]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
5cacc82f | 5 | Changes between 1.0.0e and 1.0.1 [xx XXX xxxx] |
9472baae | 6 | |
aed53d6c DSH |
7 | *) Add GCM support to TLS library. Some custom code is needed to split |
8 | the IV between the fixed (from PRF) and explicit (from TLS record) | |
9 | portions. This adds all GCM ciphersuites supported by RFC5288 and | |
10 | RFC5289. Generalise some AES* cipherstrings to inlclude GCM and | |
11 | add a special AESGCM string for GCM only. | |
12 | [Steve Henson] | |
13 | ||
14 | *) Expand range of ctrls for AES GCM. Permit setting invocation | |
15 | field on decrypt and retrieval of invocation field only on encrypt. | |
16 | [Steve Henson] | |
17 | ||
c8c6e9ec DSH |
18 | *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support. |
19 | As required by RFC5289 these ciphersuites cannot be used if for | |
20 | versions of TLS earlier than 1.2. | |
21 | [Steve Henson] | |
22 | ||
3a5b97b7 DSH |
23 | *) For FIPS capable OpenSSL interpret a NULL default public key method |
24 | as unset and return the appopriate default but do *not* set the default. | |
25 | This means we can return the appopriate method in applications that | |
26 | swicth between FIPS and non-FIPS modes. | |
27 | [Steve Henson] | |
28 | ||
e8d23f78 DSH |
29 | *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an |
30 | ENGINE is used then we cannot handle that in the FIPS module so we | |
31 | keep original code iff non-FIPS operations are allowed. | |
32 | [Steve Henson] | |
33 | ||
be23b71e BL |
34 | *) Add -attime option to openssl verify. |
35 | [Peter Eckersley <pde@eff.org> and Ben Laurie] | |
36 | ||
752c1a0c DSH |
37 | *) Redirect DSA and DH operations to FIPS module in FIPS mode. |
38 | [Steve Henson] | |
39 | ||
6342b6e3 DSH |
40 | *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use |
41 | FIPS EC methods unconditionally for now. | |
42 | [Steve Henson] | |
43 | ||
f610a516 DSH |
44 | *) New build option no-ec2m to disable characteristic 2 code. |
45 | [Steve Henson] | |
46 | ||
5cacc82f | 47 | *) Backport libcrypto audit of return value checking from 1.1.0-dev; not |
24d7159a DSH |
48 | all cases can be covered as some introduce binary incompatibilities. |
49 | [Steve Henson] | |
50 | ||
53dd05d8 DSH |
51 | *) Redirect RSA operations to FIPS module including keygen, |
52 | encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods. | |
fbe70553 DSH |
53 | [Steve Henson] |
54 | ||
916bcab2 DSH |
55 | *) Add similar low level API blocking to ciphers. |
56 | [Steve Henson] | |
57 | ||
65300dcf DSH |
58 | *) Low level digest APIs are not approved in FIPS mode: any attempt |
59 | to use these will cause a fatal error. Applications that *really* want | |
60 | to use them can use the private_* version instead. | |
61 | [Steve Henson] | |
62 | ||
5792219d DSH |
63 | *) Redirect cipher operations to FIPS module for FIPS builds. |
64 | [Steve Henson] | |
65 | ||
04dc5a9c DSH |
66 | *) Redirect digest operations to FIPS module for FIPS builds. |
67 | [Steve Henson] | |
68 | ||
69 | *) Update build system to add "fips" flag which will link in fipscanister.o | |
70 | for static and shared library builds embedding a signature if needed. | |
71 | [Steve Henson] | |
72 | ||
55a47cd3 DSH |
73 | *) Output TLS supported curves in preference order instead of numerical |
74 | order. This is currently hardcoded for the highest order curves first. | |
75 | This should be configurable so applications can judge speed vs strength. | |
76 | [Steve Henson] | |
77 | ||
b81fde02 DSH |
78 | *) Add TLS v1.2 server support for client authentication. |
79 | [Steve Henson] | |
80 | ||
7043fa70 DSH |
81 | *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers |
82 | and enable MD5. | |
83 | [Steve Henson] | |
84 | ||
f98d2e5c DSH |
85 | *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying |
86 | FIPS modules versions. | |
87 | [Steve Henson] | |
88 | ||
4fe4c00e DSH |
89 | *) Add TLS v1.2 client side support for client authentication. Keep cache |
90 | of handshake records longer as we don't know the hash algorithm to use | |
91 | until after the certificate request message is received. | |
92 | [Steve Henson] | |
93 | ||
9472baae DSH |
94 | *) Initial TLS v1.2 client support. Add a default signature algorithms |
95 | extension including all the algorithms we support. Parse new signature | |
96 | format in client key exchange. Relax some ECC signing restrictions for | |
97 | TLS v1.2 as indicated in RFC5246. | |
98 | [Steve Henson] | |
99 | ||
100 | *) Add server support for TLS v1.2 signature algorithms extension. Switch | |
101 | to new signature format when needed using client digest preference. | |
102 | All server ciphersuites should now work correctly in TLS v1.2. No client | |
103 | support yet and no support for client certificates. | |
104 | [Steve Henson] | |
105 | ||
106 | *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch | |
107 | to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based | |
108 | ciphersuites. At present only RSA key exchange ciphersuites work with | |
109 | TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete | |
110 | SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods | |
111 | and version checking. | |
112 | [Steve Henson] | |
5cacc82f | 113 | |
74096890 DSH |
114 | *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled |
115 | with this defined it will not be affected by any changes to ssl internal | |
116 | structures. Add several utility functions to allow openssl application | |
117 | to work with OPENSSL_NO_SSL_INTERN defined. | |
118 | [Steve Henson] | |
c549810d | 119 | |
a149b246 BL |
120 | *) Add SRP support. |
121 | [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] | |
122 | ||
a618011c DSH |
123 | *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. |
124 | [Steve Henson] | |
125 | ||
48ce525d BM |
126 | *) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for |
127 | elliptic curve NIST-P224 with constant-time single point multiplication on | |
128 | typical inputs. EC_GROUP_new_by_curve_name() will automatically use this | |
129 | (while EC_GROUP_new_curve_GFp() currently won't and prefers the more | |
130 | flexible implementations). | |
131 | ||
132 | The implementation requires support for the nonstandard type __uint128_t, | |
133 | and so is disabled by default. To include this in your build of OpenSSL, | |
134 | use -DEC_NISTP224_64_GCC_128 on the Configure (or config) command line, | |
135 | and run "make depend" (or "make update"). | |
136 |