Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
+ *) Change default behaviour of 'openssl asn1parse' so that more
+ information is visible when viewing, e.g., a certificate:
+
+ Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+ mode the content of non-printable OCTET STRINGs is output in a
+ style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+ avoid the appearance of a printable string.
+ [Nils Larsch <nla@trustcenter.de>]
+
*) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
functions
EC_GROUP_set_asn1_flag()
*) Add ECDSA in new directory crypto/ecdsa/.
- Add applications 'openssl ecdsaparam' and 'openssl ecdsa'
- (these are variants of 'openssl dsaparam' and 'openssl dsa').
+ Add applications 'openssl ecparam' and 'openssl ecdsa'
+ (these are based on 'openssl dsaparam' and 'openssl dsa').
ECDSA support is also included in various other files across the
library. Most notably,
EC_GROUP_get_nid()
[Nils Larsch <nla@trustcenter.de, Bodo Moeller]
- Changes between 0.9.6d and 0.9.7 [XX xxx 2002]
+ Changes between 0.9.6e and 0.9.7 [XX xxx 2002]
+
+ *) Add cipher selection rules COMPLEMENTOFALL and COMPLENENTOFDEFAULT
+ to allow version independent disabling of normally unselected ciphers,
+ which may be activated as a side-effect of selecting a single cipher.
+ [Lutz Jaenicke, Bodo Moeller]
+
+ *) Add appropriate support for separate platform-dependent build
+ directories. The recommended way to make a platform-dependent
+ build directory is the following (tested on Linux), maybe with
+ some local tweaks:
+
+ # Place yourself outside of the OpenSSL source tree. In
+ # this example, the environment variable OPENSSL_SOURCE
+ # is assumed to contain the absolute OpenSSL source directory.
+ mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
+ cd objtree/`uname -s`-`uname -r`-`uname -m`
+ (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+ mkdir -p `dirname $F`
+ ln -s $OPENSSL_SOURCE/$F $F
+ done
+
+ To be absolutely sure not to disturb the source tree, a "make clean"
+ is a good thing. If it isn't successfull, don't worry about it,
+ it probably means the source directory is very clean.
+ [Richard Levitte]
+
+ *) Make sure any ENGINE control commands make local copies of string
+ pointers passed to them whenever necessary. Otherwise it is possible
+ the caller may have overwritten (or deallocated) the original string
+ data when a later ENGINE operation tries to use the stored values.
+ [Götz Babin-Ebell <babinebell@trustcenter.de>]
*) Improve diagnostics in file reading and command-line digests.
[Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
[Bodo Moeller, Lutz Jaenicke]
*) Rationalise EVP so it can be extended: don't include a union of
- cipher/digest structures, add init/cleanup functions. This also reduces
- the number of header dependencies.
+ cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+ (similar to those existing for EVP_CIPHER_CTX).
Usage example:
EVP_MD_CTX md;
handle the new API. Currently only ECB, CBC modes supported. Add new
AES OIDs.
- Add TLS AES ciphersuites as described in the "AES Ciphersuites
- for TLS" draft-ietf-tls-ciphersuite-06.txt. As these are not yet
- official, they are not enabled by default and are not even part
- of the "ALL" ciphersuite alias; for now, they must be explicitly
- requested by specifying the new "AESdraft" ciphersuite alias. If
- you want the default ciphersuite list plus the new ciphersuites,
- use "DEFAULT:AESdraft:@STRENGTH".
- [Ben Laurie, Steve Henson, Bodo Moeller]
+ Add TLS AES ciphersuites as described in RFC3268, "Advanced
+ Encryption Standard (AES) Ciphersuites for Transport Layer
+ Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
+ not enabled by default and were not part of the "ALL" ciphersuite
+ alias because they were not yet official; they could be
+ explicitly requested by specifying the "AESdraft" ciphersuite
+ group alias. In the final release of OpenSSL 0.9.7, the group
+ alias is called "AES" and is part of "ALL".)
+ [Ben Laurie, Steve Henson, Bodo Moeller]
*) New function OCSP_copy_nonce() to copy nonce value (if present) from
request to response.
Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
+ *) Fix cipher selection routines: ciphers without encryption had no flags
+ for the cipher strength set and where therefore not handled correctly
+ by the selection routines (PR #130).
+ [Lutz Jaenicke]
+
*) Fix EVP_dsa_sha macro.
[Nils Larsch]