OpenSSL CHANGES
_______________
+ Changes between 0.9.8 and 0.9.9 [xx XXX xxxx]
+
+ *)
+
Changes between 0.9.7h and 0.9.8 [xx XXX xxxx]
+ *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+ involves renaming the source and generated shared-libs for
+ both. The engines will accept the corrected or legacy ids
+ ('ncipher' and '4758_cca' respectively) when binding. NB,
+ this only applies when building 'shared'.
+ [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
+
*) Add attribute functions to EVP_PKEY structure. Modify
PKCS12_create() to recognize a CSP name attribute and
use it. Make -CSP option work again in pkcs12 utility.
Changes between 0.9.7g and 0.9.7h [XX xxx XXXX]
+ *) Minimal support for X9.31 signatures and PSS padding modes. This is
+ mainly for FIPS compliance and not fully integrated at this stage.
+ [Steve Henson]
+
+ *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+ the exponentiation using a fixed-length exponent. (Otherwise,
+ the information leaked through timing could expose the secret key
+ after many signatures; cf. Bleichenbacher's attack on DSA with
+ biased k.)
+ [Bodo Moeller]
+
*) Make a new fixed-window mod_exp implementation the default for
- RSA, DSA, and DH private-key operations to mitigate the
- hyper-threading timing attacks pointed out by Colin Percival
- (http://www.daemonology.net/hyperthreading-considered-harmful/),
- and potential related attacks.
+ RSA, DSA, and DH private-key operations so that the sequence of
+ squares and multiplies and the memory access pattern are
+ independent of the particular secret key. This will mitigate
+ cache-timing and potential related attacks.
BN_mod_exp_mont_consttime() is the new exponentiation implementation,
and this is automatically used by BN_mod_exp_mont() if the new flag