[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________


 Changes between 0.9.3a and 0.9.4

  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
     ciphers. NOTE: although the key derivation function has been verified
     against some published test vectors it has not been extensively tested
     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
     of v2.0.
     [Steve Henson]

  *) Instead of "mkdir -p", which is not fully portable, use new
     Perl script "util/mkdir-p.pl".

  *) Rewrite the way password based encryption (PBE) is handled. It used to
     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
     the 'parameter' field of the AlgorithmIdentifier is passed to the
     underlying key generation function so it must do its own ASN1 parsing.
     This has also changed the EVP_PBE_CipherInit() function which now has a
     'parameter' argument instead of literal salt and iteration count values
     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
     [Steve Henson]

  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
     KEY" because this clashed with PKCS#8 unencrypted string. Since this
     value was just used as a "magic string" and not used directly its
     value doesn't matter.
     [Steve Henson]

  *) Introduce some semblance of const correctness to BN. Shame C doesn't
     support mutable.
     [Ben Laurie]

  *) "linux-sparc64" configuration (ultrapenguin).
     [Ray Miller <ray.miller@oucs.ox.ac.uk>]
     "linux-sparc" configuration.
     [Christian Forster <fo@hawo.stw.uni-erlangen.de>]

  *) config now generates no-xxx options for missing ciphers.
Commit	Line	Data
	1
	2	OpenSSL CHANGES
	3	_______________
	4
	5
	6	Changes between 0.9.3a and 0.9.4
	7
	8	*) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
	9	used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
	10	ciphers. NOTE: although the key derivation function has been verified
	11	against some published test vectors it has not been extensively tested
	12	yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
	13	of v2.0.
	14	[Steve Henson]
	15
	16	*) Instead of "mkdir -p", which is not fully portable, use new
	17	Perl script "util/mkdir-p.pl".
	18
	19	*) Rewrite the way password based encryption (PBE) is handled. It used to
	20	assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
	21	structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
	22	but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
	23	the 'parameter' field of the AlgorithmIdentifier is passed to the
	24	underlying key generation function so it must do its own ASN1 parsing.
	25	This has also changed the EVP_PBE_CipherInit() function which now has a
	26	'parameter' argument instead of literal salt and iteration count values
	27	and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
	28	[Steve Henson]
	29
	30	*) Support for PKCS#5 v1.5 compatible password based encryption algorithms
	31	and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
	32	Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
	33	KEY" because this clashed with PKCS#8 unencrypted string. Since this
	34	value was just used as a "magic string" and not used directly its
	35	value doesn't matter.
	36	[Steve Henson]
	37
	38	*) Introduce some semblance of const correctness to BN. Shame C doesn't
	39	support mutable.
	40	[Ben Laurie]
	41
	42	*) "linux-sparc64" configuration (ultrapenguin).
	43	[Ray Miller <ray.miller@oucs.ox.ac.uk>]
	44	"linux-sparc" configuration.
	45	[Christian Forster <fo@hawo.stw.uni-erlangen.de>]
	46
	47	*) config now generates no-xxx options for missing ciphers.
	48