]> git.ipfire.org Git - thirdparty/openssl.git/blame - CHANGES
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
From HEAD:
[thirdparty/openssl.git] / CHANGES
CommitLineData
81a6c781 1
f1c236f8 2 OpenSSL CHANGES
651d0aff
RE		 3 _______________
4
11d01d37 5 Changes between 0.9.8g and 0.9.9 [xx XXX xxxx]
3ff55e96 6
3c1d6bbc
BL		 7 *) Revamp of LHASH to provide stronger type-checking. Still to come:
8 STACK, TXT_DB, bsearch, qsort.
9 [Ben Laurie]
10
4bd4afa3
BM		 11 *) Not all of this is true any longer.
12 Will have to be updated to reflect all subsequent changes to cryptlib.c.
13 --bodo
14
15
16 To support arbitrarily-typed thread IDs, deprecate the existing
f7ccba3e
GT		 17 type-specific APIs for a general purpose CRYPTO_THREADID
18 interface. Applications can choose the thread ID
19 callback type it wishes to register, as before;
20
21 void CRYPTO_set_id_callback(unsigned long (*func)(void));
22 void CRYPTO_set_idptr_callback(void *(*func)(void));
23
24 but retrieval, copies, and comparisons of thread IDs are via
25 type-independent interfaces;
26
27 void CRYPTO_THREADID_set(CRYPTO_THREADID *id);
28 void CRYPTO_THREADID_cmp(const CRYPTO_THREADID *id1,
29 const CRYPTO_THREADID *id2);
30 void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dst,
31 const CRYPTO_THREADID *src);
32
33 Also, for code that needs a thread ID "value" for use in
34 hash-tables or logging, a "hash" is available by;
35
36 unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
37
38 This hash value is likely to be the thread ID anyway, but
39 otherwise it will be unique if possible or as collision-free as
40 possible if uniqueness can't be guaranteed on the target
41 architecture.
42
43 The following functions are deprecated;
44 unsigned long (*CRYPTO_get_id_callback(void))(void);
45 unsigned long CRYPTO_thread_id(void);
46
47 As a consequence of the above, there are similar deprecations of
48 BN_BLINDING functions in favour of CRYPTO_THREADID-based
49 alternatives;
50
51 #ifndef OPENSSL_NO_DEPRECATED
52 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
53 void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
54 #endif
55 void BN_BLINDING_set_thread(BN_BLINDING *);
56 int BN_BLINDING_cmp_thread(const BN_BLINDING *, const
57 CRYPTO_THREADID *);
58
59 Also, the ERR_remove_state(int pid) API has been deprecated;
60
61 #ifndef OPENSSL_NO_DEPRECATED
62 void ERR_remove_state(unsigned long pid)
63 #endif
64 void ERR_remove_thread_state(CRYPTO_THREADID *tid);
65
66 [Geoff Thorpe]
67
8931b30d
DSH		 68 *) Initial support for Cryptographic Message Syntax (aka CMS) based
69 on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
fd47c361 70 support for data, signedData, compressedData, digestedData and
eb9d8d8c
DSH		 71 encryptedData, envelopedData types included. Scripts to check against
72 RFC4134 examples draft and interop and consistency checks of many
73 content types and variants.
8931b30d
DSH		 74 [Steve Henson]
75
3df93571 76 *) Add options to enc utility to support use of zlib compression BIO.
8931b30d
DSH		 77 [Steve Henson]
78
73980531
DSH		 79 *) Extend mk1mf to support importing of options and assembly language
80 files from Configure script, currently only included in VC-WIN32.
81 The assembly language rules can now optionally generate the source
82 files from the associated perl scripts.
83 [Steve Henson]
84
0e1dba93
DSH		 85 *) Implement remaining functionality needed to support GOST ciphersuites.
86 Interop testing has been performed using CryptoPro implementations.
87 [Victor B. Wagner <vitus@cryptocom.ru>]
88
0023adb4
AP		 89 *) s390x assembler pack.
90 [Andy Polyakov]
91
4c7c5ff6
AP		 92 *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
93 "family."
94 [Andy Polyakov]
95
761772d7
BM		 96 *) Implement Opaque PRF Input TLS extension as specified in
97 draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an
98 official specification yet and no extension type assignment by
99 IANA exists, this extension (for now) will have to be explicitly
100 enabled when building OpenSSL by providing the extension number
101 to use. For example, specify an option
102
103 -DTLSEXT_TYPE_opaque_prf_input=0x9527
104
105 to the "config" or "Configure" script to enable the extension,
106 assuming extension number 0x9527 (which is a completely arbitrary
107 and unofficial assignment based on the MD5 hash of the Internet
108 Draft). Note that by doing so, you potentially lose
109 interoperability with other TLS implementations since these might
110 be using the same extension number for other purposes.
111
112 SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
113 opaque PRF input value to use in the handshake. This will create
114 an interal copy of the length-'len' string at 'src', and will
115 return non-zero for success.
116
117 To get more control and flexibility, provide a callback function
118 by using
119
120 SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
121 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
122
123 where
124
125 int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
126 void *arg;
127
128 Callback function 'cb' will be called in handshakes, and is
129 expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
130 Argument 'arg' is for application purposes (the value as given to
131 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
132 be provided to the callback function). The callback function
133 has to return non-zero to report success: usually 1 to use opaque
134 PRF input just if possible, or 2 to enforce use of the opaque PRF
135 input. In the latter case, the library will abort the handshake
136 if opaque PRF input is not successfully negotiated.
137
138 Arguments 'peerinput' and 'len' given to the callback function
139 will always be NULL and 0 in the case of a client. A server will
140 see the client's opaque PRF input through these variables if
141 available (NULL and 0 otherwise). Note that if the server
142 provides an opaque PRF input, the length must be the same as the
143 length of the client's opaque PRF input.
144
145 Note that the callback function will only be called when creating
146 a new session (session resumption can resume whatever was
147 previously negotiated), and will not be called in SSL 2.0
148 handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
149 SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
150 for applications that need to enforce opaque PRF input.
151
152 [Bodo Moeller]
153
81025661
DSH		 154 *) Update ssl code to support digests other than SHA1+MD5 for handshake
155 MAC.
156
157 [Victor B. Wagner <vitus@cryptocom.ru>]
158
6434abbf
DSH		 159 *) Add RFC4507 support to OpenSSL. This includes the corrections in
160 RFC4507bis. The encrypted ticket format is an encrypted encoded
161 SSL_SESSION structure, that way new session features are automatically
162 supported.
163
ba0e826d
DSH		 164 If a client application caches session in an SSL_SESSION structure
165 support is transparent because tickets are now stored in the encoded
166 SSL_SESSION.
167
168 The SSL_CTX structure automatically generates keys for ticket
169 protection in servers so again support should be possible
6434abbf
DSH		 170 with no application modification.
171
172 If a client or server wishes to disable RFC4507 support then the option
173 SSL_OP_NO_TICKET can be set.
174
175 Add a TLS extension debugging callback to allow the contents of any client
176 or server extensions to be examined.
ec5d7473
DSH		 177
178 This work was sponsored by Google.
6434abbf
DSH		 179 [Steve Henson]
180
3c07d3a3
DSH		 181 *) Final changes to avoid use of pointer pointer casts in OpenSSL.
182 OpenSSL should now compile cleanly on gcc 4.2
183 [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
184
b948e2c5
DSH		 185 *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
186 support including streaming MAC support: this is required for GOST
187 ciphersuite support.
188 [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
189
9cfc8a9d
DSH		 190 *) Add option -stream to use PKCS#7 streaming in smime utility. New
191 function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
192 to output in BER and PEM format.
193 [Steve Henson]
194
47b71e6e
DSH		 195 *) Experimental support for use of HMAC via EVP_PKEY interface. This
196 allows HMAC to be handled via the EVP_DigestSign*() interface. The
197 EVP_PKEY "key" in this case is the HMAC key, potentially allowing
2022cfe0
DSH		 198 ENGINE support for HMAC keys which are unextractable. New -mac and
199 -macopt options to dgst utility.
47b71e6e
DSH		 200 [Steve Henson]
201
d952c79a
DSH		 202 *) New option -sigopt to dgst utility. Update dgst to use
203 EVP_Digest{Sign,Verify}*. These two changes make it possible to use
204 alternative signing paramaters such as X9.31 or PSS in the dgst
205 utility.
206 [Steve Henson]
207
fd5bc65c
BM		 208 *) Change ssl_cipher_apply_rule(), the internal function that does
209 the work each time a ciphersuite string requests enabling
210 ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
211 removing ("!foo+bar") a class of ciphersuites: Now it maintains
212 the order of disabled ciphersuites such that those ciphersuites
213 that most recently went from enabled to disabled not only stay
214 in order with respect to each other, but also have higher priority
215 than other disabled ciphersuites the next time ciphersuites are
216 enabled again.
217
218 This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
219 the same ciphersuites as with "HIGH" alone, but in a specific
220 order where the PSK ciphersuites come first (since they are the
221 most recently disabled ciphersuites when "HIGH" is parsed).
222
223 Also, change ssl_create_cipher_list() (using this new
224 funcionality) such that between otherwise identical
225 cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
226 the default order.
227 [Bodo Moeller]
228
0a05123a
BM		 229 *) Change ssl_create_cipher_list() so that it automatically
230 arranges the ciphersuites in reasonable order before starting
231 to process the rule string. Thus, the definition for "DEFAULT"
232 (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
233 remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
234 This makes it much easier to arrive at a reasonable default order
235 in applications for which anonymous ciphers are OK (meaning
236 that you can't actually use DEFAULT).
237 [Bodo Moeller; suggested by Victor Duchovni]
238
52b8dad8
BM		 239 *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
240 processing) into multiple integers instead of setting
241 "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
242 "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
243 (These masks as well as the individual bit definitions are hidden
244 away into the non-exported interface ssl/ssl_locl.h, so this
245 change to the definition of the SSL_CIPHER structure shouldn't
246 affect applications.) This give us more bits for each of these
247 categories, so there is no longer a need to coagulate AES128 and
248 AES256 into a single algorithm bit, and to coagulate Camellia128
249 and Camellia256 into a single algorithm bit, which has led to all
250 kinds of kludges.
251
252 Thus, among other things, the kludge introduced in 0.9.7m and
253 0.9.8e for masking out AES256 independently of AES128 or masking
254 out Camellia256 independently of AES256 is not needed here in 0.9.9.
255
256 With the change, we also introduce new ciphersuite aliases that
257 so far were missing: "AES128", "AES256", "CAMELLIA128", and
258 "CAMELLIA256".
259 [Bodo Moeller]
260
357d5de5
NL		 261 *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
262 Use the leftmost N bytes of the signature input if the input is
263 larger than the prime q (with N being the size in bytes of q).
264 [Nils Larsch]
265
11d8cdc6
DSH		 266 *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
267 it yet and it is largely untested.
268 [Steve Henson]
269
06e2dd03
NL		 270 *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
271 [Nils Larsch]
272
de121164 273 *) Initial incomplete changes to avoid need for function casts in OpenSSL
297e6f19 274 some compilers (gcc 4.2 and later) reject their use. Safestack is
a6fbcb42 275 reimplemented. Update ASN1 to avoid use of legacy functions.
de121164
DSH		 276 [Steve Henson]
277
3189772e
AP		 278 *) Win32/64 targets are linked with Winsock2.
279 [Andy Polyakov]
280
010fa0b3
DSH		 281 *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
282 to external functions. This can be used to increase CRL handling
283 efficiency especially when CRLs are very large by (for example) storing
284 the CRL revoked certificates in a database.
285 [Steve Henson]
286
5d20c4fb
DSH		 287 *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
288 new CRLs added to a directory can be used. New command line option
289 -verify_return_error to s_client and s_server. This causes real errors
290 to be returned by the verify callback instead of carrying on no matter
291 what. This reflects the way a "real world" verify callback would behave.
292 [Steve Henson]
293
294 *) GOST engine, supporting several GOST algorithms and public key formats.
295 Kindly donated by Cryptocom.
296 [Cryptocom]
297
bc7535bc
DSH		 298 *) Partial support for Issuing Distribution Point CRL extension. CRLs
299 partitioned by DP are handled but no indirect CRL or reason partitioning
300 (yet). Complete overhaul of CRL handling: now the most suitable CRL is
301 selected via a scoring technique which handles IDP and AKID in CRLs.
302 [Steve Henson]
303
304 *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
305 will ultimately be used for all verify operations: this will remove the
306 X509_STORE dependency on certificate verification and allow alternative
307 lookup methods. X509_STORE based implementations of these two callbacks.
308 [Steve Henson]
309
f6e7d014
DSH		 310 *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
311 Modify get_crl() to find a valid (unexpired) CRL if possible.
312 [Steve Henson]
313
edc54021
DSH		 314 *) New function X509_CRL_match() to check if two CRLs are identical. Normally
315 this would be called X509_CRL_cmp() but that name is already used by
316 a function that just compares CRL issuer names. Cache several CRL
317 extensions in X509_CRL structure and cache CRLDP in X509.
318 [Steve Henson]
319
450ea834
DSH		 320 *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
321 this maps equivalent X509_NAME structures into a consistent structure.
322 Name comparison can then be performed rapidly using memcmp().
323 [Steve Henson]
324
454dbbc5
DSH		 325 *) Non-blocking OCSP request processing. Add -timeout option to ocsp
326 utility.
c1c6c0bf
DSH		 327 [Steve Henson]
328
b7683e3a
DSH		 329 *) Allow digests to supply their own micalg string for S/MIME type using
330 the ctrl EVP_MD_CTRL_MICALG.
331 [Steve Henson]
332
333 *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
334 EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
335 ctrl. It can then customise the structure before and/or after signing
336 if necessary.
337 [Steve Henson]
338
0ee2166c
DSH		 339 *) New function OBJ_add_sigid() to allow application defined signature OIDs
340 to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
341 to free up any added signature OIDs.
342 [Steve Henson]
343
5ba4bf35
DSH		 344 *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
345 EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
346 digest and cipher tables. New options added to openssl utility:
347 list-message-digest-algorithms and list-cipher-algorithms.
348 [Steve Henson]
349
48fc582f
BM		 350 *) In addition to the numerical (unsigned long) thread ID, provide
351 for a pointer (void *) thread ID. This helps accomodate systems
352 that do not provide an unsigned long thread ID. OpenSSL assumes
353 it is in the same thread iff both the numerical and the pointer
354 thread ID agree; so applications are just required to define one
355 of them appropriately (e.g., by using a pointer to a per-thread
356 memory object malloc()ed by the application for the pointer-type
357 thread ID). Exactly analoguous to the existing functions
358
359 void CRYPTO_set_id_callback(unsigned long (*func)(void));
360 unsigned long (*CRYPTO_get_id_callback(void))(void);
361 unsigned long CRYPTO_thread_id(void);
362
363 we now have additional functions
364
365 void CRYPTO_set_idptr_callback(void *(*func)(void));
366 void *(*CRYPTO_get_idptr_callback(void))(void);
367 void *CRYPTO_thread_idptr(void);
368
369 also in <openssl/crypto.h>. The default value for
370 CRYPTO_thread_idptr() if the application has not provided its own
371 callback is &errno.
372 [Bodo Moeller]
373
f7ccba3e
GT		 374 -- NOTE -- this change has been reverted and replaced with a
375 type-independent wrapper (ie. applications do not have to check
376 two type-specific thread ID representations as implied in this
377 change note). However, the "idptr" callback form described here
378 can still be registered. Please see the more recent CHANGES note
379 regarding CRYPTO_THREADID. [Geoff Thorpe]
380 -- NOTE --
381
c4e7870a
BM		 382 *) Change the array representation of binary polynomials: the list
383 of degrees of non-zero coefficients is now terminated with -1.
384 Previously it was terminated with 0, which was also part of the
385 value; thus, the array representation was not applicable to
386 polynomials where t^0 has coefficient zero. This change makes
387 the array representation useful in a more general context.
388 [Douglas Stebila]
389
89bbe14c
BM		 390 *) Various modifications and fixes to SSL/TLS cipher string
391 handling. For ECC, the code now distinguishes between fixed ECDH
392 with RSA certificates on the one hand and with ECDSA certificates
393 on the other hand, since these are separate ciphersuites. The
394 unused code for Fortezza ciphersuites has been removed.
395
396 For consistency with EDH, ephemeral ECDH is now called "EECDH"
397 (not "ECDHE"). For consistency with the code for DH
398 certificates, use of ECDH certificates is now considered ECDH
399 authentication, not RSA or ECDSA authentication (the latter is
400 merely the CA's signing algorithm and not actively used in the
401 protocol).
402
403 The temporary ciphersuite alias "ECCdraft" is no longer
404 available, and ECC ciphersuites are no longer excluded from "ALL"
405 and "DEFAULT". The following aliases now exist for RFC 4492
406 ciphersuites, most of these by analogy with the DH case:
407
408 kECDHr - ECDH cert, signed with RSA
409 kECDHe - ECDH cert, signed with ECDSA
410 kECDH - ECDH cert (signed with either RSA or ECDSA)
411 kEECDH - ephemeral ECDH
412 ECDH - ECDH cert or ephemeral ECDH
413
414 aECDH - ECDH cert
415 aECDSA - ECDSA cert
416 ECDSA - ECDSA cert
417
418 AECDH - anonymous ECDH
419 EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
420
421 [Bodo Moeller]
422
fb7b3932
DSH		 423 *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
424 Use correct micalg parameters depending on digest(s) in signed message.
425 [Steve Henson]
426
01b8b3c7
DSH		 427 *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
428 an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
429 [Steve Henson]
de9fcfe3 430
58aa573a 431 *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
c9777d26
DSH		 432 an engine to register a method. Add ENGINE lookups for methods and
433 functional reference processing.
58aa573a
DSH		 434 [Steve Henson]
435
91c9e621
DSH		 436 *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
437 EVP_{Sign,Verify}* which allow an application to customise the signature
438 process.
439 [Steve Henson]
440
55311921
DSH		 441 *) New -resign option to smime utility. This adds one or more signers
442 to an existing PKCS#7 signedData structure. Also -md option to use an
443 alternative message digest algorithm for signing.
444 [Steve Henson]
445
a6e7fcd1
DSH		 446 *) Tidy up PKCS#7 routines and add new functions to make it easier to
447 create PKCS7 structures containing multiple signers. Update smime
448 application to support multiple signers.
449 [Steve Henson]
450
121dd39f
DSH		 451 *) New -macalg option to pkcs12 utility to allow setting of an alternative
452 digest MAC.
453 [Steve Henson]
454
856640b5 455 *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
b8f702a0 456 Reorganize PBE internals to lookup from a static table using NIDs,
6d3a1eac
DSH		 457 add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
458 EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
459 PRF which will be automatically used with PBES2.
856640b5
DSH		 460 [Steve Henson]
461
34b3c72e 462 *) Replace the algorithm specific calls to generate keys in "req" with the
959e8dfe
DSH		 463 new API.
464 [Steve Henson]
465
399a6f0b
DSH		 466 *) Update PKCS#7 enveloped data routines to use new API. This is now
467 supported by any public key method supporting the encrypt operation. A
468 ctrl is added to allow the public key algorithm to examine or modify
469 the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
470 a no op.
471 [Steve Henson]
28e4fe34 472
03919683
DSH		 473 *) Add a ctrl to asn1 method to allow a public key algorithm to express
474 a default digest type to use. In most cases this will be SHA1 but some
475 algorithms (such as GOST) need to specify an alternative digest. The
476 return value indicates how strong the prefernce is 1 means optional and
477 2 is mandatory (that is it is the only supported type). Modify
478 ASN1_item_sign() to accept a NULL digest argument to indicate it should
479 use the default md. Update openssl utilities to use the default digest
480 type for signing if it is not explicitly indicated.
481 [Steve Henson]
482
ee1d9ec0
DSH		 483 *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New
484 EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
485 signing method from the key type. This effectively removes the link
486 between digests and public key types.
487 [Steve Henson]
488
d2027098
DSH		 489 *) Add an OID cross reference table and utility functions. Its purpose is to
490 translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
491 rsaEncryption. This will allow some of the algorithm specific hackery
492 needed to use the correct OID to be removed.
493 [Steve Henson]
494
492a9e24
DSH		 495 *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
496 structures for PKCS7_sign(). They are now set up by the relevant public
497 key ASN1 method.
498 [Steve Henson]
499
9ca7047d
DSH		 500 *) Add provisional EC pkey method with support for ECDSA and ECDH.
501 [Steve Henson]
502
ffb1ac67
DSH		 503 *) Add support for key derivation (agreement) in the API, DH method and
504 pkeyutl.
505 [Steve Henson]
506
3ba0885a
DSH		 507 *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
508 public and private key formats. As a side effect these add additional
509 command line functionality not previously available: DSA signatures can be
510 generated and verified using pkeyutl and DH key support and generation in
511 pkey, genpkey.
512 [Steve Henson]
513
4700aea9
UM		 514 *) BeOS support.
515 [Oliver Tappe <zooey@hirschkaefer.de>]
516
517 *) New make target "install_html_docs" installs HTML renditions of the
518 manual pages.
519 [Oliver Tappe <zooey@hirschkaefer.de>]
520
f5cda4cb
DSH		 521 *) New utility "genpkey" this is analagous to "genrsa" etc except it can
522 generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
523 support key and parameter generation and add initial key generation
524 functionality for RSA.
525 [Steve Henson]
526
f733a5ef
DSH		 527 *) Add functions for main EVP_PKEY_method operations. The undocumented
528 functions EVP_PKEY_{encrypt,decrypt} have been renamed to
529 EVP_PKEY_{encrypt,decrypt}_old.
530 [Steve Henson]
531
0b6f3c66
DSH		 532 *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
533 key API, doesn't do much yet.
534 [Steve Henson]
535
0b33dac3
DSH		 536 *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
537 public key algorithms. New option to openssl utility:
538 "list-public-key-algorithms" to print out info.
539 [Steve Henson]
540
33273721
BM		 541 *) Implement the Supported Elliptic Curves Extension for
542 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
543 [Douglas Stebila]
544
246e0931
DSH		 545 *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
546 EVP_CIPHER structures to avoid later problems in EVP_cleanup().
547 [Steve Henson]
548
3e4585c8 549 *) New utilities pkey and pkeyparam. These are similar to algorithm specific
f5cda4cb 550 utilities such as rsa, dsa, dsaparam etc except they process any key
3e4585c8 551 type.
3e84b6e1
DSH		 552 [Steve Henson]
553
35208f36
DSH		 554 *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
555 functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
556 EVP_PKEY_print_param() to print public key data from an EVP_PKEY
557 structure.
558 [Steve Henson]
559
448be743
DSH		 560 *) Initial support for pluggable public key ASN1.
561 De-spaghettify the public key ASN1 handling. Move public and private
562 key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
563 algorithm specific handling to a single module within the relevant
564 algorithm directory. Add functions to allow (near) opaque processing
565 of public and private key structures.
566 [Steve Henson]
567
36ca4ba6
BM		 568 *) Implement the Supported Point Formats Extension for
569 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
570 [Douglas Stebila]
571
ddac1974
NL		 572 *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
573 for the psk identity [hint] and the psk callback functions to the
574 SSL_SESSION, SSL and SSL_CTX structure.
575
576 New ciphersuites:
577 PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
578 PSK-AES256-CBC-SHA
579
580 New functions:
581 SSL_CTX_use_psk_identity_hint
582 SSL_get_psk_identity_hint
583 SSL_get_psk_identity
584 SSL_use_psk_identity_hint
585
586 [Mika Kousa and Pasi Eronen of Nokia Corporation]
587
c7235be6
UM		 588 *) Add RFC 3161 compliant time stamp request creation, response generation
589 and response verification functionality.
590