Changes between 0.9.8f and 0.9.9 [xx XXX xxxx]
+ *) Add option -stream to use PKCS#7 streaming in smime utility. New
+ function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
+ to output in BER and PEM format.
+ [Steve Henson]
+
+ *) Experimental support for use of HMAC via EVP_PKEY interface. This
+ allows HMAC to be handled via the EVP_DigestSign*() interface. The
+ EVP_PKEY "key" in this case is the HMAC key, potentially allowing
+ ENGINE support for HMAC keys which are unextractable. New -mac and
+ -macopt options to dgst utility.
+ [Steve Henson]
+
+ *) New option -sigopt to dgst utility. Update dgst to use
+ EVP_Digest{Sign,Verify}*. These two changes make it possible to use
+ alternative signing paramaters such as X9.31 or PSS in the dgst
+ utility.
+ [Steve Henson]
+
*) Change ssl_cipher_apply_rule(), the internal function that does
the work each time a ciphersuite string requests enabling
("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
Changes between 0.9.8e and 0.9.8f [xx XXX xxxx]
+ *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+ (which previously caused an internal error).
+ [Bodo Moeller]
+
+ *) Squeeze another 10% out of IGE mode when in != out.
+ [Ben Laurie]
+
+ *) AES IGE mode speedup.
+ [Dean Gaudet (Google)]
+
+ *) Add the Korean symmetric 128-bit cipher SEED (see
+ http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+ add SEED ciphersuites from RFC 4162:
+
+ TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA"
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA"
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA"
+ TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA"
+
+ To minimize changes between patchlevels in the OpenSSL 0.9.8
+ series, SEED remains excluded from compilation unless OpenSSL
+ is configured with 'enable-seed'.
+ [KISA, Bodo Moeller]
+
*) Mitigate branch prediction attacks, which can be practical if a
single processor is shared, allowing a spy process to extract
information. For detailed background information, see
BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
respectively, which are slower, but avoid the security-relevant
conditional branches. These are automatically called by BN_div()
- and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for the
- modulus. Also, BN_is_bit_set() has been changed to remove a
- conditional branch.
+ and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+ of the input BIGNUMs. Also, BN_is_bit_set() has been changed to
+ remove a conditional branch.
BN_FLG_CONSTTIME is the new name for the previous
BN_FLG_EXP_CONSTTIME flag, since it now affects more than just