[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]

  *) New build option no-ec2m to disable characteristic 2 code.
     [Steve Henson]

  *) New build option "fipscanisteronly". This only builds fipscanister.o
     and (currently) associated fips utilities. Uses the file Makefile.fips
     instead of Makefile.org as the prototype.
     [Steve Henson]

  *) Add some FIPS mode restrictions to GCM. Add internal IV generator.
     Update fips_gcmtest to use IV generator.
     [Steve Henson]

  *) Initial, experimental EVP support for AES-GCM. AAD can be input by
     setting output buffer to NULL. The *Final function must be
     called although it will not retrieve any additional data. The tag
     can be set or retrieved with a ctrl. The IV length is by default 12
     bytes (96 bits) but can be set to an alternative value. If the IV
     length exceeds the maximum IV length (currently 16 bytes) it cannot be
     set before the key. 
     [Steve Henson]

  *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
     underlying do_cipher function handles all cipher semantics itself
     including padding and finalisation. This is useful if (for example)
     an ENGINE cipher handles block padding itself. The behaviour of
     do_cipher is subtly changed if this flag is set: the return value
     is the number of characters written to the output buffer (zero is
     no longer an error code) or a negative error code. Also if the
     input buffer is NULL and length 0 finalisation should be performed.
     [Steve Henson]

  *) If a candidate issuer certificate is already part of the constructed
     path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
     [Steve Henson]

  *) Improve forward-security support: add functions

       void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
       void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))

     for use by SSL/TLS servers; the callback function will be called whenever a
     new session is created, and gets to decide whether the session may be
     cached to make it resumable (return 0) or not (return 1).  (As by the
     SSL/TLS protocol specifications, the session_id sent by the server will be
     empty to indicate that the session is not resumable; also, the server will
     not generate RFC 4507 (RFC 5077) session tickets.)

     A simple reasonable callback implementation is to return is_forward_secure.
     This parameter will be set to 1 or 0 depending on the ciphersuite selected
     by the SSL/TLS server library, indicating whether it can provide forward
     security.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
7b3a9b00	5	Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
aaf35f11	6
b3310161 DSH	7	*) New build option no-ec2m to disable characteristic 2 code.
	8	[Steve Henson]
	9
30b56225 DSH	10	*) New build option "fipscanisteronly". This only builds fipscanister.o
	11	and (currently) associated fips utilities. Uses the file Makefile.fips
	12	instead of Makefile.org as the prototype.
	13	[Steve Henson]
	14
b3d8022e DSH	15	*) Add some FIPS mode restrictions to GCM. Add internal IV generator.
	16	Update fips_gcmtest to use IV generator.
	17	[Steve Henson]
	18
bdaa5415 DSH	19	*) Initial, experimental EVP support for AES-GCM. AAD can be input by
	20	setting output buffer to NULL. The *Final function must be
	21	called although it will not retrieve any additional data. The tag
	22	can be set or retrieved with a ctrl. The IV length is by default 12
	23	bytes (96 bits) but can be set to an alternative value. If the IV
	24	length exceeds the maximum IV length (currently 16 bytes) it cannot be
	25	set before the key.
	26	[Steve Henson]
	27
3da0ca79 DSH	28	*) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
	29	underlying do_cipher function handles all cipher semantics itself
	30	including padding and finalisation. This is useful if (for example)
	31	an ENGINE cipher handles block padding itself. The behaviour of
	32	do_cipher is subtly changed if this flag is set: the return value
	33	is the number of characters written to the output buffer (zero is
	34	no longer an error code) or a negative error code. Also if the
d45087c6	35	input buffer is NULL and length 0 finalisation should be performed.
3da0ca79 DSH	36	[Steve Henson]
3da0ca79 DSH	37
2b3936e8 DSH	38	*) If a candidate issuer certificate is already part of the constructed
	39	path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
	40	[Steve Henson]
	41
7c2d4fee BM	42	*) Improve forward-security support: add functions
	43
	44	void SSL_CTX_set_not_resumable_session_callback(SSL_CTX ctx, int (cb)(SSL *ssl, int is_forward_secure))
	45	void SSL_set_not_resumable_session_callback(SSL ssl, int (cb)(SSL *ssl, int is_forward_secure))
	46
	47	for use by SSL/TLS servers; the callback function will be called whenever a
	48	new session is created, and gets to decide whether the session may be
	49	cached to make it resumable (return 0) or not (return 1). (As by the
	50	SSL/TLS protocol specifications, the session_id sent by the server will be
	51	empty to indicate that the session is not resumable; also, the server will
	52	not generate RFC 4507 (RFC 5077) session tickets.)
	53
	54	A simple reasonable callback implementation is to return is_forward_secure.
	55	This parameter will be set to 1 or 0 depending on the ciphersuite selected
	56	by the SSL/TLS server library, indicating whether it can provide forward
	57	security.
	58