X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=1633d27975c91f122c4e9266b2c3cf4e56e8ffbf;hp=237234db9ef20cbc796589bd0bd84537fdec092f;hb=992bdde62d2eea57bb85935a0c1a0ef0ca59b3da;hpb=25c6542944821afc0693ca7027c769cc8775e90d diff --git a/CHANGES b/CHANGES index 237234db9e..1633d27975 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,136 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + + *) Add TLS v1.2 server support for client authentication. + [Steve Henson] + + *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers + and enable MD5. + [Steve Henson] + + *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying + FIPS modules versions. + [Steve Henson] + + *) Add TLS v1.2 client side support for client authentication. Keep cache + of handshake records longer as we don't know the hash algorithm to use + until after the certificate request message is received. + [Steve Henson] + + *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and + FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implmeneted + outside the validated module in the FIPS capable OpenSSL. + [Steve Henson] + + *) Initial TLS v1.2 client support. Add a default signature algorithms + extension including all the algorithms we support. Parse new signature + format in client key exchange. Relax some ECC signing restrictions for + TLS v1.2 as indicated in RFC5246. + [Steve Henson] + + *) Add server support for TLS v1.2 signature algorithms extension. Switch + to new signature format when needed using client digest preference. + All server ciphersuites should now work correctly in TLS v1.2. No client + support yet and no support for client certificates. + [Steve Henson] + + *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch + to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based + ciphersuites. At present only RSA key exchange ciphersuites work with + TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete + SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods + and version checking. + [Steve Henson] + + *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled + with this defined it will not be affected by any changes to ssl internal + structures. Add several utility functions to allow openssl application + to work with OPENSSL_NO_SSL_INTERN defined. + [Steve Henson] + + *) Minor change to DRBG entropy callback semantics. In some cases + there is no mutiple of the block length between min_len and + max_len. Allow the callback to return more than max_len bytes + of entropy but discard any extra: it is the callback's responsibility + to ensure that the extra data discarded does not impact the + requested amount of entropy. + [Steve Henson] + + *) Add PRNG security strength checks to RSA, DSA and ECDSA using + information in FIPS186-3, SP800-57 and SP800-131A. + [Steve Henson] + + *) CCM support via EVP. Interface is very similar to GCM case except we + must supply all data in one chunk (i.e. no update, final) and the + message length must be supplied if AAD is used. Add algorithm test + support. + [Steve Henson] + + *) Initial version of POST overhaul. Add POST callback to allow the status + of POST to be monitored and/or failures induced. Modify fips_test_suite + to use callback. Always run all selftests even if one fails. + [Steve Henson] + + *) XTS support including algorithm test driver in the fips_gcmtest program. + Note: this does increase the maximum key length from 32 to 64 bytes but + there should be no binary compatibility issues as existing applications + will never use XTS mode. + [Steve Henson] + + *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies + to OpenSSL RAND code and replace with a tiny FIPS RAND API which also + performs algorithm blocking for unapproved PRNG types. Also do not + set PRNG type in FIPS_mode_set(): leave this to the application. + Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with + the standard OpenSSL PRNG: set additional data to a date time vector. + [Steve Henson] + + *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*. + This shouldn't present any incompatibility problems because applications + shouldn't be using these directly and any that are will need to rethink + anyway as the X9.31 PRNG is now deprecated by FIPS 140-2 + [Steve Henson] + + *) Extensive self tests and health checking required by SP800-90 DRBG. + Remove strength parameter from FIPS_drbg_instantiate and always + instantiate at maximum supported strength. + [Steve Henson] + + *) Add SRP support. + [Tom Wu and Ben Laurie] + + *) Add ECDH code to fips module and fips_ecdhvs for primitives only testing. + [Steve Henson] + + *) New algorithm test program fips_dhvs to handle DH primitives only testing. + [Steve Henson] + + *) New function DH_compute_key_padded() to compute a DH key and pad with + leading zeroes if needed: this complies with SP800-56A et al. + [Steve Henson] + + *) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by + anything, incomplete, subject to change and largely untested at present. + [Steve Henson] + + *) Modify fipscanisteronly build option to only build the necessary object + files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile. + [Steve Henson] + + *) Add experimental option FIPSSYMS to give all symbols in + fipscanister.o and FIPS or fips prefix. This will avoid + conflicts with future versions of OpenSSL. Add perl script + util/fipsas.pl to preprocess assembly language source files + and rename any affected symbols. + [Steve Henson] + *) Add selftest checks and algorithm block of non-fips algorithms in FIPS mode. Remove DES2 from selftests. [Steve Henson]