's signing algorithm and not actively used in the
393 protocol).
394
395 The temporary ciphersuite alias "ECCdraft" is no longer
396 available, and ECC ciphersuites are no longer excluded from "ALL"
397 and "DEFAULT". The following aliases now exist for RFC 4492
398 ciphersuites, most of these by analogy with the DH case:
399
400 kECDHr - ECDH cert, signed with RSA
401 kECDHe - ECDH cert, signed with ECDSA
402 kECDH - ECDH cert (signed with either RSA or ECDSA)
403 kEECDH - ephemeral ECDH
404 ECDH - ECDH cert or ephemeral ECDH
405
406 aECDH - ECDH cert
407 aECDSA - ECDSA cert
408 ECDSA - ECDSA cert
409
410 AECDH - anonymous ECDH
411 EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
412
413 [Bodo Moeller]
414
fb7b3932
DSH		 415 *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
416 Use correct micalg parameters depending on digest(s) in signed message.
417 [Steve Henson]
418
01b8b3c7
DSH		 419 *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
420 an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
421 [Steve Henson]
de9fcfe3 422
58aa573a 423 *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
c9777d26
DSH		 424 an engine to register a method. Add ENGINE lookups for methods and
425 functional reference processing.
58aa573a
DSH		 426 [Steve Henson]
427
91c9e621
DSH		 428 *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
429 EVP_{Sign,Verify}* which allow an application to customise the signature
430 process.
431 [Steve Henson]
432
55311921
DSH		 433 *) New -resign option to smime utility. This adds one or more signers
434 to an existing PKCS#7 signedData structure. Also -md option to use an
435 alternative message digest algorithm for signing.
436 [Steve Henson]
437
a6e7fcd1
DSH		 438 *) Tidy up PKCS#7 routines and add new functions to make it easier to
439 create PKCS7 structures containing multiple signers. Update smime
440 application to support multiple signers.
441 [Steve Henson]
442
121dd39f
DSH		 443 *) New -macalg option to pkcs12 utility to allow setting of an alternative
444 digest MAC.
445 [Steve Henson]
446
856640b5 447 *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
b8f702a0 448 Reorganize PBE internals to lookup from a static table using NIDs,
6d3a1eac
DSH		 449 add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
450 EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
451 PRF which will be automatically used with PBES2.
856640b5
DSH		 452 [Steve Henson]
453
34b3c72e 454 *) Replace the algorithm specific calls to generate keys in "req" with the
959e8dfe
DSH		 455 new API.
456 [Steve Henson]
457
399a6f0b
DSH		 458 *) Update PKCS#7 enveloped data routines to use new API. This is now
459 supported by any public key method supporting the encrypt operation. A
460 ctrl is added to allow the public key algorithm to examine or modify
461 the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
462 a no op.
463 [Steve Henson]
28e4fe34 464
03919683
DSH		 465 *) Add a ctrl to asn1 method to allow a public key algorithm to express
466 a default digest type to use. In most cases this will be SHA1 but some
467 algorithms (such as GOST) need to specify an alternative digest. The
468 return value indicates how strong the prefernce is 1 means optional and
469 2 is mandatory (that is it is the only supported type). Modify
470 ASN1_item_sign() to accept a NULL digest argument to indicate it should
471 use the default md. Update openssl utilities to use the default digest
472 type for signing if it is not explicitly indicated.
473 [Steve Henson]
474
ee1d9ec0
DSH		 475 *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New
476 EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
477 signing method from the key type. This effectively removes the link
478 between digests and public key types.
479 [Steve Henson]
480
d2027098
DSH		 481 *) Add an OID cross reference table and utility functions. Its purpose is to
482 translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
483 rsaEncryption. This will allow some of the algorithm specific hackery
484 needed to use the correct OID to be removed.
485 [Steve Henson]
486
492a9e24
DSH		 487 *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
488 structures for PKCS7_sign(). They are now set up by the relevant public
489 key ASN1 method.
490 [Steve Henson]
491
9ca7047d
DSH		 492 *) Add provisional EC pkey method with support for ECDSA and ECDH.
493 [Steve Henson]
494
ffb1ac67
DSH		 495 *) Add support for key derivation (agreement) in the API, DH method and
496 pkeyutl.
497 [Steve Henson]
498
3ba0885a
DSH		 499 *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
500 public and private key formats. As a side effect these add additional
501 command line functionality not previously available: DSA signatures can be
502 generated and verified using pkeyutl and DH key support and generation in
503 pkey, genpkey.
504 [Steve Henson]
505
4700aea9
UM		 506 *) BeOS support.
507 [Oliver Tappe <zooey@hirschkaefer.de>]
508
509 *) New make target "install_html_docs" installs HTML renditions of the
510 manual pages.
511 [Oliver Tappe <zooey@hirschkaefer.de>]
512
f5cda4cb
DSH		 513 *) New utility "genpkey" this is analagous to "genrsa" etc except it can
514 generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
515 support key and parameter generation and add initial key generation
516 functionality for RSA.
517 [Steve Henson]
518
f733a5ef
DSH		 519 *) Add functions for main EVP_PKEY_method operations. The undocumented
520 functions EVP_PKEY_{encrypt,decrypt} have been renamed to
521 EVP_PKEY_{encrypt,decrypt}_old.
522 [Steve Henson]
523
0b6f3c66
DSH		 524 *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
525 key API, doesn't do much yet.
526 [Steve Henson]
527
0b33dac3
DSH		 528 *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
529 public key algorithms. New option to openssl utility:
530 "list-public-key-algorithms" to print out info.
531 [Steve Henson]
532
33273721
BM		 533 *) Implement the Supported Elliptic Curves Extension for
534 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
535 [Douglas Stebila]
536
246e0931
DSH		 537 *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
538 EVP_CIPHER structures to avoid later problems in EVP_cleanup().
539 [Steve Henson]
540
3e4585c8 541 *) New utilities pkey and pkeyparam. These are similar to algorithm specific
f5cda4cb 542 utilities such as rsa, dsa, dsaparam etc except they process any key
3e4585c8 543 type.
3e84b6e1
DSH		 544 [Steve Henson]
545
35208f36
DSH		 546 *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
547 functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
548 EVP_PKEY_print_param() to print public key data from an EVP_PKEY
549 structure.
550 [Steve Henson]
551
448be743
DSH		 552 *) Initial support for pluggable public key ASN1.
553 De-spaghettify the public key ASN1 handling. Move public and private
554 key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
555 algorithm specific handling to a single module within the relevant
556 algorithm directory. Add functions to allow (near) opaque processing
557 of public and private key structures.
558 [Steve Henson]
559
36ca4ba6
BM		 560 *) Implement the Supported Point Formats Extension for
561 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
562 [Douglas Stebila]
563
ddac1974
NL		 564 *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
565 for the psk identity [hint] and the psk callback functions to the
566 SSL_SESSION, SSL and SSL_CTX structure.
567
568 New ciphersuites:
569 PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
570 PSK-AES256-CBC-SHA
571
572 New functions:
573 SSL_CTX_use_psk_identity_hint
574 SSL_get_psk_identity_hint
575 SSL_get_psk_identity
576 SSL_use_psk_identity_hint
577
578 [Mika Kousa and Pasi Eronen of Nokia Corporation]
579
c7235be6
UM		 580 *) Add RFC 3161 compliant time stamp request creation, response generation
581 and response verification functionality.
582