]> git.ipfire.org Git - thirdparty/openssl.git/blame - CHANGES
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update from stable branch.
[thirdparty/openssl.git] / CHANGES
CommitLineData
81a6c781 1
f1c236f8 2 OpenSSL CHANGES
651d0aff
RE		 3 _______________
4
11d01d37 5 Changes between 0.9.8g and 0.9.9 [xx XXX xxxx]
3ff55e96 6
f7ccba3e
GT		 7 *) To support arbitrarily-typed thread IDs, deprecate the existing
8 type-specific APIs for a general purpose CRYPTO_THREADID
9 interface. Applications can choose the thread ID
10 callback type it wishes to register, as before;
11
12 void CRYPTO_set_id_callback(unsigned long (*func)(void));
13 void CRYPTO_set_idptr_callback(void *(*func)(void));
14
15 but retrieval, copies, and comparisons of thread IDs are via
16 type-independent interfaces;
17
18 void CRYPTO_THREADID_set(CRYPTO_THREADID *id);
19 void CRYPTO_THREADID_cmp(const CRYPTO_THREADID *id1,
20 const CRYPTO_THREADID *id2);
21 void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dst,
22 const CRYPTO_THREADID *src);
23
24 Also, for code that needs a thread ID "value" for use in
25 hash-tables or logging, a "hash" is available by;
26
27 unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
28
29 This hash value is likely to be the thread ID anyway, but
30 otherwise it will be unique if possible or as collision-free as
31 possible if uniqueness can't be guaranteed on the target
32 architecture.
33
34 The following functions are deprecated;
35 unsigned long (*CRYPTO_get_id_callback(void))(void);
36 unsigned long CRYPTO_thread_id(void);
37
38 As a consequence of the above, there are similar deprecations of
39 BN_BLINDING functions in favour of CRYPTO_THREADID-based
40 alternatives;
41
42 #ifndef OPENSSL_NO_DEPRECATED
43 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
44 void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
45 #endif
46 void BN_BLINDING_set_thread(BN_BLINDING *);
47 int BN_BLINDING_cmp_thread(const BN_BLINDING *, const
48 CRYPTO_THREADID *);
49
50 Also, the ERR_remove_state(int pid) API has been deprecated;
51
52 #ifndef OPENSSL_NO_DEPRECATED
53 void ERR_remove_state(unsigned long pid)
54 #endif
55 void ERR_remove_thread_state(CRYPTO_THREADID *tid);
56
57 [Geoff Thorpe]
58
8931b30d
DSH		 59 *) Initial support for Cryptographic Message Syntax (aka CMS) based
60 on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
fd47c361 61 support for data, signedData, compressedData, digestedData and
eb9d8d8c
DSH		 62 encryptedData, envelopedData types included. Scripts to check against
63 RFC4134 examples draft and interop and consistency checks of many
64 content types and variants.
8931b30d
DSH		 65 [Steve Henson]
66
3df93571 67 *) Add options to enc utility to support use of zlib compression BIO.
8931b30d
DSH		 68 [Steve Henson]
69
73980531
DSH		 70 *) Extend mk1mf to support importing of options and assembly language
71 files from Configure script, currently only included in VC-WIN32.
72 The assembly language rules can now optionally generate the source
73 files from the associated perl scripts.
74 [Steve Henson]
75
0e1dba93
DSH		 76 *) Implement remaining functionality needed to support GOST ciphersuites.
77 Interop testing has been performed using CryptoPro implementations.
78 [Victor B. Wagner <vitus@cryptocom.ru>]
79
0023adb4
AP		 80 *) s390x assembler pack.
81 [Andy Polyakov]
82
4c7c5ff6
AP		 83 *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
84 "family."
85 [Andy Polyakov]
86
761772d7
BM		 87 *) Implement Opaque PRF Input TLS extension as specified in
88 draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an
89 official specification yet and no extension type assignment by
90 IANA exists, this extension (for now) will have to be explicitly
91 enabled when building OpenSSL by providing the extension number
92 to use. For example, specify an option
93
94 -DTLSEXT_TYPE_opaque_prf_input=0x9527
95
96 to the "config" or "Configure" script to enable the extension,
97 assuming extension number 0x9527 (which is a completely arbitrary
98 and unofficial assignment based on the MD5 hash of the Internet
99 Draft). Note that by doing so, you potentially lose
100 interoperability with other TLS implementations since these might
101 be using the same extension number for other purposes.
102
103 SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
104 opaque PRF input value to use in the handshake. This will create
105 an interal copy of the length-'len' string at 'src', and will
106 return non-zero for success.
107
108 To get more control and flexibility, provide a callback function
109 by using
110
111 SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
112 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
113
114 where
115
116 int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
117 void *arg;
118
119 Callback function 'cb' will be called in handshakes, and is
120 expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
121 Argument 'arg' is for application purposes (the value as given to
122 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
123 be provided to the callback function). The callback function
124 has to return non-zero to report success: usually 1 to use opaque
125 PRF input just if possible, or 2 to enforce use of the opaque PRF
126 input. In the latter case, the library will abort the handshake
127 if opaque PRF input is not successfully negotiated.
128
129 Arguments 'peerinput' and 'len' given to the callback function
130 will always be NULL and 0 in the case of a client. A server will
131 see the client's opaque PRF input through these variables if
132 available (NULL and 0 otherwise). Note that if the server
133 provides an opaque PRF input, the length must be the same as the
134 length of the client's opaque PRF input.
135
136 Note that the callback function will only be called when creating
137 a new session (session resumption can resume whatever was
138 previously negotiated), and will not be called in SSL 2.0
139 handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
140 SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
141 for applications that need to enforce opaque PRF input.
142
143 [Bodo Moeller]
144
81025661
DSH		 145 *) Update ssl code to support digests other than SHA1+MD5 for handshake
146 MAC.
147
148 [Victor B. Wagner <vitus@cryptocom.ru>]
149
6434abbf
DSH		 150 *) Add RFC4507 support to OpenSSL. This includes the corrections in
151 RFC4507bis. The encrypted ticket format is an encrypted encoded
152 SSL_SESSION structure, that way new session features are automatically
153 supported.
154
ba0e826d
DSH		 155 If a client application caches session in an SSL_SESSION structure
156 support is transparent because tickets are now stored in the encoded
157 SSL_SESSION.
158
159 The SSL_CTX structure automatically generates keys for ticket
160 protection in servers so again support should be possible
6434abbf
DSH		 161 with no application modification.
162
163 If a client or server wishes to disable RFC4507 support then the option
164 SSL_OP_NO_TICKET can be set.
165
166 Add a TLS extension debugging callback to allow the contents of any client
167 or server extensions to be examined.
ec5d7473
DSH		 168
169 This work was sponsored by Google.
6434abbf
DSH		 170 [Steve Henson]
171
3c07d3a3
DSH		 172 *) Final changes to avoid use of pointer pointer casts in OpenSSL.
173 OpenSSL should now compile cleanly on gcc 4.2
174 [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
175
b948e2c5
DSH		 176 *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
177 support including streaming MAC support: this is required for GOST
178 ciphersuite support.
179 [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
180
9cfc8a9d
DSH		 181 *) Add option -stream to use PKCS#7 streaming in smime utility. New
182 function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
183 to output in BER and PEM format.
184 [Steve Henson]
185
47b71e6e
DSH		 186 *) Experimental support for use of HMAC via EVP_PKEY interface. This
187 allows HMAC to be handled via the EVP_DigestSign*() interface. The
188 EVP_PKEY "key" in this case is the HMAC key, potentially allowing
2022cfe0
DSH		 189 ENGINE support for HMAC keys which are unextractable. New -mac and
190 -macopt options to dgst utility.
47b71e6e
DSH		 191 [Steve Henson]
192
d952c79a
DSH		 193 *) New option -sigopt to dgst utility. Update dgst to use
194 EVP_Digest{Sign,Verify}*. These two changes make it possible to use
195 alternative signing paramaters such as X9.31 or PSS in the dgst
196 utility.
197 [Steve Henson]
198
fd5bc65c
BM		 199 *) Change ssl_cipher_apply_rule(), the internal function that does
200 the work each time a ciphersuite string requests enabling
201 ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
202 removing ("!foo+bar") a class of ciphersuites: Now it maintains
203 the order of disabled ciphersuites such that those ciphersuites
204 that most recently went from enabled to disabled not only stay
205 in order with respect to each other, but also have higher priority
206 than other disabled ciphersuites the next time ciphersuites are
207 enabled again.
208
209 This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
210 the same ciphersuites as with "HIGH" alone, but in a specific
211 order where the PSK ciphersuites come first (since they are the
212 most recently disabled ciphersuites when "HIGH" is parsed).
213
214 Also, change ssl_create_cipher_list() (using this new
215 funcionality) such that between otherwise identical
216 cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
217 the default order.
218 [Bodo Moeller]
219
0a05123a
BM		 220 *) Change ssl_create_cipher_list() so that it automatically
221 arranges the ciphersuites in reasonable order before starting
222 to process the rule string. Thus, the definition for "DEFAULT"
223 (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
224 remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
225 This makes it much easier to arrive at a reasonable default order
226 in applications for which anonymous ciphers are OK (meaning
227 that you can't actually use DEFAULT).
228 [Bodo Moeller; suggested by Victor Duchovni]
229
52b8dad8
BM		 230 *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
231 processing) into multiple integers instead of setting
232 "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
233 "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
234 (These masks as well as the individual bit definitions are hidden
235 away into the non-exported interface ssl/ssl_locl.h, so this
236 change to the definition of the SSL_CIPHER structure shouldn't
237 affect applications.) This give us more bits for each of these
238 categories, so there is no longer a need to coagulate AES128 and
239 AES256 into a single algorithm bit, and to coagulate Camellia128
240 and Camellia256 into a single algorithm bit, which has led to all
241 kinds of kludges.
242
243 Thus, among other things, the kludge introduced in 0.9.7m and
244 0.9.8e for masking out AES256 independently of AES128 or masking
245 out Camellia256 independently of AES256 is not needed here in 0.9.9.
246
247 With the change, we also introduce new ciphersuite aliases that
248 so far were missing: "AES128", "AES256", "CAMELLIA128", and
249 "CAMELLIA256".
250 [Bodo Moeller]
251
357d5de5
NL		 252 *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
253 Use the leftmost N bytes of the signature input if the input is
254 larger than the prime q (with N being the size in bytes of q).
255 [Nils Larsch]
256
11d8cdc6
DSH		 257 *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
258 it yet and it is largely untested.
259 [Steve Henson]
260
06e2dd03
NL		 261 *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
262 [Nils Larsch]
263
de121164 264 *) Initial incomplete changes to avoid need for function casts in OpenSSL
297e6f19 265 some compilers (gcc 4.2 and later) reject their use. Safestack is
a6fbcb42 266 reimplemented. Update ASN1 to avoid use of legacy functions.
de121164
DSH		 267 [Steve Henson]
268
3189772e
AP		 269 *) Win32/64 targets are linked with Winsock2.
270 [Andy Polyakov]
271
010fa0b3
DSH		 272 *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
273 to external functions. This can be used to increase CRL handling
274 efficiency especially when CRLs are very large by (for example) storing
275 the CRL revoked certificates in a database.
276 [Steve Henson]
277
5d20c4fb
DSH		 278 *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
279 new CRLs added to a directory can be used. New command line option
280 -verify_return_error to s_client and s_server. This causes real errors
281 to be returned by the verify callback instead of carrying on no matter
282 what. This reflects the way a "real world" verify callback would behave.
283 [Steve Henson]
284
285 *) GOST engine, supporting several GOST algorithms and public key formats.
286 Kindly donated by Cryptocom.
287 [Cryptocom]
288
bc7535bc
DSH		 289 *) Partial support for Issuing Distribution Point CRL extension. CRLs
290 partitioned by DP are handled but no indirect CRL or reason partitioning
291 (yet). Complete overhaul of CRL handling: now the most suitable CRL is
292 selected via a scoring technique which handles IDP and AKID in CRLs.
293 [Steve Henson]
294
295 *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
296 will ultimately be used for all verify operations: this will remove the
297 X509_STORE dependency on certificate verification and allow alternative
298 lookup methods. X509_STORE based implementations of these two callbacks.
299 [Steve Henson]
300
f6e7d014
DSH		 301 *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
302 Modify get_crl() to find a valid (unexpired) CRL if possible.
303 [Steve Henson]
304
edc54021
DSH		 305 *) New function X509_CRL_match() to check if two CRLs are identical. Normally
306 this would be called X509_CRL_cmp() but that name is already used by
307 a function that just compares CRL issuer names. Cache several CRL
308 extensions in X509_CRL structure and cache CRLDP in X509.
309 [Steve Henson]
310
450ea834
DSH		 311 *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
312 this maps equivalent X509_NAME structures into a consistent structure.
313 Name comparison can then be performed rapidly using memcmp().
314 [Steve Henson]
315
454dbbc5
DSH		 316 *) Non-blocking OCSP request processing. Add -timeout option to ocsp
317 utility.
c1c6c0bf
DSH		 318 [Steve Henson]
319
b7683e3a
DSH		 320 *) Allow digests to supply their own micalg string for S/MIME type using
321 the ctrl EVP_MD_CTRL_MICALG.
322 [Steve Henson]
323
324 *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
325 EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
326 ctrl. It can then customise the structure before and/or after signing
327 if necessary.
328 [Steve Henson]
329
0ee2166c
DSH		 330 *) New function OBJ_add_sigid() to allow application defined signature OIDs
331 to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
332 to free up any added signature OIDs.
333 [Steve Henson]
334
5ba4bf35
DSH		 335 *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
336 EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
337 digest and cipher tables. New options added to openssl utility:
338 list-message-digest-algorithms and list-cipher-algorithms.
339 [Steve Henson]
340
48fc582f
BM		 341 *) In addition to the numerical (unsigned long) thread ID, provide
342 for a pointer (void *) thread ID. This helps accomodate systems
343 that do not provide an unsigned long thread ID. OpenSSL assumes
344 it is in the same thread iff both the numerical and the pointer
345 thread ID agree; so applications are just required to define one
346 of them appropriately (e.g., by using a pointer to a per-thread
347 memory object malloc()ed by the application for the pointer-type
348 thread ID). Exactly analoguous to the existing functions
349
350 void CRYPTO_set_id_callback(unsigned long (*func)(void));
351 unsigned long (*CRYPTO_get_id_callback(void))(void);
352 unsigned long CRYPTO_thread_id(void);
353
354 we now have additional functions
355
356 void CRYPTO_set_idptr_callback(void *(*func)(void));
357 void *(*CRYPTO_get_idptr_callback(void))(void);
358 void *CRYPTO_thread_idptr(void);
359
360 also in <openssl/crypto.h>. The default value for
361 CRYPTO_thread_idptr() if the application has not provided its own
362 callback is &errno.
363 [Bodo Moeller]
364
f7ccba3e
GT		 365 -- NOTE -- this change has been reverted and replaced with a
366 type-independent wrapper (ie. applications do not have to check
367 two type-specific thread ID representations as implied in this
368 change note). However, the "idptr" callback form described here
369 can still be registered. Please see the more recent CHANGES note
370 regarding CRYPTO_THREADID. [Geoff Thorpe]
371 -- NOTE --
372
c4e7870a
BM		 373 *) Change the array representation of binary polynomials: the list
374 of degrees of non-zero coefficients is now terminated with -1.
375 Previously it was terminated with 0, which was also part of the
376 value; thus, the array representation was not applicable to
377 polynomials where t^0 has coefficient zero. This change makes
378 the array representation useful in a more general context.
379 [Douglas Stebila]
380
89bbe14c
BM		 381 *) Various modifications and fixes to SSL/TLS cipher string
382 handling. For ECC, the code now distinguishes between fixed ECDH
383 with RSA certificates on the one hand and with ECDSA certificates
384 on the other hand, since these are separate ciphersuites. The
385 unused code for Fortezza ciphersuites has been removed.
386
387 For consistency with EDH, ephemeral ECDH is now called "EECDH"
388 (not "ECDHE"). For consistency with the code for DH
389 certificates, use of ECDH certificates is now considered ECDH
390 authentication, not RSA or ECDSA authentication (the latter is
391 merely the CA's signing algorithm and not actively used in the
392 protocol).
393
394 The temporary ciphersuite alias "ECCdraft" is no longer
395 available, and ECC ciphersuites are no longer excluded from "ALL"
396 and "DEFAULT". The following aliases now exist for RFC 4492
397 ciphersuites, most of these by analogy with the DH case:
398
399 kECDHr - ECDH cert, signed with RSA
400 kECDHe - ECDH cert, signed with ECDSA
401 kECDH - ECDH cert (signed with either RSA or ECDSA)
402 kEECDH - ephemeral ECDH
403 ECDH - ECDH cert or ephemeral ECDH
404
405 aECDH - ECDH cert
406 aECDSA - ECDSA cert
407 ECDSA - ECDSA cert
408
409 AECDH - anonymous ECDH
410 EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
411
412 [Bodo Moeller]
413
fb7b3932
DSH		 414 *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
415 Use correct micalg parameters depending on digest(s) in signed message.
416 [Steve Henson]
417
01b8b3c7
DSH		 418 *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
419 an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
420 [Steve Henson]
de9fcfe3 421
58aa573a 422 *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
c9777d26
DSH		 423 an engine to register a method. Add ENGINE lookups for methods and
424 functional reference processing.
58aa573a
DSH		 425 [Steve Henson]
426
91c9e621
DSH		 427 *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
428 EVP_{Sign,Verify}* which allow an application to customise the signature
429 process.
430 [Steve Henson]
431
55311921
DSH		 432 *) New -resign option to smime utility. This adds one or more signers
433 to an existing PKCS#7 signedData structure. Also -md option to use an
434 alternative message digest algorithm for signing.
435 [Steve Henson]
436
a6e7fcd1
DSH		 437 *) Tidy up PKCS#7 routines and add new functions to make it easier to
438 create PKCS7 structures containing multiple signers. Update smime
439 application to support multiple signers.
440 [Steve Henson]
441
121dd39f
DSH		 442 *) New -macalg option to pkcs12 utility to allow setting of an alternative
443 digest MAC.
444 [Steve Henson]
445
856640b5 446 *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
b8f702a0 447 Reorganize PBE internals to lookup from a static table using NIDs,
6d3a1eac
DSH		 448 add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
449 EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
450 PRF which will be automatically used with PBES2.
856640b5
DSH		 451 [Steve Henson]
452
34b3c72e 453 *) Replace the algorithm specific calls to generate keys in "req" with the
959e8dfe
DSH		 454 new API.
455 [Steve Henson]
456
399a6f0b
DSH		 457 *) Update PKCS#7 enveloped data routines to use new API. This is now
458 supported by any public key method supporting the encrypt operation. A
459 ctrl is added to allow the public key algorithm to examine or modify
460 the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
461 a no op.
462 [Steve Henson]
28e4fe34 463
03919683
DSH		 464 *) Add a ctrl to asn1 method to allow a public key algorithm to express
465 a default digest type to use. In most cases this will be SHA1 but some
466 algorithms (such as GOST) need to specify an alternative digest. The
467 return value indicates how strong the prefernce is 1 means optional and
468 2 is mandatory (that is it is the only supported type). Modify
469 ASN1_item_sign() to accept a NULL digest argument to indicate it should
470 use the default md. Update openssl utilities to use the default digest
471 type for signing if it is not explicitly indicated.
472 [Steve Henson]
473
ee1d9ec0
DSH		 474 *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New
475 EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
476 signing method from the key type. This effectively removes the link
477 between digests and public key types.
478 [Steve Henson]
479
d2027098
DSH		 480 *) Add an OID cross reference table and utility functions. Its purpose is to
481 translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
482 rsaEncryption. This will allow some of the algorithm specific hackery
483 needed to use the correct OID to be removed.
484 [Steve Henson]
485
492a9e24
DSH		 486 *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
487 structures for PKCS7_sign(). They are now set up by the relevant public
488 key ASN1 method.
489 [Steve Henson]
490
9ca7047d
DSH		 491 *) Add provisional EC pkey method with support for ECDSA and ECDH.
492 [Steve Henson]
493
ffb1ac67
DSH		 494 *) Add support for key derivation (agreement) in the API, DH method and
495 pkeyutl.
496 [Steve Henson]
497
3ba0885a
DSH		 498 *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
499 public and private key formats. As a side effect these add additional
500 command line functionality not previously available: DSA signatures can be
501 generated and verified using pkeyutl and DH key support and generation in
502 pkey, genpkey.
503 [Steve Henson]
504
4700aea9
UM		 505 *) BeOS support.
506 [Oliver Tappe <zooey@hirschkaefer.de>]
507
508 *) New make target "install_html_docs" installs HTML renditions of the
509 manual pages.
510 [Oliver Tappe <zooey@hirschkaefer.de>]
511
f5cda4cb
DSH		 512 *) New utility "genpkey" this is analagous to "genrsa" etc except it can
513 generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
514 support key and parameter generation and add initial key generation
515 functionality for RSA.
516 [Steve Henson]
517
f733a5ef
DSH		 518 *) Add functions for main EVP_PKEY_method operations. The undocumented
519 functions EVP_PKEY_{encrypt,decrypt} have been renamed to
520 EVP_PKEY_{encrypt,decrypt}_old.
521 [Steve Henson]
522
0b6f3c66
DSH		 523 *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
524 key API, doesn't do much yet.
525 [Steve Henson]
526
0b33dac3
DSH		 527 *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
528 public key algorithms. New option to openssl utility:
529 "list-public-key-algorithms" to print out info.
530 [Steve Henson]
531
33273721
BM		 532 *) Implement the Supported Elliptic Curves Extension for
533 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
534 [Douglas Stebila]
535
246e0931
DSH		 536 *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
537 EVP_CIPHER structures to avoid later problems in EVP_cleanup().
538 [Steve Henson]
539
3e4585c8 540 *) New utilities pkey and pkeyparam. These are similar to algorithm specific
f5cda4cb 541 utilities such as rsa, dsa, dsaparam etc except they process any key
3e4585c8 542 type.
3e84b6e1
DSH		 543 [Steve Henson]
544
35208f36
DSH		 545 *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
546 functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
547 EVP_PKEY_print_param() to print public key data from an EVP_PKEY
548 structure.
549 [Steve Henson]
550
448be743
DSH		 551 *) Initial support for pluggable public key ASN1.
552 De-spaghettify the public key ASN1 handling. Move public and private
553 key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
554 algorithm specific handling to a single module within the relevant
555 algorithm directory. Add functions to allow (near) opaque processing
556 of public and private key structures.
557 [Steve Henson]
558
36ca4ba6
BM		 559 *) Implement the Supported Point Formats Extension for
560 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
561 [Douglas Stebila]
562
ddac1974
NL		 563 *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
564 for the psk identity [hint] and the psk callback functions to the
565 SSL_SESSION, SSL and SSL_CTX structure.
566
567 New ciphersuites:
568 PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
569 PSK-AES256-CBC-SHA
570
571 New functions:
572 SSL_CTX_use_psk_identity_hint
573 SSL_get_psk_identity_hint
574 SSL_get_psk_identity
575 SSL_use_psk_identity_hint
576
577 [Mika Kousa and Pasi Eronen of Nokia Corporation]
578
c7235be6
UM		 579 *) Add RFC 3161 compliant time stamp request creation, response generation
580 and response verification functionality.
581