]> git.ipfire.org Git - thirdparty/openssl.git/blame_incremental - CHANGES
projects / thirdparty / openssl.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Missing break.
[thirdparty/openssl.git] / CHANGES
... / ...
CommitLineData
1
2 OpenSSL CHANGES
3 _______________
4
5 Changes between 0.9.8k and 1.0 [xx XXX xxxx]
6
7 *) Delete MD2 from algorithm tables. This follows the recommendation in
8 several standards that it is not used in new applications due to
9 several cryptographic weaknesses. The algorithm is also disabled in
10 the default configuration.
11 [Steve Henson]
12
13 *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
14 indicate the initial BIO being pushed or popped. This makes it possible
15 to determine whether the BIO is the one explicitly called or as a result
16 of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
17 it handles reference counts correctly and doesn't zero out the I/O bio
18 when it is not being explicitly popped. WARNING: applications which
19 included workarounds for the old buggy behaviour will need to be modified
20 or they could free up already freed BIOs.
21 [Steve Henson]
22
23 *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
24 OPENSSL_asc2uni the original names were too generic and cause name
25 clashes on Netware.
26 [Guenter <lists@gknw.net>]
27
28 *) Add ECDHE and PSK support to DTLS.
29 [Michael Tuexen <tuexen@fh-muenster.de>]
30
31 *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
32 be used on C++.
33 [Steve Henson]
34
35 *) Add "missing" function EVP_MD_flags() (without this the only way to
36 retrieve a digest flags is by accessing the structure directly. Update
37 EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
38 or cipher is registered as in the "from" argument. Print out all
39 registered digests in the dgst usage message instead of manually
40 attempting to work them out.
41 [Steve Henson]
42
43 *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
44 this allows the use of compression and extensions. Change default cipher
45 string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
46 by default unless an application cipher string requests it.
47 [Steve Henson]
48
49 *) Alter match criteria in PKCS12_parse(). It used to try to use local
50 key ids to find matching certificates and keys but some PKCS#12 files
51 don't follow the (somewhat unwritten) rules and this strategy fails.
52 Now just gather all certificates together and the first private key
53 then look for the first certificate that matches the key.
54 [Steve Henson]
55
56 *) Support use of registered digest and cipher names for dgst and cipher
57 commands instead of having to add each one as a special case. So now
58 you can do:
59
60 openssl sha256 foo
61
62 as well as:
63
64 openssl dgst -sha256 foo
65
66 and this works for ENGINE based algorithms too.
67
68 [Steve Henson]
69
70 *) Update Gost ENGINE to support parameter files.
71 [Victor B. Wagner <vitus@cryptocom.ru>]
72
73 *) Support GeneralizedTime in ca utility.
74 [Oliver Martin <oliver@volatilevoid.net>, Steve Henson]
75
76 *) Enhance the hash format used for certificate directory links. The new
77 form uses the canonical encoding (meaning equivalent names will work
78 even if they aren't identical) and uses SHA1 instead of MD5. This form
79 is incompatible with the older format and as a result c_rehash should
80 be used to rebuild symbolic links.
81 [Steve Henson]
82
83 *) Make PKCS#8 the default write format for private keys, replacing the
84 traditional format. This form is standardised, more secure and doesn't
85 include an implicit MD5 dependency.
86 [Steve Henson]
87
88 *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
89 committed to OpenSSL should pass this lot as a minimum.
90 [Steve Henson]
91
92 *) Add session ticket override functionality for use by EAP-FAST.
93 [Jouni Malinen <j@w1.fi>]
94
95 *) Modify HMAC functions to return a value. Since these can be implemented
96 in an ENGINE errors can occur.
97 [Steve Henson]
98
99 *) Type-checked OBJ_bsearch_ex.
100 [Ben Laurie]
101
102 *) Type-checked OBJ_bsearch. Also some constification necessitated
103 by type-checking. Still to come: TXT_DB, bsearch(?),
104 OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
105 CONF_VALUE.
106 [Ben Laurie]
107
108 *) New function OPENSSL_gmtime_adj() to add a specific number of days and
109 seconds to a tm structure directly, instead of going through OS
110 specific date routines. This avoids any issues with OS routines such
111 as the year 2038 bug. New *_adj() functions for ASN1 time structures
112 and X509_time_adj_ex() to cover the extended range. The existing
113 X509_time_adj() is still usable and will no longer have any date issues.
114 [Steve Henson]
115
116 *) Delta CRL support. New use deltas option which will attempt to locate
117 and search any appropriate delta CRLs available.
118
119 This work was sponsored by Google.
120 [Steve Henson]
121
122 *) Support for CRLs partitioned by reason code. Reorganise CRL processing
123 code and add additional score elements. Validate alternate CRL paths
124 as part of the CRL checking and indicate a new error "CRL path validation
125 error" in this case. Applications wanting additional details can use
126 the verify callback and check the new "parent" field. If this is not
127 NULL CRL path validation is taking place. Existing applications wont
128 see this because it requires extended CRL support which is off by
129 default.
130
131 This work was sponsored by Google.
132 [Steve Henson]
133
134 *) Support for freshest CRL extension.
135
136 This work was sponsored by Google.
137 [Steve Henson]
138
139 *) Initial indirect CRL support. Currently only supported in the CRLs
140 passed directly and not via lookup. Process certificate issuer
141 CRL entry extension and lookup CRL entries by bother issuer name
142 and serial number. Check and process CRL issuer entry in IDP extension.
143
144 This work was sponsored by Google.
145 [Steve Henson]
146
147 *) Add support for distinct certificate and CRL paths. The CRL issuer
148 certificate is validated separately in this case. Only enabled if
149 an extended CRL support flag is set: this flag will enable additional
150 CRL functionality in future.
151
152 This work was sponsored by Google.
153 [Steve Henson]
154
155 *) Add support for policy mappings extension.
156
157 This work was sponsored by Google.
158 [Steve Henson]
159
160 *) Fixes to pathlength constraint, self issued certificate handling,
161 policy processing to align with RFC3280 and PKITS tests.
162
163 This work was sponsored by Google.
164 [Steve Henson]
165
166 *) Support for name constraints certificate extension. DN, email, DNS
167 and URI types are currently supported.
168
169 This work was sponsored by Google.
170 [Steve Henson]
171
172 *) To cater for systems that provide a pointer-based thread ID rather
173 than numeric, deprecate the current numeric thread ID mechanism and
174 replace it with a structure and associated callback type. This
175 mechanism allows a numeric "hash" to be extracted from a thread ID in
176 either case, and on platforms where pointers are larger than 'long',
177 mixing is done to help ensure the numeric 'hash' is usable even if it
178 can't be guaranteed unique. The default mechanism is to use "&errno"
179 as a pointer-based thread ID to distinguish between threads.
180
181 Applications that want to provide their own thread IDs should now use
182 CRYPTO_THREADID_set_callback() to register a callback that will call
183 either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
184
185 Note that ERR_remove_state() is now deprecated, because it is tied
186 to the assumption that thread IDs are numeric. ERR_remove_state(0)
187 to free the current thread's error state should be replaced by
188 ERR_remove_thread_state(NULL).
189
190 (This new approach replaces the functions CRYPTO_set_idptr_callback(),
191 CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
192 OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
193 application was previously providing a numeric thread callback that
194 was inappropriate for distinguishing threads, then uniqueness might
195 have been obtained with &errno that happened immediately in the
196 intermediate development versions of OpenSSL; this is no longer the
197 case, the numeric thread callback will now override the automatic use
198 of &errno.)
199 [Geoff Thorpe, with help from Bodo Moeller]
200
201 *) Initial support for different CRL issuing certificates. This covers a
202 simple case where the self issued certificates in the chain exist and
203 the real CRL issuer is higher in the existing chain.
204
205 This work was sponsored by Google.
206 [Steve Henson]
207
208 *) Removed effectively defunct crypto/store from the build.
209 [Ben Laurie]
210
211 *) Revamp of STACK to provide stronger type-checking. Still to come:
212 TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
213 ASN1_STRING, CONF_VALUE.
214 [Ben Laurie]
215
216 *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
217 RAM on SSL connections. This option can save about 34k per idle SSL.
218 [Nick Mathewson]
219
220 *) Revamp of LHASH to provide stronger type-checking. Still to come:
221 STACK, TXT_DB, bsearch, qsort.
222 [Ben Laurie]
223
224 *) Initial support for Cryptographic Message Syntax (aka CMS) based
225 on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
226 support for data, signedData, compressedData, digestedData and
227 encryptedData, envelopedData types included. Scripts to check against
228 RFC4134 examples draft and interop and consistency checks of many
229 content types and variants.
230 [Steve Henson]
231
232 *) Add options to enc utility to support use of zlib compression BIO.
233 [Steve Henson]
234
235 *) Extend mk1mf to support importing of options and assembly language
236 files from Configure script, currently only included in VC-WIN32.
237 The assembly language rules can now optionally generate the source
238 files from the associated perl scripts.
239 [Steve Henson]
240
241 *) Implement remaining functionality needed to support GOST ciphersuites.
242 Interop testing has been performed using CryptoPro implementations.
243 [Victor B. Wagner <vitus@cryptocom.ru>]
244
245 *) s390x assembler pack.
246 [Andy Polyakov]
247
248 *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
249 "family."
250 [Andy Polyakov]
251
252 *) Implement Opaque PRF Input TLS extension as specified in
253 draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an
254 official specification yet and no extension type assignment by
255 IANA exists, this extension (for now) will have to be explicitly
256 enabled when building OpenSSL by providing the extension number
257 to use. For example, specify an option
258
259 -DTLSEXT_TYPE_opaque_prf_input=0x9527
260
261 to the "config" or "Configure" script to enable the extension,
262 assuming extension number 0x9527 (which is a completely arbitrary
263 and unofficial assignment based on the MD5 hash of the Internet
264 Draft). Note that by doing so, you potentially lose
265 interoperability with other TLS implementations since these might
266 be using the same extension number for other purposes.
267
268 SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
269 opaque PRF input value to use in the handshake. This will create
270 an interal copy of the length-'len' string at 'src', and will
271 return non-zero for success.
272
273 To get more control and flexibility, provide a callback function
274 by using
275
276 SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
277 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
278
279 where
280
281 int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
282 void *arg;
283
284 Callback function 'cb' will be called in handshakes, and is
285 expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
286 Argument 'arg' is for application purposes (the value as given to
287 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
288 be provided to the callback function). The callback function
289 has to return non-zero to report success: usually 1 to use opaque
290 PRF input just if possible, or 2 to enforce use of the opaque PRF
291 input. In the latter case, the library will abort the handshake
292 if opaque PRF input is not successfully negotiated.
293
294 Arguments 'peerinput' and 'len' given to the callback function
295 will always be NULL and 0 in the case of a client. A server will
296 see the client's opaque PRF input through these variables if
297 available (NULL and 0 otherwise). Note that if the server
298 provides an opaque PRF input, the length must be the same as the
299 length of the client's opaque PRF input.
300
301 Note that the callback function will only be called when creating
302 a new session (session resumption can resume whatever was
303 previously negotiated), and will not be called in SSL 2.0
304 handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
305 SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
306 for applications that need to enforce opaque PRF input.
307
308 [Bodo Moeller]
309
310 *) Update ssl code to support digests other than SHA1+MD5 for handshake
311 MAC.
312
313 [Victor B. Wagner <vitus@cryptocom.ru>]
314
315 *) Add RFC4507 support to OpenSSL. This includes the corrections in
316 RFC4507bis. The encrypted ticket format is an encrypted encoded
317 SSL_SESSION structure, that way new session features are automatically
318 supported.
319
320 If a client application caches session in an SSL_SESSION structure
321 support is transparent because tickets are now stored in the encoded
322 SSL_SESSION.
323
324 The SSL_CTX structure automatically generates keys for ticket
325 protection in servers so again support should be possible
326 with no application modification.
327
328 If a client or server wishes to disable RFC4507 support then the option
329 SSL_OP_NO_TICKET can be set.
330
331 Add a TLS extension debugging callback to allow the contents of any client
332 or server extensions to be examined.
333
334 This work was sponsored by Google.
335 [Steve Henson]
336
337 *) Final changes to avoid use of pointer pointer casts in OpenSSL.
338 OpenSSL should now compile cleanly on gcc 4.2
339 [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
340
341 *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
342 support including streaming MAC support: this is required for GOST
343 ciphersuite support.
344 [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
345
346 *) Add option -stream to use PKCS#7 streaming in smime utility. New
347 function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
348 to output in BER and PEM format.
349 [Steve Henson]
350
351 *) Experimental support for use of HMAC via EVP_PKEY interface. This
352 allows HMAC to be handled via the EVP_DigestSign*() interface. The
353 EVP_PKEY "key" in this case is the HMAC key, potentially allowing
354 ENGINE support for HMAC keys which are unextractable. New -mac and
355 -macopt options to dgst utility.
356 [Steve Henson]
357
358 *) New option -sigopt to dgst utility. Update dgst to use
359 EVP_Digest{Sign,Verify}*. These two changes make it possible to use
360 alternative signing paramaters such as X9.31 or PSS in the dgst
361 utility.
362 [Steve Henson]
363
364 *) Change ssl_cipher_apply_rule(), the internal function that does
365 the work each time a ciphersuite string requests enabling
366 ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
367 removing ("!foo+bar") a class of ciphersuites: Now it maintains
368 the order of disabled ciphersuites such that those ciphersuites
369 that most recently went from enabled to disabled not only stay
370 in order with respect to each other, but also have higher priority
371 than other disabled ciphersuites the next time ciphersuites are
372 enabled again.
373
374 This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
375 the same ciphersuites as with "HIGH" alone, but in a specific
376 order where the PSK ciphersuites come first (since they are the
377 most recently disabled ciphersuites when "HIGH" is parsed).
378
379 Also, change ssl_create_cipher_list() (using this new
380 funcionality) such that between otherwise identical
381 cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
382 the default order.
383 [Bodo Moeller]
384
385 *) Change ssl_create_cipher_list() so that it automatically
386 arranges the ciphersuites in reasonable order before starting
387 to process the rule string. Thus, the definition for "DEFAULT"
388 (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
389 remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
390 This makes it much easier to arrive at a reasonable default order
391 in applications for which anonymous ciphers are OK (meaning
392 that you can't actually use DEFAULT).
393 [Bodo Moeller; suggested by Victor Duchovni]
394
395 *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
396 processing) into multiple integers instead of setting
397 "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
398 "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
399 (These masks as well as the individual bit definitions are hidden
400 away into the non-exported interface ssl/ssl_locl.h, so this
401 change to the definition of the SSL_CIPHER structure shouldn't
402 affect applications.) This give us more bits for each of these
403 categories, so there is no longer a need to coagulate AES128 and
404 AES256 into a single algorithm bit, and to coagulate Camellia128
405 and Camellia256 into a single algorithm bit, which has led to all
406 kinds of kludges.
407
408 Thus, among other things, the kludge introduced in 0.9.7m and
409 0.9.8e for masking out AES256 independently of AES128 or masking
410 out Camellia256 independently of AES256 is not needed here in 0.9.9.
411
412 With the change, we also introduce new ciphersuite aliases that
413 so far were missing: "AES128", "AES256", "CAMELLIA128", and
414 "CAMELLIA256".
415 [Bodo Moeller]
416
417 *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
418 Use the leftmost N bytes of the signature input if the input is
419 larger than the prime q (with N being the size in bytes of q).
420 [Nils Larsch]
421
422 *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
423 it yet and it is largely untested.
424 [Steve Henson]
425
426 *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
427 [Nils Larsch]
428
429 *) Initial incomplete changes to avoid need for function casts in OpenSSL
430 some compilers (gcc 4.2 and later) reject their use. Safestack is
431 reimplemented. Update ASN1 to avoid use of legacy functions.
432 [Steve Henson]
433
434 *) Win32/64 targets are linked with Winsock2.
435 [Andy Polyakov]
436
437 *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
438 to external functions. This can be used to increase CRL handling
439 efficiency especially when CRLs are very large by (for example) storing
440 the CRL revoked certificates in a database.
441 [Steve Henson]
442
443 *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
444 new CRLs added to a directory can be used. New command line option
445 -verify_return_error to s_client and s_server. This causes real errors
446 to be returned by the verify callback instead of carrying on no matter
447 what. This reflects the way a "real world" verify callback would behave.
448 [Steve Henson]
449
450 *) GOST engine, supporting several GOST algorithms and public key formats.
451 Kindly donated by Cryptocom.
452 [Cryptocom]
453
454 *) Partial support for Issuing Distribution Point CRL extension. CRLs
455 partitioned by DP are handled but no indirect CRL or reason partitioning
456 (yet). Complete overhaul of CRL handling: now the most suitable CRL is
457 selected via a scoring technique which handles IDP and AKID in CRLs.
458 [Steve Henson]
459
460 *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
461 will ultimately be used for all verify operations: this will remove the
462 X509_STORE dependency on certificate verification and allow alternative
463 lookup methods. X509_STORE based implementations of these two callbacks.
464 [Steve Henson]
465
466 *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
467 Modify get_crl() to find a valid (unexpired) CRL if possible.
468 [Steve Henson]
469
470 *) New function X509_CRL_match() to check if two CRLs are identical. Normally
471 this would be called X509_CRL_cmp() but that name is already used by
472 a function that just compares CRL issuer names. Cache several CRL
473 extensions in X509_CRL structure and cache CRLDP in X509.
474 [Steve Henson]
475
476 *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
477 this maps equivalent X509_NAME structures into a consistent structure.
478 Name comparison can then be performed rapidly using memcmp().
479 [Steve Henson]
480
481 *) Non-blocking OCSP request processing. Add -timeout option to ocsp
482 utility.
483 [Steve Henson]
484
485 *) Allow digests to supply their own micalg string for S/MIME type using
486 the ctrl EVP_MD_CTRL_MICALG.
487 [Steve Henson]
488
489 *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
490 EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
491 ctrl. It can then customise the structure before and/or after signing
492 if necessary.
493 [Steve Henson]
494
495 *) New function OBJ_add_sigid() to allow application defined signature OIDs
496 to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
497 to free up any added signature OIDs.
498 [Steve Henson]
499
500 *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
501 EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
502 digest and cipher tables. New options added to openssl utility:
503 list-message-digest-algorithms and list-cipher-algorithms.
504 [Steve Henson]
505
506 *) Change the array representation of binary polynomials: the list
507 of degrees of non-zero coefficients is now terminated with -1.
508 Previously it was terminated with 0, which was also part of the
509 value; thus, the array representation was not applicable to
510 polynomials where t^0 has coefficient zero. This change makes
511 the array representation useful in a more general context.
512 [Douglas Stebila]
513
514 *) Various modifications and fixes to SSL/TLS cipher string
515 handling. For ECC, the code now distinguishes between fixed ECDH
516 with RSA certificates on the one hand and with ECDSA certificates
517 on the other hand, since these are separate ciphersuites. The
518 unused code for Fortezza ciphersuites has been removed.
519
520 For consistency with EDH, ephemeral ECDH is now called "EECDH"
521 (not "ECDHE"). For consistency with the code for DH
522 certificates, use of ECDH certificates is now considered ECDH
523 authentication, not RSA or ECDSA authentication (the latter is
524 merely the CA's signing algorithm and not actively used in the
525 protocol).
526
527 The temporary ciphersuite alias "ECCdraft" is no longer
528 available, and ECC ciphersuites are no longer excluded from "ALL"
529 and "DEFAULT". The following aliases now exist for RFC 4492
530 ciphersuites, most of these by analogy with the DH case:
531
532 kECDHr - ECDH cert, signed with RSA
533 kECDHe - ECDH cert, signed with ECDSA
534 kECDH - ECDH cert (signed with either RSA or ECDSA)
535 kEECDH - ephemeral ECDH
536 ECDH - ECDH cert or ephemeral ECDH
537
538 aECDH - ECDH cert
539 aECDSA - ECDSA cert
540 ECDSA - ECDSA cert
541
542 AECDH - anonymous ECDH
543 EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
544
545 [Bodo Moeller]
546
547 *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
548 Use correct micalg parameters depending on digest(s) in signed message.
549 [Steve Henson]
550
551 *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
552 an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
553 [Steve Henson]
554
555 *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
556 an engine to register a method. Add ENGINE lookups for methods and
557 functional reference processing.
558 [Steve Henson]
559
560 *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
561 EVP_{Sign,Verify}* which allow an application to customise the signature
562 process.
563 [Steve Henson]
564
565 *) New -resign option to smime utility. This adds one or more signers
566 to an existing PKCS#7 signedData structure. Also -md option to use an
567 alternative message digest algorithm for signing.
568 [Steve Henson]
569
570 *) Tidy up PKCS#7 routines and add new functions to make it easier to
571 create PKCS7 structures containing multiple signers. Update smime
572 application to support multiple signers.
573 [Steve Henson]
574
575 *) New -macalg option to pkcs12 utility to allow setting of an alternative
576 digest MAC.
577 [Steve Henson]
578
579 *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
580 Reorganize PBE internals to lookup from a static table using NIDs,
581 add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
582 EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
583 PRF which will be automatically used with PBES2.
584 [Steve Henson]
585
586 *) Replace the algorithm specific calls to generate keys in "req" with the
587 new API.
588 [Steve Henson]
589
590 *) Update PKCS#7 enveloped data routines to use new API. This is now
591 supported by any public key method supporting the encrypt operation. A
592 ctrl is added to allow the public key algorithm to examine or modify
593 the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
594 a no op.
595 [Steve Henson]
596
597 *) Add a ctrl to asn1 method to allow a public key algorithm to express
598 a default digest type to use. In most cases this will be SHA1 but some
599 algorithms (such as GOST) need to specify an alternative digest. The
600 return value indicates how strong the prefernce is 1 means optional and
601 2 is mandatory (that is it is the only supported type). Modify
602 ASN1_item_sign() to accept a NULL digest argument to indicate it should
603 use the default md. Update openssl utilities to use the default digest
604 type for signing if it is not explicitly indicated.
605 [Steve Henson]
606
607 *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New
608 EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
609 signing method from the key type. This effectively removes the link
610 between digests and public key types.
611 [Steve Henson]
612
613 *) Add an OID cross reference table and utility functions. Its purpose is to
614 translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
615 rsaEncryption. This will allow some of the algorithm specific hackery
616 needed to use the correct OID to be removed.
617 [Steve Henson]
618
619 *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
620 structures for PKCS7_sign(). They are now set up by the relevant public
621 key ASN1 method.
622 [Steve Henson]
623
624 *) Add provisional EC pkey method with support for ECDSA and ECDH.
625 [Steve Henson]
626
627 *) Add support for key derivation (agreement) in the API, DH method and
628 pkeyutl.
629 [Steve Henson]
630
631 *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
632 public and private key formats. As a side effect these add additional
633 command line functionality not previously available: DSA signatures can be
634 generated and verified using pkeyutl and DH key support and generation in
635 pkey, genpkey.
636 [Steve Henson]
637
638 *) BeOS support.
639 [Oliver Tappe <zooey@hirschkaefer.de>]
640
641 *) New make target "install_html_docs" installs HTML renditions of the
642 manual pages.
643 [Oliver Tappe <zooey@hirschkaefer.de>]
644
645 *) New utility "genpkey" this is analagous to "genrsa" etc except it can
646 generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
647 support key and parameter generation and add initial key generation
648 functionality for RSA.
649 [Steve Henson]
650
651 *) Add functions for main EVP_PKEY_method operations. The undocumented
652 functions EVP_PKEY_{encrypt,decrypt} have been renamed to
653 EVP_PKEY_{encrypt,decrypt}_old.
654 [Steve Henson]
655
656 *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
657 key API, doesn't do much yet.
658 [Steve Henson]
659
660 *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
661 public key algorithms. New option to openssl utility:
662 "list-public-key-algorithms" to print out info.
663 [Steve Henson]
664
665 *) Implement the Supported Elliptic Curves Extension for
666 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
667 [Douglas Stebila]
668
669 *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
670 EVP_CIPHER structures to avoid later problems in EVP_cleanup().
671 [Steve Henson]
672
673 *) New utilities pkey and pkeyparam. These are similar to algorithm specific
674 utilities such as rsa, dsa, dsaparam etc except they process any key
675 type.
676 [Steve Henson]
677
678 *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
679 functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
680 EVP_PKEY_print_param() to print public key data from an EVP_PKEY
681 structure.
682 [Steve Henson]
683
684 *) Initial support for pluggable public key ASN1.
685 De-spaghettify the public key ASN1 handling. Move public and private
686 key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
687 algorithm specific handling to a single module within the relevant
688 algorithm directory. Add functions to allow (near) opaque processing
689 of public and private key structures.
690 [Steve Henson]
691
692 *) Implement the Supported Point Formats Extension for
693 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
694 [Douglas Stebila]
695
696 *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
697 for the psk identity [hint] and the psk callback functions to the
698 SSL_SESSION, SSL and SSL_CTX structure.
699
700 New ciphersuites:
701 PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
702 PSK-AES256-CBC-SHA
703
704 New functions:
705 SSL_CTX_use_psk_identity_hint
706 SSL_get_psk_identity_hint
707 SSL_get_psk_identity
708 SSL_use_psk_identity_hint
709
710 [Mika Kousa and Pasi Eronen of Nokia Corporation]
711
712 *) Add RFC 3161 compliant time stamp request creation, response generation
713 and response verification functionality.
714