]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | OpenSSL CHANGES | |
3 | _______________ | |
4 | ||
5 | ||
6 | Changes between 0.9.3a and 0.9.4 | |
7 | ||
8 | *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be | |
9 | used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit | |
10 | ciphers. NOTE: although the key derivation function has been verified | |
11 | against some published test vectors it has not been extensively tested | |
12 | yet. Added a -v2 "cipher" option to pkcs8 application to allow the use | |
13 | of v2.0. | |
14 | [Steve Henson] | |
15 | ||
16 | *) Instead of "mkdir -p", which is not fully portable, use new | |
17 | Perl script "util/mkdir-p.pl". | |
18 | ||
19 | *) Rewrite the way password based encryption (PBE) is handled. It used to | |
20 | assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter | |
21 | structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms | |
22 | but doesn't apply to PKCS#5 v2.0 where it can be something else. Now | |
23 | the 'parameter' field of the AlgorithmIdentifier is passed to the | |
24 | underlying key generation function so it must do its own ASN1 parsing. | |
25 | This has also changed the EVP_PBE_CipherInit() function which now has a | |
26 | 'parameter' argument instead of literal salt and iteration count values | |
27 | and the function EVP_PBE_ALGOR_CipherInit() has been deleted. | |
28 | [Steve Henson] | |
29 | ||
30 | *) Support for PKCS#5 v1.5 compatible password based encryption algorithms | |
31 | and PKCS#8 functionality. New 'pkcs8' application linked to openssl. | |
32 | Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE | |
33 | KEY" because this clashed with PKCS#8 unencrypted string. Since this | |
34 | value was just used as a "magic string" and not used directly its | |
35 | value doesn't matter. | |
36 | [Steve Henson] | |
37 | ||
38 | *) Introduce some semblance of const correctness to BN. Shame C doesn't | |
39 | support mutable. | |
40 | [Ben Laurie] | |
41 | ||
42 | *) "linux-sparc64" configuration (ultrapenguin). | |
43 | [Ray Miller <ray.miller@oucs.ox.ac.uk>] | |
44 | "linux-sparc" configuration. | |
45 | [Christian Forster <fo@hawo.stw.uni-erlangen.de>] | |
46 | ||
47 | *) config now generates no-xxx options for missing ciphers. | |
48 |