Skip to content
CHANGES 433 KiB
Newer Older
 OpenSSL CHANGES
Bodo Möller's avatar
Bodo Möller committed
 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
  *) Support for automatic EC temporary key parameter selection. If enabled
     the most preferred EC parameters are automatically used instead of
     hardcoded fixed parameters. Now a server just has to call:
     SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
     support ECDH and use the most appropriate parameters.
     [Steve Henson]

  *) Enhance and tidy EC curve and point format TLS extension code. Use
     static structures instead of allocation if default values are used.
     New ctrls to set curves we wish to support and to retrieve shared curves.
     Print out shared curves in s_server. New options to s_server and s_client
     to set list of supported curves.
     [Steve Henson]

  *) New ctrls to retrieve supported signature algorithms and 
     supported curve values as an array of NIDs. Extend openssl utility
     to print out received values.
     [Steve Henson]

  *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
     between NIDs and the more common NIST names such as "P-256". Enhance
     ecparam utility and ECC method to recognise the NIST names for curves.
     [Steve Henson]

  *) Enhance SSL/TLS certificate chain handling to support different
     chains for each certificate instead of one chain in the parent SSL_CTX.
     [Steve Henson]

  *) Support for fixed DH ciphersuite client authentication: where both
     server and client use DH certificates with common parameters.
     [Steve Henson]

  *) Support for fixed DH ciphersuites: those requiring DH server
     certificates.
     [Steve Henson]

  *) Transparently support X9.42 DH parameters when calling
     PEM_read_bio_DHparameters. This means existing applications can handle
     the new parameter format automatically.
     [Steve Henson]

  *) Initial experimental support for X9.42 DH parameter format: mainly
     to support use of 'q' parameter for RFC5114 parameters.
     [Steve Henson]

  *) Add DH parameters from RFC5114 including test data to dhtest.
     [Steve Henson]

  *) Update fips_test_suite to support multiple command line options. New
     test to induce all self test errors in sequence and check expected
     failures.
     [Steve Henson]

  *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and
     sign or verify all in one operation.
     [Steve Henson]

  *) Add fips_algvs: a multicall fips utility incorporaing all the algorithm
     test programs and fips_test_suite. Includes functionality to parse
     the minimal script output of fipsalgest.pl directly.
  *) Add authorisation parameter to FIPS_module_mode_set().
     [Steve Henson]

  *) Add FIPS selftest for ECDH algorithm using P-224 and B-233 curves.
     [Steve Henson]

  *) Use separate DRBG fields for internal and external flags. New function
     FIPS_drbg_health_check() to perform on demand health checking. Add
     generation tests to fips_test_suite with reduced health check interval to 
     demonstrate periodic health checking. Add "nodh" option to
     fips_test_suite to skip very slow DH test.
     [Steve Henson]

  *) New function FIPS_get_cipherbynid() to lookup FIPS supported ciphers
     based on NID.
     [Steve Henson]

  *) More extensive health check for DRBG checking many more failure modes.
     New function FIPS_selftest_drbg_all() to handle every possible DRBG
     combination: call this in fips_test_suite.
     [Steve Henson]

  *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test
     and POST to handle Dual EC cases.
     [Steve Henson]

  *) Add support for canonical generation of DSA parameter 'g'. See 
     FIPS 186-3 A.2.3.

  *) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and
     POST to handle HMAC cases.
     [Steve Henson]

  *) Add functions FIPS_module_version() and FIPS_module_version_text()
     to return numberical and string versions of the FIPS module number.
     [Steve Henson]

  *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
     FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implmeneted
     outside the validated module in the FIPS capable OpenSSL.
     [Steve Henson]

  *) Minor change to DRBG entropy callback semantics. In some cases
     there is no mutiple of the block length between min_len and
     max_len. Allow the callback to return more than max_len bytes
     of entropy but discard any extra: it is the callback's responsibility
     to ensure that the extra data discarded does not impact the
     requested amount of entropy.
     [Steve Henson]

  *) Add PRNG security strength checks to RSA, DSA and ECDSA using 
     information in FIPS186-3, SP800-57 and SP800-131A.
     [Steve Henson]

  *) CCM support via EVP. Interface is very similar to GCM case except we
     must supply all data in one chunk (i.e. no update, final) and the
     message length must be supplied if AAD is used. Add algorithm test
     support.
  *) Initial version of POST overhaul. Add POST callback to allow the status
     of POST to be monitored and/or failures induced. Modify fips_test_suite
     to use callback. Always run all selftests even if one fails.
     [Steve Henson]

  *) XTS support including algorithm test driver in the fips_gcmtest program.
     Note: this does increase the maximum key length from 32 to 64 bytes but
     there should be no binary compatibility issues as existing applications
     will never use XTS mode.
     [Steve Henson]

  *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies
     to OpenSSL RAND code and replace with a tiny FIPS RAND API which also
     performs algorithm blocking for unapproved PRNG types. Also do not
     set PRNG type in FIPS_mode_set(): leave this to the application.
     Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with
Dr. Stephen Henson's avatar
Dr. Stephen Henson committed
     the standard OpenSSL PRNG: set additional data to a date time vector.
  *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
     This shouldn't present any incompatibility problems because applications
     shouldn't be using these directly and any that are will need to rethink
     anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
     [Steve Henson]

  *) Extensive self tests and health checking required by SP800-90 DRBG.
     Remove strength parameter from FIPS_drbg_instantiate and always
     instantiate at maximum supported strength.
     [Steve Henson]

  *) Add ECDH code to fips module and fips_ecdhvs for primitives only testing.
     [Steve Henson]

  *) New algorithm test program fips_dhvs to handle DH primitives only testing.
     [Steve Henson]

  *) New function DH_compute_key_padded() to compute a DH key and pad with
     leading zeroes if needed: this complies with SP800-56A et al.
     [Steve Henson]

  *) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by
     anything, incomplete, subject to change and largely untested at present.
     [Steve Henson]

  *) Modify fipscanisteronly build option to only build the necessary object
     files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile.
     [Steve Henson]

  *) Add experimental option FIPSSYMS to give all symbols in
     fipscanister.o and FIPS or fips prefix. This will avoid
     conflicts with future versions of OpenSSL. Add perl script
     util/fipsas.pl to preprocess assembly language source files
     and rename any affected symbols.
  *) Add selftest checks and algorithm block of non-fips algorithms in
     FIPS mode. Remove DES2 from selftests.
     [Steve Henson]

  *) Add ECDSA code to fips module. Add tiny fips_ecdsa_check to just
     return internal method without any ENGINE dependencies. Add new
     tiny fips sign and verify functions.
  *) New build option no-ec2m to disable characteristic 2 code.
     [Steve Henson]

  *) New build option "fipscanisteronly". This only builds fipscanister.o
     and (currently) associated fips utilities. Uses the file Makefile.fips
     instead of Makefile.org as the prototype.
     [Steve Henson]

Loading full blame...