EC_GROUP_set_point_conversion_form()
EC_GROUP_get_point_conversion_form()
These control ASN1 encoding details:
- - Curve are encoded explicitly unless asn1_flag has been set to
- OPENSSL_EC_NAMED_CURVE.
- - Points are encoded in compressed form by default; options for
+ - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+ has been set to OPENSSL_EC_NAMED_CURVE.
+ - Points are encoded in uncompressed form by default; options for
asn1_for are as for point2oct, namely
POINT_CONVERSION_COMPRESSED
POINT_CONVERSION_UNCOMPRESSED
POINT_CONVERSION_HYBRID
+
+ Also add 'seed' and 'seed_len' members to EC_GROUP with access
+ functions
+ EC_GROUP_set_seed()
+ EC_GROUP_get0_seed()
+ EC_GROUP_get_seed_len()
+ This is used only for ASN1 purposes (so far).
[Nils Larsch <nla@trustcenter.de>]
*) Add 'field_type' member to EC_METHOD, which holds the NID
Changes between 0.9.6d and 0.9.7 [XX xxx 2002]
+ *) Make sure any ENGINE control commands make local copies of string
+ pointers passed to them whenever necessary. Otherwise it is possible
+ the caller may have overwritten (or deallocated) the original string
+ data when a later ENGINE operation tries to use the stored values.
+ [Götz Babin-Ebell <babinebell@trustcenter.de>]
+
*) Improve diagnostics in file reading and command-line digests.
[Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
form for "surname", serialNumber has no short form.
Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
therefore remove "mail" short name for "internet 7".
+ The OID for unique identifiers in X509 certificates is
+ x500UniqueIdentifier, not uniqueIdentifier.
Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
[Lutz Jaenicke]
By default, clients may request session resumption even during
renegotiation (if session ID contexts permit); with this option,
session resumption is possible only in the first handshake.
+
+ SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
+ more bits available for options that should not be part of
+ SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
[Bodo Moeller]
*) Add some demos for certificate and certificate request creation.
[Bodo Moeller, Lutz Jaenicke]
*) Rationalise EVP so it can be extended: don't include a union of
- cipher/digest structures, add init/cleanup functions. This also reduces
- the number of header dependencies.
+ cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+ (similar to those existing for EVP_CIPHER_CTX).
Usage example:
EVP_MD_CTX md;
*) Fix EVP_dsa_sha macro.
[Nils Larsch]
+ *) New option
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+ that was added in OpenSSL 0.9.6d.
+
+ As the countermeasure turned out to be incompatible with some
+ broken SSL implementations, the new option is part of SSL_OP_ALL.
+ SSL_OP_ALL is usually employed when compatibility with weird SSL
+ implementations is desired (e.g. '-bugs' option to 's_client' and
+ 's_server'), so the new option is automatically set in many
+ applications.
+ [Bodo Moeller]
+
Changes between 0.9.6c and 0.9.6d [9 May 2002]
*) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not