diff options
| author | Richard Levitte <levitte@openssl.org> | 2005-05-19 19:12:36 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2005-05-19 19:12:36 +0000 |
| commit | e0ee5ea962a7b4d7ab4efcfd4a03f6039f94e244 (patch) | |
| tree | 24b1c750e14dc4c3605410b455124e16f84567f7 | |
| parent | f5634286a352fcf812a1289a406482494ef80977 (diff) | |
| download | openssl-e0ee5ea962a7b4d7ab4efcfd4a03f6039f94e244.tar.gz | |
Added news items for OpenSSL 0.9.8.
| -rw-r--r-- | NEWS | 67 |
1 files changed, 67 insertions, 0 deletions
@@ -5,6 +5,73 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: + + o Major work on the BIGNUM library for higher efficiency and to + make operations more streamlined and less contradictory. This + is the result of a major audit of the BIGNUM library. + o Addition of BIGNUM functions for fields GF(2^m) and NIST + curves, to support the Elliptic Crypto functions. + o Major work on Elliptic Crypto; ECDH and ECDSA added, including + the use through EVP, X509 and ENGINE. + o New ASN.1 mini-compiler that's usable through the OpenSSL + configuration file. + o Added support for ASN.1 indefinite length constructed encoding. + o New PKCS#12 'medium level' API to manipulate PKCS#12 files. + o Complete rework of shared library construction and linking + programs with shared or static libraries, through a separate + Makefile.shared. + o Changed ENGINE framework to load dynamic engine modules + automatically from specifically given directories. + o New structure and ASN.1 functions for CertificatePair. + o Changed the ZLIB compression method to be stateful. + o Changed the key-generation and primality testing "progress" + mechanism to take a structure that contains the ticker + function and an argument. + o New engine module: GMP (performs private key exponentiation). + o New engine module: VIA PadLOck ACE extension in VIA C3 + Nehemiah processors. + o Added support for IPv6 addresses in certificate extensions. + See RFC 1884, section 2.2. + o Added support for certificate policy mappings, policy + constraints and name constraints. + o Added support for multi-valued AVAs in the OpenSSL + configuration file. + o Added support for multiple certificates with the same subject + in the 'openssl ca' index file. + o Make it possible to create self-signed certificates using + 'openssl ca -selfsign'. + o Make it possible to generate a serial number file with + 'openssl ca -create_serial'. + o New binary search functions with extended functionality. + o New BUF functions. + o New STORE structure and library to provide an interface to all + sorts of data repositories. Supports storage of public and + private keys, certificates, CRLs, numbers and arbitrary blobs. + This library is unfortunately unfinished and unused withing + OpenSSL. + o New control functions for the error stack. + o Changed the PKCS#7 library to support one-pass S/MIME + processing. + o Added the possibility to compile without old deprecated + functionality with the OPENSSL_NO_DEPRECATED macro or the + 'no-deprecated' argument to the config and Configure scripts. + o Constification of all ASN.1 conversion functions, and other + affected functions. + o Improved platform support for PowerPC. + o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). + o New X509_VERIFY_PARAM structure to support parametrisation + of X.509 path validation. + o Major overhaul of RC4 performance on Intel P4, IA-64 and + AMD64. + o Changed the Configure script to have some algorithms disabled + by default. Those can be explicitely enabled with the new + argument form 'enable-xxx'. + o Change the default digest in 'openssl' commands from MD5 to + SHA-1. + o Added support for DTLS. THIS IS STILL BEING WORKED ON! + o New BIGNUM blinding. + Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: o More compilation issues fixed. |