[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]

  *) Support for fixed DH ciphersuites: those requiring DH server
     certificates.
     [Steve Henson]

 Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]

  *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
     [Andy Polyakov]

 Changes between 1.0.0h and 1.0.1  [14 Mar 2012]

  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
     STRING form instead of a DigestInfo.
     [Steve Henson]

  *) The format used for MDC2 RSA signatures is inconsistent between EVP
     and the RSA_sign/RSA_verify functions. This was made more apparent when
     OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
     those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect 
     the correct format in RSA_verify so both forms transparently work.
     [Steve Henson]

  *) Some servers which support TLS 1.0 can choke if we initially indicate
     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
     encrypted premaster secret. As a workaround use the maximum pemitted
     client version in client hello, this should keep such servers happy
     and still work with previous versions of OpenSSL.
     [Steve Henson]

  *) Add support for TLS/DTLS heartbeats.
     [Robin Seggelmann <seggelmann@fh-muenster.de>]

  *) Add support for SCTP.
     [Robin Seggelmann <seggelmann@fh-muenster.de>]

  *) Improved PRNG seeding for VOS.
     [Paul Green <Paul.Green@stratus.com>]

  *) Extensive assembler packs updates, most notably:

	- x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
	- x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
	- x86_64:       bit-sliced AES implementation;
	- ARM:          NEON support, contemporary platforms optimizations;
	- s390x:        z196 support;
	- *:            GHASH and GF(2^m) multiplication implementations;

     [Andy Polyakov]

  *) Make TLS-SRP code conformant with RFC 5054 API cleanup
     (removal of unnecessary code)
     [Peter Sylvester <peter.sylvester@edelweb.fr>]

  *) Add TLS key material exporter from RFC 5705.
     [Eric Rescorla]

  *) Add DTLS-SRTP negotiation from RFC 5764.
     [Eric Rescorla]

  *) Add Next Protocol Negotiation,
     http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
     disabled with a no-npn flag to config or Configure. Code donated
     by Google.
     [Adam Langley <agl@google.com> and Ben Laurie]

  *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
     NIST-P256, NIST-P521, with constant-time single point multiplication on
     typical inputs. Compiler support for the nonstandard type __uint128_t is
     required to use this (present in gcc 4.4 and later, for 64-bit builds).
     Code made available under Apache License version 2.0.

     Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
     line to include this in your build of OpenSSL, and run "make depend" (or
     "make update"). This enables the following EC_METHODs:

         EC_GFp_nistp224_method()
         EC_GFp_nistp256_method()
         EC_GFp_nistp521_method()

     EC_GROUP_new_by_curve_name() will automatically use these (while
     EC_GROUP_new_curve_GFp() currently prefers the more flexible
     implementations).
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
b9115239 DSH	5	Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]
b9115239 DSH	6
0ffa4997 DSH	7	*) Support for fixed DH ciphersuites: those requiring DH server
	8	certificates.
	9	[Steve Henson]
b9115239	10
54543b95 AP	11	Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
	12
	13	*) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
	14	[Andy Polyakov]
	15
f3dcae15	16	Changes between 1.0.0h and 1.0.1 [14 Mar 2012]
9472baae	17
0cd7a032 DSH	18	*) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
	19	STRING form instead of a DigestInfo.
	20	[Steve Henson]
	21
16b7c81d DSH	22	*) The format used for MDC2 RSA signatures is inconsistent between EVP
	23	and the RSA_sign/RSA_verify functions. This was made more apparent when
	24	OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
	25	those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect
	26	the correct format in RSA_verify so both forms transparently work.
	27	[Steve Henson]
	28
fc6800d1 DSH	29	*) Some servers which support TLS 1.0 can choke if we initially indicate
	30	support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
	31	encrypted premaster secret. As a workaround use the maximum pemitted
	32	client version in client hello, this should keep such servers happy
	33	and still work with previous versions of OpenSSL.
	34	[Steve Henson]
	35
bd6941cf DSH	36	*) Add support for TLS/DTLS heartbeats.
	37	[Robin Seggelmann <seggelmann@fh-muenster.de>]
	38
6e750fcb DSH	39	*) Add support for SCTP.
	40	[Robin Seggelmann <seggelmann@fh-muenster.de>]
	41
62308f3f DSH	42	*) Improved PRNG seeding for VOS.
	43	[Paul Green <Paul.Green@stratus.com>]
	44
cecafcce AP	45	*) Extensive assembler packs updates, most notably:
	46
	47	- x86[_64]: AES-NI, PCLMULQDQ, RDRAND support;
	48	- x86[_64]: SSSE3 support (SHA1, vector-permutation AES);
	49	- x86_64: bit-sliced AES implementation;
	50	- ARM: NEON support, contemporary platforms optimizations;
	51	- s390x: z196 support;
	52	- *: GHASH and GF(2^m) multiplication implementations;
	53
	54	[Andy Polyakov]
	55
ca0efb75 DSH	56	*) Make TLS-SRP code conformant with RFC 5054 API cleanup
	57	(removal of unnecessary code)
	58	[Peter Sylvester <peter.sylvester@edelweb.fr>]
	59
b1d74291 BL	60	*) Add TLS key material exporter from RFC 5705.
	61	[Eric Rescorla]
	62
060a38a2 BL	63	*) Add DTLS-SRTP negotiation from RFC 5764.
	64	[Eric Rescorla]
	65
e2809bfb BL	66	*) Add Next Protocol Negotiation,
	67	http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
	68	disabled with a no-npn flag to config or Configure. Code donated
	69	by Google.
	70	[Adam Langley <agl@google.com> and Ben Laurie]
	71
9c37519b BM	72	*) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
	73	NIST-P256, NIST-P521, with constant-time single point multiplication on
	74	typical inputs. Compiler support for the nonstandard type __uint128_t is
3d520f7c BM	75	required to use this (present in gcc 4.4 and later, for 64-bit builds).
3d520f7c BM	76	Code made available under Apache License version 2.0.
9c37519b	77
3d520f7c BM	78	Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
	79	line to include this in your build of OpenSSL, and run "make depend" (or
	80	"make update"). This enables the following EC_METHODs:
9c37519b BM	81
	82	EC_GFp_nistp224_method()
	83	EC_GFp_nistp256_method()
	84	EC_GFp_nistp521_method()
	85
	86	EC_GROUP_new_by_curve_name() will automatically use these (while
	87	EC_GROUP_new_curve_GFp() currently prefers the more flexible
	88	implementations).
	89