Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) Transparently support X9.42 DH parameters when calling
+ PEM_read_bio_DHparameters. This means existing applications can handle
+ the new parameter format automatically.
+ [Steve Henson]
+
+ *) Initial experimental support for X9.42 DH parameter format: mainly
+ to support use of 'q' parameter for RFC5114 parameters.
+ [Steve Henson]
+
+ *) Add DH parameters from RFC5114 including test data to dhtest.
+ [Steve Henson]
+
+ *) Update fips_test_suite to support multiple command line options. New
+ test to induce all self test errors in sequence and check expected
+ failures.
+ [Steve Henson]
+
+ *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and
+ sign or verify all in one operation.
+ [Steve Henson]
+
+ *) Add fips_algvs: a multicall fips utility incorporaing all the algorithm
+ test programs and fips_test_suite. Includes functionality to parse
+ the minimal script output of fipsalgest.pl directly.
+ [Steve Henson]
+
+ *) Add authorisation parameter to FIPS_module_mode_set().
+ [Steve Henson]
+
*) Add FIPS selftest for ECDH algorithm using P-224 and B-233 curves.
[Steve Henson]
security.
[Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
+ *) New function OPENSSL_gmtime_diff to find the difference in days
+ and seconds between two tm structures. This will be used to provide
+ additional functionality for ASN1_TIME.
+ [Steve Henson]
+
+ *) Add -trusted_first option which attempts to find certificates in the
+ trusted store even if an untrusted chain is also supplied.
+ [Steve Henson]
+
+ *) Initial experimental support for explicitly trusted non-root CAs.
+ OpenSSL still tries to build a complete chain to a root but if an
+ intermediate CA has a trust setting included that is used. The first
+ setting is used: whether to trust or reject.
+ [Steve Henson]
+
+ *) New -verify_name option in command line utilities to set verification
+ parameters by name.
+ [Steve Henson]
+
+ *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
+ Add CMAC pkey methods.
+ [Steve Henson]
+
+ *) Experimental regnegotiation in s_server -www mode. If the client
+ browses /reneg connection is renegotiated. If /renegcert it is
+ renegotiated requesting a certificate.
+ [Steve Henson]
+
+ *) Add an "external" session cache for debugging purposes to s_server. This
+ should help trace issues which normally are only apparent in deployed
+ multi-process servers.
+ [Steve Henson]
+
+ *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
+ return value is ignored. NB. The functions RAND_add(), RAND_seed(),
+ BIO_set_cipher() and some obscure PEM functions were changed so they
+ can now return an error. The RAND changes required a change to the
+ RAND_METHOD structure.
+ [Steve Henson]
+
+ *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
+ a gcc attribute to warn if the result of a function is ignored. This
+ is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
+ whose return value is often ignored.
+ [Steve Henson]
+
+ Changes between 1.0.0f and 1.0.1 [xx XXX xxxx]
+
+ *) Improved PRNG seeding for VOS.
+ [Paul Green <Paul.Green@stratus.com>]
+
+ *) Extensive assembler packs updates, most notably:
+
+ - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support;
+ - x86[_64]: SSSE3 support (SHA1, vector-permutation AES);
+ - x86_64: bit-sliced AES implementation;
+ - ARM: NEON support, contemporary platforms optimizations;
+ - s390x: z196 support;
+ - *: GHASH and GF(2^m) multiplication implementations;
+
+ [Andy Polyakov]
+
+ *) Make TLS-SRP code conformant with RFC 5054 API cleanup
+ (removal of unnecessary code)
+ [Peter Sylvester <peter.sylvester@edelweb.fr>]
+
+ *) Add -attime option to openssl utilities.
+ [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]
+
+ *) Add TLS key material exporter from RFC 5705.
+ [Eric Rescorla]
+
+ *) Add DTLS-SRTP negotiation from RFC 5764.
+ [Eric Rescorla]
+
*) Add Next Protocol Negotiation,
http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
disabled with a no-npn flag to config or Configure. Code donated
by Google.
[Adam Langley <agl@google.com> and Ben Laurie]
+ *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
+ NIST-P256, NIST-P521, with constant-time single point multiplication on
+ typical inputs. Compiler support for the nonstandard type __uint128_t is
+ required to use this (present in gcc 4.4 and later, for 64-bit builds).
+ Code made available under Apache License version 2.0.
+
+ Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
+ line to include this in your build of OpenSSL, and run "make depend" (or
+ "make update"). This enables the following EC_METHODs:
+
+ EC_GFp_nistp224_method()
+ EC_GFp_nistp256_method()
+ EC_GFp_nistp521_method()
+
+ EC_GROUP_new_by_curve_name() will automatically use these (while
+ EC_GROUP_new_curve_GFp() currently prefers the more flexible
+ implementations).
+ [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+
*) Use type ossl_ssize_t instad of ssize_t which isn't available on
all platforms. Move ssize_t definition from e_os.h to the public
header file e_os2.h as it now appears in public header file cms.h
[Steve Henson]
- *) New function OPENSSL_gmtime_diff to find the difference in days
- and seconds between two tm structures. This will be used to provide
- additional functionality for ASN1_TIME.
- [Steve Henson]
-
*) New -sigopt option to the ca, req and x509 utilities. Additional
signature parameters can be passed using this option and in
particular PSS.
parameters r, s.
[Steve Henson]
- *) Add -trusted_first option which attempts to find certificates in the
- trusted store even if an untrusted chain is also supplied.
- [Steve Henson]
-
- *) Initial experimental support for explicitly trusted non-root CAs.
- OpenSSL still tries to build a complete chain to a root but if an
- intermediate CA has a trust setting included that is used. The first
- setting is used: whether to trust or reject.
- [Steve Henson]
-
- *) New -verify_name option in command line utilities to set verification
- parameters by name.
- [Steve Henson]
-
- *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
- Add CMAC pkey methods.
- [Steve Henson]
-
- *) Experiemental regnegotiation in s_server -www mode. If the client
- browses /reneg connection is renegotiated. If /renegcert it is
- renegotiated requesting a certificate.
- [Steve Henson]
-
- *) Add an "external" session cache for debugging purposes to s_server. This
- should help trace issues which normally are only apparent in deployed
- multi-process servers.
- [Steve Henson]
-
*) Password based recipient info support for CMS library: implementing
RFC3211.
[Steve Henson]
password based CMS).
[Steve Henson]
- *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
- return value is ignored. NB. The functions RAND_add(), RAND_seed(),
- BIO_set_cipher() and some obscure PEM functions were changed so they
- can now return an error. The RAND changes required a change to the
- RAND_METHOD structure.
- [Steve Henson]
-
- *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
- a gcc attribute to warn if the result of a function is ignored. This
- is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
- whose return value is often ignored.
- [Steve Henson]
-
- Changes between 1.0.0e and 1.0.1 [xx XXX xxxx]
-
*) Session-handling fixes:
- Fix handling of connections that are resuming with a session ID,
but also support Session Tickets.
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]
- *) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
- elliptic curve NIST-P224 with constant-time single point multiplication on
- typical inputs. EC_GROUP_new_by_curve_name() will automatically use this
- (while EC_GROUP_new_curve_GFp() currently won't and prefers the more
- flexible implementations).
-
- The implementation requires support for the nonstandard type __uint128_t,
- and so is disabled by default. To include this in your build of OpenSSL,
- use -DEC_NISTP224_64_GCC_128 on the Configure (or config) command line,
- and run "make depend" (or "make update").
- [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
-
*) Permit abbreviated handshakes when renegotiating using the function
SSL_renegotiate_abbreviated().
[Robin Seggelmann <seggelmann@fh-muenster.de>]
Add command line options to s_client/s_server.
[Steve Henson]
- Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
+ Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
+
+ *) Fix ssl_ciph.c set-up race.
+ [Adam Langley (Google)]
+
+ *) Fix spurious failures in ecdsatest.c.
+ [Emilia Käsper (Google)]
+
+ *) Fix the BIO_f_buffer() implementation (which was mixing different
+ interpretations of the '..._len' fields).
+ [Adam Langley (Google)]
+
+ *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+ BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+ threads won't reuse the same blinding coefficients.
+
+ This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+ lock to call BN_BLINDING_invert_ex, and avoids one use of
+ BN_BLINDING_update for each BN_BLINDING structure (previously,
+ the last update always remained unused).
+ [Emilia Käsper (Google)]
+
+ *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
+ [Bob Buckholz (Google)]
+
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
*) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+ *) Fix ssl_ciph.c set-up race.
+ [Adam Langley (Google)]
+
+ *) Fix spurious failures in ecdsatest.c.
+ [Emilia Käsper (Google)]
+
+ *) Fix the BIO_f_buffer() implementation (which was mixing different
+ interpretations of the '..._len' fields).
+ [Adam Langley (Google)]
+
+ *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+ BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+ threads won't reuse the same blinding coefficients.
+
+ This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+ lock to call BN_BLINDING_invert_ex, and avoids one use of
+ BN_BLINDING_update for each BN_BLINDING structure (previously,
+ the last update always remained unused).
+ [Emilia Käsper (Google)]
+
*) Fix SSL memory handling for (EC)DH ciphersuites, in particular
for multi-threaded use of ECDH.
[Adam Langley (Google)]