]> git.ipfire.org Git - thirdparty/openssl.git/blame - CHANGES
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Policy validation fixes.
[thirdparty/openssl.git] / CHANGES
CommitLineData
81a6c781 1
f1c236f8 2 OpenSSL CHANGES
651d0aff
RE		 3 _______________
4
8528128b 5 Changes between 0.9.8i and 0.9.9 [xx XXX xxxx]
3ff55e96 6
5ce278a7
BL		 7 *) Removed effectively defunct crypto/store from the build.
8 [Ben Laurie]
9
10 *) Revamp of STACK to provide stronger type-checking. Still to come:
11 TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
12 ASN1_STRING, CONF_VALUE.
13 [Ben Laurie]
14
8671b898
BL		 15 *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
16 RAM on SSL connections. This option can save about 34k per idle SSL.
17 [Nick Mathewson]
18
3c1d6bbc
BL		 19 *) Revamp of LHASH to provide stronger type-checking. Still to come:
20 STACK, TXT_DB, bsearch, qsort.
21 [Ben Laurie]
22
8931b30d
DSH		 23 *) Initial support for Cryptographic Message Syntax (aka CMS) based
24 on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
fd47c361 25 support for data, signedData, compressedData, digestedData and
eb9d8d8c
DSH		 26 encryptedData, envelopedData types included. Scripts to check against
27 RFC4134 examples draft and interop and consistency checks of many
28 content types and variants.
8931b30d
DSH		 29 [Steve Henson]
30
3df93571 31 *) Add options to enc utility to support use of zlib compression BIO.
8931b30d
DSH		 32 [Steve Henson]
33
73980531
DSH		 34 *) Extend mk1mf to support importing of options and assembly language
35 files from Configure script, currently only included in VC-WIN32.
36 The assembly language rules can now optionally generate the source
37 files from the associated perl scripts.
38 [Steve Henson]
39
0e1dba93
DSH		 40 *) Implement remaining functionality needed to support GOST ciphersuites.
41 Interop testing has been performed using CryptoPro implementations.
42 [Victor B. Wagner <vitus@cryptocom.ru>]
43
0023adb4
AP		 44 *) s390x assembler pack.
45 [Andy Polyakov]
46
4c7c5ff6
AP		 47 *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
48 "family."
49 [Andy Polyakov]
50
761772d7
BM		 51 *) Implement Opaque PRF Input TLS extension as specified in
52 draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an
53 official specification yet and no extension type assignment by
54 IANA exists, this extension (for now) will have to be explicitly
55 enabled when building OpenSSL by providing the extension number
56 to use. For example, specify an option
57
58 -DTLSEXT_TYPE_opaque_prf_input=0x9527
59
60 to the "config" or "Configure" script to enable the extension,
61 assuming extension number 0x9527 (which is a completely arbitrary
62 and unofficial assignment based on the MD5 hash of the Internet
63 Draft). Note that by doing so, you potentially lose
64 interoperability with other TLS implementations since these might
65 be using the same extension number for other purposes.
66
67 SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
68 opaque PRF input value to use in the handshake. This will create
69 an interal copy of the length-'len' string at 'src', and will
70 return non-zero for success.
71
72 To get more control and flexibility, provide a callback function
73 by using
74
75 SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
76 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
77
78 where
79
80 int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
81 void *arg;
82
83 Callback function 'cb' will be called in handshakes, and is
84 expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
85 Argument 'arg' is for application purposes (the value as given to
86 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
87 be provided to the callback function). The callback function
88 has to return non-zero to report success: usually 1 to use opaque
89 PRF input just if possible, or 2 to enforce use of the opaque PRF
90 input. In the latter case, the library will abort the handshake
91 if opaque PRF input is not successfully negotiated.
92
93 Arguments 'peerinput' and 'len' given to the callback function
94 will always be NULL and 0 in the case of a client. A server will
95 see the client's opaque PRF input through these variables if
96 available (NULL and 0 otherwise). Note that if the server
97 provides an opaque PRF input, the length must be the same as the
98 length of the client's opaque PRF input.
99
100 Note that the callback function will only be called when creating
101 a new session (session resumption can resume whatever was
102 previously negotiated), and will not be called in SSL 2.0
103 handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
104 SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
105 for applications that need to enforce opaque PRF input.
106
107 [Bodo Moeller]
108
81025661
DSH		 109 *) Update ssl code to support digests other than SHA1+MD5 for handshake
110 MAC.
111
112 [Victor B. Wagner <vitus@cryptocom.ru>]
113
6434abbf
DSH		 114 *) Add RFC4507 support to OpenSSL. This includes the corrections in
115 RFC4507bis. The encrypted ticket format is an encrypted encoded
116 SSL_SESSION structure, that way new session features are automatically
117 supported.
118
ba0e826d
DSH		 119 If a client application caches session in an SSL_SESSION structure
120 support is transparent because tickets are now stored in the encoded
121 SSL_SESSION.
122
123 The SSL_CTX structure automatically generates keys for ticket
124 protection in servers so again support should be possible
6434abbf
DSH		 125 with no application modification.
126
127 If a client or server wishes to disable RFC4507 support then the option
128 SSL_OP_NO_TICKET can be set.
129
130 Add a TLS extension debugging callback to allow the contents of any client
131 or server extensions to be examined.
ec5d7473
DSH		 132
133 This work was sponsored by Google.
6434abbf
DSH		 134 [Steve Henson]
135
3c07d3a3
DSH		 136 *) Final changes to avoid use of pointer pointer casts in OpenSSL.
137 OpenSSL should now compile cleanly on gcc 4.2
138 [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
139
b948e2c5
DSH		 140 *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
141 support including streaming MAC support: this is required for GOST
142 ciphersuite support.
143 [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
144
9cfc8a9d
DSH		 145 *) Add option -stream to use PKCS#7 streaming in smime utility. New
146 function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
147 to output in BER and PEM format.
148 [Steve Henson]
149
47b71e6e
DSH		 150 *) Experimental support for use of HMAC via EVP_PKEY interface. This
151 allows HMAC to be handled via the EVP_DigestSign*() interface. The
152 EVP_PKEY "key" in this case is the HMAC key, potentially allowing
2022cfe0
DSH		 153 ENGINE support for HMAC keys which are unextractable. New -mac and
154 -macopt options to dgst utility.
47b71e6e
DSH		 155 [Steve Henson]
156
d952c79a
DSH		 157 *) New option -sigopt to dgst utility. Update dgst to use
158 EVP_Digest{Sign,Verify}*. These two changes make it possible to use
159 alternative signing paramaters such as X9.31 or PSS in the dgst
160 utility.
161 [Steve Henson]
162
fd5bc65c
BM		 163 *) Change ssl_cipher_apply_rule(), the internal function that does
164 the work each time a ciphersuite string requests enabling
165 ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
166 removing ("!foo+bar") a class of ciphersuites: Now it maintains
167 the order of disabled ciphersuites such that those ciphersuites
168 that most recently went from enabled to disabled not only stay
169 in order with respect to each other, but also have higher priority
170 than other disabled ciphersuites the next time ciphersuites are
171 enabled again.
172
173 This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
174 the same ciphersuites as with "HIGH" alone, but in a specific
175 order where the PSK ciphersuites come first (since they are the
176 most recently disabled ciphersuites when "HIGH" is parsed).
177
178 Also, change ssl_create_cipher_list() (using this new
179 funcionality) such that between otherwise identical
180 cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
181 the default order.
182 [Bodo Moeller]
183
0a05123a
BM		 184 *) Change ssl_create_cipher_list() so that it automatically
185 arranges the ciphersuites in reasonable order before starting
186 to process the rule string. Thus, the definition for "DEFAULT"
187 (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
188 remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
189 This makes it much easier to arrive at a reasonable default order
190 in applications for which anonymous ciphers are OK (meaning
191 that you can't actually use DEFAULT).
192 [Bodo Moeller; suggested by Victor Duchovni]
193
52b8dad8
BM		 194 *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
195 processing) into multiple integers instead of setting
196 "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
197 "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
198 (These masks as well as the individual bit definitions are hidden
199 away into the non-exported interface ssl/ssl_locl.h, so this
200 change to the definition of the SSL_CIPHER structure shouldn't
201 affect applications.) This give us more bits for each of these
202 categories, so there is no longer a need to coagulate AES128 and
203 AES256 into a single algorithm bit, and to coagulate Camellia128
204 and Camellia256 into a single algorithm bit, which has led to all
205 kinds of kludges.
206
207 Thus, among other things, the kludge introduced in 0.9.7m and
208 0.9.8e for masking out AES256 independently of AES128 or masking
209 out Camellia256 independently of AES256 is not needed here in 0.9.9.
210
211 With the change, we also introduce new ciphersuite aliases that
212 so far were missing: "AES128", "AES256", "CAMELLIA128", and
213 "CAMELLIA256".
214 [Bodo Moeller]
215
357d5de5
NL		 216 *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
217 Use the leftmost N bytes of the signature input if the input is
218 larger than the prime q (with N being the size in bytes of q).
219 [Nils Larsch]
220
11d8cdc6
DSH		 221 *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
222 it yet and it is largely untested.
223 [Steve Henson]
224
06e2dd03
NL		 225 *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
226 [Nils Larsch]
227
de121164 228 *) Initial incomplete changes to avoid need for function casts in OpenSSL
297e6f19 229 some compilers (gcc 4.2 and later) reject their use. Safestack is
a6fbcb42 230 reimplemented. Update ASN1 to avoid use of legacy functions.
de121164
DSH		 231 [Steve Henson]
232
3189772e
AP		 233 *) Win32/64 targets are linked with Winsock2.
234 [Andy Polyakov]
235
010fa0b3
DSH		 236 *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
237 to external functions. This can be used to increase CRL handling
238 efficiency especially when CRLs are very large by (for example) storing
239 the CRL revoked certificates in a database.
240 [Steve Henson]
241
5d20c4fb
DSH		 242 *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
243 new CRLs added to a directory can be used. New command line option
244 -verify_return_error to s_client and s_server. This causes real errors
245 to be returned by the verify callback instead of carrying on no matter
246 what. This reflects the way a "real world" verify callback would behave.
247 [Steve Henson]
248
249 *) GOST engine, supporting several GOST algorithms and public key formats.
250 Kindly donated by Cryptocom.
251 [Cryptocom]
252
bc7535bc
DSH		 253 *) Partial support for Issuing Distribution Point CRL extension. CRLs
254 partitioned by DP are handled but no indirect CRL or reason partitioning
255 (yet). Complete overhaul of CRL handling: now the most suitable CRL is
256 selected via a scoring technique which handles IDP and AKID in CRLs.
257 [Steve Henson]
258
259 *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
260 will ultimately be used for all verify operations: this will remove the
261 X509_STORE dependency on certificate verification and allow alternative
262 lookup methods. X509_STORE based implementations of these two callbacks.
263 [Steve Henson]
264
f6e7d014
DSH		 265 *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
266 Modify get_crl() to find a valid (unexpired) CRL if possible.
267 [Steve Henson]
268
edc54021
DSH		 269 *) New function X509_CRL_match() to check if two CRLs are identical. Normally
270 this would be called X509_CRL_cmp() but that name is already used by
271 a function that just compares CRL issuer names. Cache several CRL
272 extensions in X509_CRL structure and cache CRLDP in X509.
273 [Steve Henson]
274
450ea834
DSH		 275 *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
276 this maps equivalent X509_NAME structures into a consistent structure.
277 Name comparison can then be performed rapidly using memcmp().
278 [Steve Henson]
279
454dbbc5
DSH		 280 *) Non-blocking OCSP request processing. Add -timeout option to ocsp
281 utility.
c1c6c0bf
DSH		 282 [Steve Henson]
283
b7683e3a
DSH		 284 *) Allow digests to supply their own micalg string for S/MIME type using
285 the ctrl EVP_MD_CTRL_MICALG.
286 [Steve Henson]
287
288 *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
289 EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
290 ctrl. It can then customise the structure before and/or after signing
291 if necessary.
292 [Steve Henson]
293
0ee2166c
DSH		 294 *) New function OBJ_add_sigid() to allow application defined signature OIDs
295 to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
296 to free up any added signature OIDs.
297 [Steve Henson]
298
5ba4bf35
DSH		 299 *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
300 EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
301 digest and cipher tables. New options added to openssl utility:
302 list-message-digest-algorithms and list-cipher-algorithms.
303 [Steve Henson]
304
48fc582f
BM		 305 *) In addition to the numerical (unsigned long) thread ID, provide
306 for a pointer (void *) thread ID. This helps accomodate systems
307 that do not provide an unsigned long thread ID. OpenSSL assumes
308 it is in the same thread iff both the numerical and the pointer
309 thread ID agree; so applications are just required to define one
310 of them appropriately (e.g., by using a pointer to a per-thread
311 memory object malloc()ed by the application for the pointer-type
312 thread ID). Exactly analoguous to the existing functions
313
314 void CRYPTO_set_id_callback(unsigned long (*func)(void));
315 unsigned long (*CRYPTO_get_id_callback(void))(void);
316 unsigned long CRYPTO_thread_id(void);
317
318 we now have additional functions
319
320 void CRYPTO_set_idptr_callback(void *(*func)(void));
321 void *(*CRYPTO_get_idptr_callback(void))(void);
322 void *CRYPTO_thread_idptr(void);
323
324 also in <openssl/crypto.h>. The default value for
325 CRYPTO_thread_idptr() if the application has not provided its own
326 callback is &errno.
327 [Bodo Moeller]
328
c4e7870a
BM		 329 *) Change the array representation of binary polynomials: the list
330 of degrees of non-zero coefficients is now terminated with -1.
331 Previously it was terminated with 0, which was also part of the
332 value; thus, the array representation was not applicable to
333 polynomials where t^0 has coefficient zero. This change makes
334 the array representation useful in a more general context.
335 [Douglas Stebila]
336
89bbe14c
BM		 337 *) Various modifications and fixes to SSL/TLS cipher string
338 handling. For ECC, the code now distinguishes between fixed ECDH
339 with RSA certificates on the one hand and with ECDSA certificates
340 on the other hand, since these are separate ciphersuites. The
341 unused code for Fortezza ciphersuites has been removed.
342
343 For consistency with EDH, ephemeral ECDH is now called "EECDH"
344 (not "ECDHE"). For consistency with the code for DH
345 certificates, use of ECDH certificates is now considered ECDH
346 authentication, not RSA or ECDSA authentication (the latter is
347 merely the CA's signing algorithm and not actively used in the
348 protocol).
349
350 The temporary ciphersuite alias "ECCdraft" is no longer
351 available, and ECC ciphersuites are no longer excluded from "ALL"
352 and "DEFAULT". The following aliases now exist for RFC 4492
353 ciphersuites, most of these by analogy with the DH case:
354
355 kECDHr - ECDH cert, signed with RSA
356 kECDHe - ECDH cert, signed with ECDSA
357 kECDH - ECDH cert (signed with either RSA or ECDSA)
358 kEECDH - ephemeral ECDH
359 ECDH - ECDH cert or ephemeral ECDH
360
361 aECDH - ECDH cert
362 aECDSA - ECDSA cert
363 ECDSA - ECDSA cert
364
365 AECDH - anonymous ECDH
366 EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
367
368 [Bodo Moeller]
369
fb7b3932
DSH		 370 *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
371 Use correct micalg parameters depending on digest(s) in signed message.
372 [Steve Henson]
373
01b8b3c7
DSH		 374 *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
375 an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
376 [Steve Henson]
de9fcfe3 377
58aa573a 378 *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
c9777d26
DSH		 379 an engine to register a method. Add ENGINE lookups for methods and
380 functional reference processing.
58aa573a
DSH		 381 [Steve Henson]
382
91c9e621
DSH		 383 *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
384 EVP_{Sign,Verify}* which allow an application to customise the signature
385 process.
386 [Steve Henson]
387
55311921
DSH		 388 *) New -resign option to smime utility. This adds one or more signers
389 to an existing PKCS#7 signedData structure. Also -md option to use an
390 alternative message digest algorithm for signing.
391 [Steve Henson]
392
a6e7fcd1
DSH		 393 *) Tidy up PKCS#7 routines and add new functions to make it easier to
394 create PKCS7 structures containing multiple signers. Update smime
395 application to support multiple signers.
396 [Steve Henson]
397
121dd39f
DSH		 398 *) New -macalg option to pkcs12 utility to allow setting of an alternative
399 digest MAC.
400 [Steve Henson]
401
856640b5 402 *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
b8f702a0 403 Reorganize PBE internals to lookup from a static table using NIDs,
6d3a1eac
DSH		 404 add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
405 EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
406 PRF which will be automatically used with PBES2.
856640b5
DSH		 407 [Steve Henson]
408
34b3c72e 409 *) Replace the algorithm specific calls to generate keys in "req" with the
959e8dfe
DSH		 410 new API.
411 [Steve Henson]
412
399a6f0b
DSH		 413 *) Update PKCS#7 enveloped data routines to use new API. This is now
414 supported by any public key method supporting the encrypt operation. A
415 ctrl is added to allow the public key algorithm to examine or modify
416 the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
417 a no op.
418 [Steve Henson]
28e4fe34 419
03919683
DSH		 420 *) Add a ctrl to asn1 method to allow a public key algorithm to express
421 a default digest type to use. In most cases this will be SHA1 but some
422 algorithms (such as GOST) need to specify an alternative digest. The
423 return value indicates how strong the prefernce is 1 means optional and
424 2 is mandatory (that is it is the only supported type). Modify
425 ASN1_item_sign() to accept a NULL digest argument to indicate it should
426 use the default md. Update openssl utilities to use the default digest
427 type for signing if it is not explicitly indicated.
428 [Steve Henson]
429
ee1d9ec0
DSH		 430 *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New
431 EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
432 signing method from the key type. This effectively removes the link
433 between digests and public key types.
434 [Steve Henson]
435
d2027098
DSH		 436 *) Add an OID cross reference table and utility functions. Its purpose is to
437 translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
438 rsaEncryption. This will allow some of the algorithm specific hackery
439 needed to use the correct OID to be removed.
440 [Steve Henson]
441
492a9e24
DSH		 442 *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
443 structures for PKCS7_sign(). They are now set up by the relevant public
444 key ASN1 method.
445 [Steve Henson]
446
9ca7047d
DSH		 447 *) Add provisional EC pkey method with support for ECDSA and ECDH.
448 [Steve Henson]
449
ffb1ac67
DSH		 450 *) Add support for key derivation (agreement) in the API, DH method and
451 pkeyutl.
452 [Steve Henson]
453
3ba0885a
DSH		 454 *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
455 public and private key formats. As a side effect these add additional
456 command line functionality not previously available: DSA signatures can be
457 generated and verified using pkeyutl and DH key support and generation in
458 pkey, genpkey.
459 [Steve Henson]
460
4700aea9
UM		 461 *) BeOS support.
462 [Oliver Tappe <zooey@hirschkaefer.de>]
463
464 *) New make target "install_html_docs" installs HTML renditions of the
465 manual pages.
466 [Oliver Tappe <zooey@hirschkaefer.de>]
467
f5cda4cb
DSH		 468 *) New utility "genpkey" this is analagous to "genrsa" etc except it can
469 generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
470 support key and parameter generation and add initial key generation
471 functionality for RSA.
472 [Steve Henson]
473
f733a5ef
DSH		 474 *) Add functions for main EVP_PKEY_method operations. The undocumented
475 functions EVP_PKEY_{encrypt,decrypt} have been renamed to
476 EVP_PKEY_{encrypt,decrypt}_old.
477 [Steve Henson]
478
0b6f3c66
DSH		 479 *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
480 key API, doesn't do much yet.
481 [Steve Henson]
482
0b33dac3
DSH		 483 *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
484 public key algorithms. New option to openssl utility:
485 "list-public-key-algorithms" to print out info.
486 [Steve Henson]
487
33273721
BM		 488 *) Implement the Supported Elliptic Curves Extension for
489 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
490 [Douglas Stebila]
491
246e0931
DSH		 492 *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
493 EVP_CIPHER structures to avoid later problems in EVP_cleanup().
494 [Steve Henson]
495
3e4585c8 496 *) New utilities pkey and pkeyparam. These are similar to algorithm specific
f5cda4cb 497 utilities such as rsa, dsa, dsaparam etc except they process any key
3e4585c8 498 type.
3e84b6e1
DSH		 499 [Steve Henson]
500
35208f36
DSH		 501 *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
502 functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
503 EVP_PKEY_print_param() to print public key data from an EVP_PKEY
504 structure.
505 [Steve Henson]
506
448be743
DSH		 507 *) Initial support for pluggable public key ASN1.
508 De-spaghettify the public key ASN1 handling. Move public and private
509 key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
510 algorithm specific handling to a single module within the relevant
511 algorithm directory. Add functions to allow (near) opaque processing
512 of public and private key structures.
513 [Steve Henson]
514
36ca4ba6
BM		 515 *) Implement the Supported Point Formats Extension for
516 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
517 [Douglas Stebila]
518
ddac1974
NL		 519 *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
520 for the psk identity [hint] and the psk callback functions to the
521 SSL_SESSION, SSL and SSL_CTX structure.
522
523 New ciphersuites:
524 PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
525 PSK-AES256-CBC-SHA
526
527 New functions:
528 SSL_CTX_use_psk_identity_hint
529 SSL_get_psk_identity_hint
530 SSL_get_psk_identity
531 SSL_use_psk_identity_hint
532
533 [Mika Kousa and Pasi Eronen of Nokia Corporation]
534
c7235be6
UM		 535 *) Add RFC 3161 compliant time stamp request creation, response generation
536 and response verification functionality.
537