projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 81a6c781 | 1 | |
| f1c236f8 | 2 | OpenSSL CHANGES |
| 651d0aff RE |
3 | _______________ |
| 4 | ||
| f3dcae15 | 5 | Changes between 1.0.0h and 1.0.1 [14 Mar 2012] |
| 9472baae | 6 | |
| 0cd7a032 DSH |
7 | *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET |
| 8 | STRING form instead of a DigestInfo. | |
| 9 | [Steve Henson] | |
| 10 | ||
| 16b7c81d DSH |
11 | *) The format used for MDC2 RSA signatures is inconsistent between EVP |
| 12 | and the RSA_sign/RSA_verify functions. This was made more apparent when | |
| 13 | OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular | |
| 14 | those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect | |
| 15 | the correct format in RSA_verify so both forms transparently work. | |
| 16 | [Steve Henson] | |
| 17 | ||
| fc6800d1 DSH |
18 | *) Some servers which support TLS 1.0 can choke if we initially indicate |
| 19 | support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA | |
| 20 | encrypted premaster secret. As a workaround use the maximum pemitted | |
| 21 | client version in client hello, this should keep such servers happy | |
| 22 | and still work with previous versions of OpenSSL. | |
| 23 | [Steve Henson] | |
| 24 | ||
| bd6941cf DSH |
25 | *) Add support for TLS/DTLS heartbeats. |
| 26 | [Robin Seggelmann <seggelmann@fh-muenster.de>] | |
| 27 | ||
| 6e750fcb DSH |
28 | *) Add support for SCTP. |
| 29 | [Robin Seggelmann <seggelmann@fh-muenster.de>] | |
| 30 | ||
| 62308f3f DSH |
31 | *) Improved PRNG seeding for VOS. |
| 32 | [Paul Green <Paul.Green@stratus.com>] | |
| 33 | ||
| cecafcce AP |
34 | *) Extensive assembler packs updates, most notably: |
| 35 | ||
| 36 | - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; | |
| 37 | - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); | |
| 38 | - x86_64: bit-sliced AES implementation; | |
| 39 | - ARM: NEON support, contemporary platforms optimizations; | |
| 40 | - s390x: z196 support; | |
| 41 | - *: GHASH and GF(2^m) multiplication implementations; | |
| 42 | ||
| 43 | [Andy Polyakov] | |
| 44 | ||
| ca0efb75 DSH |
45 | *) Make TLS-SRP code conformant with RFC 5054 API cleanup |
| 46 | (removal of unnecessary code) | |
| 47 | [Peter Sylvester <peter.sylvester@edelweb.fr>] | |
| 48 | ||
| b1d74291 BL |
49 | *) Add TLS key material exporter from RFC 5705. |
| 50 | [Eric Rescorla] | |
| 51 | ||
| 060a38a2 BL |
52 | *) Add DTLS-SRTP negotiation from RFC 5764. |
| 53 | [Eric Rescorla] | |
| 54 | ||
| e2809bfb BL |
55 | *) Add Next Protocol Negotiation, |
| 56 | http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be | |
| 57 | disabled with a no-npn flag to config or Configure. Code donated | |
| 58 | by Google. | |
| 59 | [Adam Langley <agl@google.com> and Ben Laurie] | |
| 60 | ||
| 9c37519b BM |
61 | *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224, |
| 62 | NIST-P256, NIST-P521, with constant-time single point multiplication on | |
| 63 | typical inputs. Compiler support for the nonstandard type __uint128_t is | |
| 3d520f7c BM |
64 | required to use this (present in gcc 4.4 and later, for 64-bit builds). |
| 65 | Code made available under Apache License version 2.0. | |
| 9c37519b | 66 | |
| 3d520f7c BM |
67 | Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command |
| 68 | line to include this in your build of OpenSSL, and run "make depend" (or | |
| 69 | "make update"). This enables the following EC_METHODs: | |
| 9c37519b BM |
70 | |
| 71 | EC_GFp_nistp224_method() | |
| 72 | EC_GFp_nistp256_method() | |
| 73 | EC_GFp_nistp521_method() | |
| 74 | ||
| 75 | EC_GROUP_new_by_curve_name() will automatically use these (while | |
| 76 | EC_GROUP_new_curve_GFp() currently prefers the more flexible | |
| 77 | implementations). | |
| 78 |