]> git.ipfire.org Git - thirdparty/openssl.git/blame - CHANGES
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add missing CHANGES entry.
[thirdparty/openssl.git] / CHANGES
CommitLineData
81a6c781 1
f1c236f8 2 OpenSSL CHANGES
651d0aff
RE		 3 _______________
4
8528128b 5 Changes between 0.9.8i and 0.9.9 [xx XXX xxxx]
3ff55e96 6
d43c4497
DSH		 7 *) Delta CRL support. New use deltas option which will attempt to locate
8 and search any appropriate delta CRLs available.
9
10 This work was sponsored by Google.
11 [Steve Henson]
12
4b96839f
DSH		 13 *) Support for CRLs partitioned by reason code. Reorganise CRL processing
14 code and add additional score elements. Validate alternate CRL paths
15 as part of the CRL checking and indicate a new error "CRL path validation
16 error" in this case. Applications wanting additional details can use
17 the verify callback and check the new "parent" field. If this is not
18 NULL CRL path validation is taking place. Existing applications wont
19 see this because it requires extended CRL support which is off by
20 default.
21
22 This work was sponsored by Google.
23 [Steve Henson]
24
249a77f5
DSH		 25 *) Support for freshest CRL extension.
26
27 This work was sponsored by Google.
28 [Steve Henson]
29
d0fff69d
DSH		 30 *) Initial indirect CRL support. Currently only supported in the CRLs
31 passed directly and not via lookup. Process certificate issuer
32 CRL entry extension and lookup CRL entries by bother issuer name
4b96839f 33 and serial number. Check and process CRL issuer entry in IDP extension.
d0fff69d
DSH		 34
35 This work was sponsored by Google.
36 [Steve Henson]
37
9d84d4ed
DSH		 38 *) Add support for distinct certificate and CRL paths. The CRL issuer
39 certificate is validated separately in this case. Only enabled if
40 an extended CRL support flag is set: this flag will enable additional
41 CRL functionality in future.
42
43 This work was sponsored by Google.
44 [Steve Henson]
9d84d4ed 45
002e66c0
DSH		 46 *) Add support for policy mappings extension.
47
48 This work was sponsored by Google.
49 [Steve Henson]
50
e9746e03
DSH		 51 *) Fixes to pathlength constraint, self issued certificate handling,
52 policy processing to align with RFC3280 and PKITS tests.
53
54 This work was sponsored by Google.
55 [Steve Henson]
56
57 *) Support for name constraints certificate extension. DN, email, DNS
58 and URI types are currently supported.
59
60 This work was sponsored by Google.
61 [Steve Henson]
62
4c329696
GT		 63 *) To cater for systems that provide a pointer-based thread ID rather
64 than numeric, deprecate the current numeric thread ID mechanism and
65 replace it with a structure and associated callback type. This
66 mechanism allows a numeric "hash" to be extracted from a thread ID in
67 either case, and on platforms where pointers are larger than 'long',
68 mixing is done to help ensure the numeric 'hash' is usable even if it
69 can't be guaranteed unique. The default mechanism is to use "&errno"
70 as a pointer-based thread ID to distinguish between threads.
71
72 Applications that want to provide their own thread IDs should now use
73 CRYPTO_THREADID_set_callback() to register a callback that will call
74 either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
75
2ecd2ede
BM		 76 Note that ERR_remove_state() is now deprecated, because it is tied
77 to the assumption that thread IDs are numeric. ERR_remove_state(0)
78 to free the current thread's error state should be replaced by
79 ERR_remove_thread_state(NULL).
80
4c329696
GT		 81 (This new approach replaces the functions CRYPTO_set_idptr_callback(),
82 CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
83 OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
84 application was previously providing a numeric thread callback that
85 was inappropriate for distinguishing threads, then uniqueness might
86 have been obtained with &errno that happened immediately in the
87 intermediate development versions of OpenSSL; this is no longer the
88 case, the numeric thread callback will now override the automatic use
89 of &errno.)
90 [Geoff Thorpe, with help from Bodo Moeller]
91
5cbd2033
DSH		 92 *) Initial support for different CRL issuing certificates. This covers a
93 simple case where the self issued certificates in the chain exist and
94 the real CRL issuer is higher in the existing chain.
e9746e03
DSH		 95
96 This work was sponsored by Google.
5cbd2033
DSH		 97 [Steve Henson]
98
5ce278a7
BL		 99 *) Removed effectively defunct crypto/store from the build.
100 [Ben Laurie]
101
102 *) Revamp of STACK to provide stronger type-checking. Still to come:
103 TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
104 ASN1_STRING, CONF_VALUE.
105 [Ben Laurie]
106
8671b898
BL		 107 *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
108 RAM on SSL connections. This option can save about 34k per idle SSL.
109 [Nick Mathewson]
110
3c1d6bbc
BL		 111 *) Revamp of LHASH to provide stronger type-checking. Still to come:
112 STACK, TXT_DB, bsearch, qsort.
113 [Ben Laurie]
114
8931b30d
DSH		 115 *) Initial support for Cryptographic Message Syntax (aka CMS) based
116 on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
fd47c361 117 support for data, signedData, compressedData, digestedData and
eb9d8d8c
DSH		 118 encryptedData, envelopedData types included. Scripts to check against
119 RFC4134 examples draft and interop and consistency checks of many
120 content types and variants.
8931b30d
DSH		 121 [Steve Henson]
122
3df93571 123 *) Add options to enc utility to support use of zlib compression BIO.
8931b30d
DSH		 124 [Steve Henson]
125
73980531
DSH		 126 *) Extend mk1mf to support importing of options and assembly language
127 files from Configure script, currently only included in VC-WIN32.
128 The assembly language rules can now optionally generate the source
129 files from the associated perl scripts.
130 [Steve Henson]
131
0e1dba93
DSH		 132 *) Implement remaining functionality needed to support GOST ciphersuites.
133 Interop testing has been performed using CryptoPro implementations.
134 [Victor B. Wagner <vitus@cryptocom.ru>]
135
0023adb4
AP		 136 *) s390x assembler pack.
137 [Andy Polyakov]
138
4c7c5ff6
AP		 139 *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
140 "family."
141 [Andy Polyakov]
142
761772d7
BM		 143 *) Implement Opaque PRF Input TLS extension as specified in
144 draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an
145 official specification yet and no extension type assignment by
146 IANA exists, this extension (for now) will have to be explicitly
147 enabled when building OpenSSL by providing the extension number
148 to use. For example, specify an option
149
150 -DTLSEXT_TYPE_opaque_prf_input=0x9527
151
152 to the "config" or "Configure" script to enable the extension,
153 assuming extension number 0x9527 (which is a completely arbitrary
154 and unofficial assignment based on the MD5 hash of the Internet
155 Draft). Note that by doing so, you potentially lose
156 interoperability with other TLS implementations since these might
157 be using the same extension number for other purposes.
158
159 SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
160 opaque PRF input value to use in the handshake. This will create
161 an interal copy of the length-'len' string at 'src', and will
162 return non-zero for success.
163
164 To get more control and flexibility, provide a callback function
165 by using
166
167 SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
168 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
169
170 where
171
172 int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
173 void *arg;
174
175 Callback function 'cb' will be called in handshakes, and is
176 expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
177 Argument 'arg' is for application purposes (the value as given to
178 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
179 be provided to the callback function). The callback function
180 has to return non-zero to report success: usually 1 to use opaque
181 PRF input just if possible, or 2 to enforce use of the opaque PRF
182 input. In the latter case, the library will abort the handshake
183 if opaque PRF input is not successfully negotiated.
184
185 Arguments 'peerinput' and 'len' given to the callback function
186 will always be NULL and 0 in the case of a client. A server will
187 see the client's opaque PRF input through these variables if
188 available (NULL and 0 otherwise). Note that if the server
189 provides an opaque PRF input, the length must be the same as the
190 length of the client's opaque PRF input.
191
192 Note that the callback function will only be called when creating
193 a new session (session resumption can resume whatever was
194 previously negotiated), and will not be called in SSL 2.0
195 handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
196 SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
197 for applications that need to enforce opaque PRF input.
198
199 [Bodo Moeller]
200
81025661
DSH		 201 *) Update ssl code to support digests other than SHA1+MD5 for handshake
202 MAC.
203
204 [Victor B. Wagner <vitus@cryptocom.ru>]
205
6434abbf
DSH		 206 *) Add RFC4507 support to OpenSSL. This includes the corrections in
207 RFC4507bis. The encrypted ticket format is an encrypted encoded
208 SSL_SESSION structure, that way new session features are automatically
209 supported.
210
ba0e826d
DSH		 211 If a client application caches session in an SSL_SESSION structure
212 support is transparent because tickets are now stored in the encoded
213 SSL_SESSION.
214
215 The SSL_CTX structure automatically generates keys for ticket
216 protection in servers so again support should be possible
6434abbf
DSH		 217 with no application modification.
218
219 If a client or server wishes to disable RFC4507 support then the option
220 SSL_OP_NO_TICKET can be set.
221
222 Add a TLS extension debugging callback to allow the contents of any client
223 or server extensions to be examined.
ec5d7473
DSH		 224
225 This work was sponsored by Google.
6434abbf
DSH		 226 [Steve Henson]
227
3c07d3a3
DSH		 228 *) Final changes to avoid use of pointer pointer casts in OpenSSL.
229 OpenSSL should now compile cleanly on gcc 4.2
230 [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
231
b948e2c5
DSH		 232 *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
233 support including streaming MAC support: this is required for GOST
234 ciphersuite support.
235 [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
236
9cfc8a9d
DSH		 237 *) Add option -stream to use PKCS#7 streaming in smime utility. New
238 function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
239 to output in BER and PEM format.
240 [Steve Henson]
241
47b71e6e
DSH		 242 *) Experimental support for use of HMAC via EVP_PKEY interface. This
243 allows HMAC to be handled via the EVP_DigestSign*() interface. The
244 EVP_PKEY "key" in this case is the HMAC key, potentially allowing
2022cfe0
DSH		 245 ENGINE support for HMAC keys which are unextractable. New -mac and
246 -macopt options to dgst utility.
47b71e6e
DSH		 247 [Steve Henson]
248
d952c79a
DSH		 249 *) New option -sigopt to dgst utility. Update dgst to use
250 EVP_Digest{Sign,Verify}*. These two changes make it possible to use
251 alternative signing paramaters such as X9.31 or PSS in the dgst
252 utility.
253 [Steve Henson]
254
fd5bc65c
BM		 255 *) Change ssl_cipher_apply_rule(), the internal function that does
256 the work each time a ciphersuite string requests enabling
257 ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
258 removing ("!foo+bar") a class of ciphersuites: Now it maintains
259 the order of disabled ciphersuites such that those ciphersuites
260 that most recently went from enabled to disabled not only stay
261 in order with respect to each other, but also have higher priority
262 than other disabled ciphersuites the next time ciphersuites are
263 enabled again.
264
265 This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
266 the same ciphersuites as with "HIGH" alone, but in a specific
267 order where the PSK ciphersuites come first (since they are the
268 most recently disabled ciphersuites when "HIGH" is parsed).
269
270 Also, change ssl_create_cipher_list() (using this new
271 funcionality) such that between otherwise identical
272 cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
273 the default order.
274 [Bodo Moeller]
275
0a05123a
BM		 276 *) Change ssl_create_cipher_list() so that it automatically
277 arranges the ciphersuites in reasonable order before starting
278 to process the rule string. Thus, the definition for "DEFAULT"
279 (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
280 remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
281 This makes it much easier to arrive at a reasonable default order
282 in applications for which anonymous ciphers are OK (meaning
283 that you can't actually use DEFAULT).
284 [Bodo Moeller; suggested by Victor Duchovni]
285
52b8dad8
BM		 286 *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
287 processing) into multiple integers instead of setting
288 "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
289 "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
290 (These masks as well as the individual bit definitions are hidden
291 away into the non-exported interface ssl/ssl_locl.h, so this
292 change to the definition of the SSL_CIPHER structure shouldn't
293 affect applications.) This give us more bits for each of these
294 categories, so there is no longer a need to coagulate AES128 and
295 AES256 into a single algorithm bit, and to coagulate Camellia128
296 and Camellia256 into a single algorithm bit, which has led to all
297 kinds of kludges.
298
299 Thus, among other things, the kludge introduced in 0.9.7m and
300 0.9.8e for masking out AES256 independently of AES128 or masking
301 out Camellia256 independently of AES256 is not needed here in 0.9.9.
302
303 With the change, we also introduce new ciphersuite aliases that
304 so far were missing: "AES128", "AES256", "CAMELLIA128", and
305 "CAMELLIA256".
306 [Bodo Moeller]
307
357d5de5
NL		 308 *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
309 Use the leftmost N bytes of the signature input if the input is
310 larger than the prime q (with N being the size in bytes of q).
311 [Nils Larsch]
312
11d8cdc6
DSH		 313 *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
314 it yet and it is largely untested.
315 [Steve Henson]
316
06e2dd03
NL		 317 *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
318 [Nils Larsch]
319
de121164 320 *) Initial incomplete changes to avoid need for function casts in OpenSSL
297e6f19 321 some compilers (gcc 4.2 and later) reject their use. Safestack is
a6fbcb42 322 reimplemented. Update ASN1 to avoid use of legacy functions.
de121164
DSH		 323 [Steve Henson]
324
3189772e
AP		 325 *) Win32/64 targets are linked with Winsock2.
326 [Andy Polyakov]
327
010fa0b3
DSH		 328 *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
329 to external functions. This can be used to increase CRL handling
330 efficiency especially when CRLs are very large by (for example) storing
331 the CRL revoked certificates in a database.
332 [Steve Henson]
333
5d20c4fb
DSH		 334 *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
335 new CRLs added to a directory can be used. New command line option
336 -verify_return_error to s_client and s_server. This causes real errors
337 to be returned by the verify callback instead of carrying on no matter
338 what. This reflects the way a "real world" verify callback would behave.
339 [Steve Henson]
340
341 *) GOST engine, supporting several GOST algorithms and public key formats.
342 Kindly donated by Cryptocom.
343 [Cryptocom]
344
bc7535bc
DSH		 345 *) Partial support for Issuing Distribution Point CRL extension. CRLs
346 partitioned by DP are handled but no indirect CRL or reason partitioning
347 (yet). Complete overhaul of CRL handling: now the most suitable CRL is
348 selected via a scoring technique which handles IDP and AKID in CRLs.
349 [Steve Henson]
350
351 *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
352 will ultimately be used for all verify operations: this will remove the
353 X509_STORE dependency on certificate verification and allow alternative
354 lookup methods. X509_STORE based implementations of these two callbacks.
355 [Steve Henson]
356
f6e7d014
DSH		 357 *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
358 Modify get_crl() to find a valid (unexpired) CRL if possible.
359 [Steve Henson]
360
edc54021
DSH		 361 *) New function X509_CRL_match() to check if two CRLs are identical. Normally
362 this would be called X509_CRL_cmp() but that name is already used by
363 a function that just compares CRL issuer names. Cache several CRL
364 extensions in X509_CRL structure and cache CRLDP in X509.
365 [Steve Henson]
366
450ea834
DSH		 367 *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
368 this maps equivalent X509_NAME structures into a consistent structure.
369 Name comparison can then be performed rapidly using memcmp().
370 [Steve Henson]
371
454dbbc5
DSH		 372 *) Non-blocking OCSP request processing. Add -timeout option to ocsp
373 utility.
c1c6c0bf
DSH		 374 [Steve Henson]
375
b7683e3a
DSH		 376 *) Allow digests to supply their own micalg string for S/MIME type using
377 the ctrl EVP_MD_CTRL_MICALG.
378 [Steve Henson]
379
380 *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
381 EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
382 ctrl. It can then customise the structure before and/or after signing
383 if necessary.
384 [Steve Henson]
385
0ee2166c
DSH		 386 *) New function OBJ_add_sigid() to allow application defined signature OIDs
387 to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
388 to free up any added signature OIDs.
389 [Steve Henson]
390
5ba4bf35
DSH		 391 *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
392 EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
393 digest and cipher tables. New options added to openssl utility:
394 list-message-digest-algorithms and list-cipher-algorithms.
395 [Steve Henson]
396
c4e7870a
BM		 397 *) Change the array representation of binary polynomials: the list
398 of degrees of non-zero coefficients is now terminated with -1.
399 Previously it was terminated with 0, which was also part of the
400 value; thus, the array representation was not applicable to
401 polynomials where t^0 has coefficient zero. This change makes
402 the array representation useful in a more general context.
403 [Douglas Stebila]
404
89bbe14c
BM		 405 *) Various modifications and fixes to SSL/TLS cipher string
406 handling. For ECC, the code now distinguishes between fixed ECDH
407 with RSA certificates on the one hand and with ECDSA certificates
408 on the other hand, since these are separate ciphersuites. The
409 unused code for Fortezza ciphersuites has been removed.
410
411 For consistency with EDH, ephemeral ECDH is now called "EECDH"
412 (not "ECDHE"). For consistency with the code for DH
413 certificates, use of ECDH certificates is now considered ECDH
414 authentication, not RSA or ECDSA authentication (the latter is
415 merely the CA's signing algorithm and not actively used in the
416 protocol).
417
418 The temporary ciphersuite alias "ECCdraft" is no longer
419 available, and ECC ciphersuites are no longer excluded from "ALL"
420 and "DEFAULT". The following aliases now exist for RFC 4492
421 ciphersuites, most of these by analogy with the DH case:
422
423 kECDHr - ECDH cert, signed with RSA
424 kECDHe - ECDH cert, signed with ECDSA
425 kECDH - ECDH cert (signed with either RSA or ECDSA)
426 kEECDH - ephemeral ECDH
427 ECDH - ECDH cert or ephemeral ECDH
428
429 aECDH - ECDH cert
430 aECDSA - ECDSA cert
431 ECDSA - ECDSA cert
432
433 AECDH - anonymous ECDH
434 EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
435
436 [Bodo Moeller]
437
fb7b3932
DSH		 438 *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
439 Use correct micalg parameters depending on digest(s) in signed message.
440 [Steve Henson]
441
01b8b3c7
DSH		 442 *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
443 an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
444 [Steve Henson]
de9fcfe3 445
58aa573a 446 *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
c9777d26
DSH		 447 an engine to register a method. Add ENGINE lookups for methods and
448 functional reference processing.
58aa573a
DSH		 449 [Steve Henson]
450
91c9e621
DSH		 451 *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
452 EVP_{Sign,Verify}* which allow an application to customise the signature
453 process.
454 [Steve Henson]
455
55311921
DSH		 456 *) New -resign option to smime utility. This adds one or more signers
457 to an existing PKCS#7 signedData structure. Also -md option to use an
458 alternative message digest algorithm for signing.
459 [Steve Henson]
460
a6e7fcd1
DSH		 461 *) Tidy up PKCS#7 routines and add new functions to make it easier to
462 create PKCS7 structures containing multiple signers. Update smime
463 application to support multiple signers.
464 [Steve Henson]
465
121dd39f
DSH		 466 *) New -macalg option to pkcs12 utility to allow setting of an alternative
467 digest MAC.
468 [Steve Henson]
469
856640b5 470 *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
b8f702a0 471 Reorganize PBE internals to lookup from a static table using NIDs,
6d3a1eac
DSH		 472 add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
473 EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
474 PRF which will be automatically used with PBES2.
856640b5
DSH		 475 [Steve Henson]
476
34b3c72e 477 *) Replace the algorithm specific calls to generate keys in "req" with the
959e8dfe
DSH		 478 new API.
479 [Steve Henson]
480
399a6f0b
DSH		 481 *) Update PKCS#7 enveloped data routines to use new API. This is now
482 supported by any public key method supporting the encrypt operation. A
483 ctrl is added to allow the public key algorithm to examine or modify
484 the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
485 a no op.
486 [Steve Henson]
28e4fe34 487
03919683
DSH		 488 *) Add a ctrl to asn1 method to allow a public key algorithm to express
489 a default digest type to use. In most cases this will be SHA1 but some
490 algorithms (such as GOST) need to specify an alternative digest. The
491 return value indicates how strong the prefernce is 1 means optional and
492 2 is mandatory (that is it is the only supported type). Modify
493 ASN1_item_sign() to accept a NULL digest argument to indicate it should
494 use the default md. Update openssl utilities to use the default digest
495 type for signing if it is not explicitly indicated.
496 [Steve Henson]
497
ee1d9ec0
DSH		 498 *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New
499 EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
500 signing method from the key type. This effectively removes the link
501 between digests and public key types.
502 [Steve Henson]
503
d2027098
DSH		 504 *) Add an OID cross reference table and utility functions. Its purpose is to
505 translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
506 rsaEncryption. This will allow some of the algorithm specific hackery
507 needed to use the correct OID to be removed.
508 [Steve Henson]
509
492a9e24
DSH		 510 *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
511 structures for PKCS7_sign(). They are now set up by the relevant public
512 key ASN1 method.
513 [Steve Henson]
514
9ca7047d
DSH		 515 *) Add provisional EC pkey method with support for ECDSA and ECDH.
516 [Steve Henson]
517
ffb1ac67
DSH		 518 *) Add support for key derivation (agreement) in the API, DH method and
519 pkeyutl.
520 [Steve Henson]
521
3ba0885a
DSH		 522 *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
523 public and private key formats. As a side effect these add additional
524 command line functionality not previously available: DSA signatures can be
525 generated and verified using pkeyutl and DH key support and generation in
526 pkey, genpkey.
527 [Steve Henson]
528
4700aea9
UM		 529 *) BeOS support.
530 [Oliver Tappe <zooey@hirschkaefer.de>]
531
532 *) New make target "install_html_docs" installs HTML renditions of the
533 manual pages.
534 [Oliver Tappe <zooey@hirschkaefer.de>]
535
f5cda4cb
DSH		 536 *) New utility "genpkey" this is analagous to "genrsa" etc except it can
537 generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
538 support key and parameter generation and add initial key generation
539 functionality for RSA.
540 [Steve Henson]
541
f733a5ef
DSH		 542 *) Add functions for main EVP_PKEY_method operations. The undocumented
543 functions EVP_PKEY_{encrypt,decrypt} have been renamed to
544 EVP_PKEY_{encrypt,decrypt}_old.
545 [Steve Henson]
546
0b6f3c66
DSH		 547 *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
548 key API, doesn't do much yet.
549 [Steve Henson]
550
0b33dac3
DSH		 551 *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
552 public key algorithms. New option to openssl utility:
553 "list-public-key-algorithms" to print out info.
554 [Steve Henson]
555
33273721
BM		 556 *) Implement the Supported Elliptic Curves Extension for
557 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
558 [Douglas Stebila]
559
246e0931
DSH		 560 *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
561 EVP_CIPHER structures to avoid later problems in EVP_cleanup().
562 [Steve Henson]
563
3e4585c8 564 *) New utilities pkey and pkeyparam. These are similar to algorithm specific
f5cda4cb 565 utilities such as rsa, dsa, dsaparam etc except they process any key
3e4585c8 566 type.
3e84b6e1
DSH		 567 [Steve Henson]
568
35208f36
DSH		 569 *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
570 functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
571 EVP_PKEY_print_param() to print public key data from an EVP_PKEY
572 structure.
573 [Steve Henson]
574
448be743
DSH		 575 *) Initial support for pluggable public key ASN1.
576 De-spaghettify the public key ASN1 handling. Move public and private
577 key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
578 algorithm specific handling to a single module within the relevant
579 algorithm directory. Add functions to allow (near) opaque processing
580 of public and private key structures.
581 [Steve Henson]
582
36ca4ba6
BM		 583 *) Implement the Supported Point Formats Extension for
584 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
585 [Douglas Stebila]
586
ddac1974
NL		 587 *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
588 for the psk identity [hint] and the psk callback functions to the
589 SSL_SESSION, SSL and SSL_CTX structure.
590
591 New ciphersuites:
592 PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
593 PSK-AES256-CBC-SHA
594
595 New functions:
596 SSL_CTX_use_psk_identity_hint
597 SSL_get_psk_identity_hint
598 SSL_get_psk_identity
599 SSL_use_psk_identity_hint
600
601 [Mika Kousa and Pasi Eronen of Nokia Corporation]
602
c7235be6
UM		 603 *) Add RFC 3161 compliant time stamp request creation, response generation
604 and response verification functionality.
605