« Changelog History


OpenSSL v1.0.0.h Release Notes

Release Date: 2012-03-14 // about 12 years ago
    • Add compatibility with old MDC2 signatures which use an ASN1 OCTET STRING form instead of a DigestInfo.

    Steve Henson

    • The format used for MDC2 RSA signatures is inconsistent between EVP and the RSA_sign/RSA_verify functions. This was made more apparent when OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect the correct format in RSA_verify so both forms transparently work.

    Steve Henson

    • Some servers which support TLS 1.0 can choke if we initially indicate support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA encrypted premaster secret. As a workaround use the maximum permitted client version in client hello, this should keep such servers happy and still work with previous versions of OpenSSL.

    Steve Henson

    • Add support for TLS/DTLS heartbeats.

    Robin Seggelmann [email protected]

    • Add support for SCTP.

    Robin Seggelmann [email protected]

    • Improved PRNG seeding for VOS.

    Paul Green [email protected]

    • Extensive assembler packs updates, most notably:

      • x86[_64]: AES-NI, PCLMULQDQ, RDRAND support;
      • x86[_64]: SSSE3 support (SHA1, vector-permutation AES);
      • x86_64: bit-sliced AES implementation;
      • ARM: NEON support, contemporary platforms optimizations;
      • s390x: z196 support;
      • *: GHASH and GF(2m) multiplication implementations;

    Andy Polyakov

    • Make TLS-SRP code conformant with RFC 5054 API cleanup (removal of unnecessary code)

    Peter Sylvester [email protected]

    • Add TLS key material exporter from RFC 5705.

    Eric Rescorla

    • Add DTLS-SRTP negotiation from RFC 5764.

    Eric Rescorla

    Adam Langley [email protected] and Ben Laurie

    • Add optional 64-bit optimized implementations of elliptic curves NIST-P224, NIST-P256, NIST-P521, with constant-time single point multiplication on typical inputs. Compiler support for the nonstandard type __uint128_t is required to use this (present in gcc 4.4 and later, for 64-bit builds). Code made available under Apache License version 2.0.

    Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command line to include this in your build of OpenSSL, and run "make depend" (or "make update"). This enables the following EC_METHODs:

           EC_GFp_nistp224_method()
       EC_GFp_nistp256_method()
       EC_GFp_nistp521_method()

    EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations).

    Emilia Käsper, Adam Langley, Bodo Moeller (Google)

    • Use type ossl_ssize_t instead of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public header file e_os2.h as it now appears in public header file cms.h

    Steve Henson

    • New -sigopt option to the ca, req and x509 utilities. Additional signature parameters can be passed using this option and in particular PSS.

    Steve Henson

    • Add RSA PSS signing function. This will generate and set the appropriate AlgorithmIdentifiers for PSS based on those in the corresponding EVP_MD_CTX structure. No application support yet.

    Steve Henson

    • Support for companion algorithm specific ASN1 signing routines. New function ASN1_item_sign_ctx() signs a pre-initialised EVP_MD_CTX structure and sets AlgorithmIdentifiers based on the appropriate parameters.

    Steve Henson

    • Add new algorithm specific ASN1 verification initialisation function to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1 handling will be the same no matter what EVP_PKEY_METHOD is used. Add a PSS handler to support verification of PSS signatures: checked against a number of sample certificates.

    Steve Henson

    • Add signature printing for PSS. Add PSS OIDs.

    Steve Henson, Martin Kaiser [email protected]

    • Add algorithm specific signature printing. An individual ASN1 method can now print out signatures instead of the standard hex dump.

    More complex signatures (e.g. PSS) can print out more meaningful information. Include DSA version that prints out the signature parameters r, s.

    Steve Henson

    • Password based recipient info support for CMS library: implementing RFC3211.

    Steve Henson

    • Split password based encryption into PBES2 and PBKDF2 functions. This neatly separates the code into cipher and PBE sections and is required for some algorithms that split PBES2 into separate pieces (such as password based CMS).

    Steve Henson

    • Session-handling fixes:
      • Fix handling of connections that are resuming with a session ID, but also support Session Tickets.
      • Fix a bug that suppressed issuing of a new ticket if the client presented a ticket with an expired session.
      • Try to set the ticket lifetime hint to something reasonable.
      • Make tickets shorter by excluding irrelevant information.
      • On the client side, don't ignore renewed tickets.

    Adam Langley, Bodo Moeller (Google)

    • Fix PSK session representation.

    Bodo Moeller

    • Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.

    This work was sponsored by Intel.

    Andy Polyakov

    • Add GCM support to TLS library. Some custom code is needed to split the IV between the fixed (from PRF) and explicit (from TLS record) portions. This adds all GCM ciphersuites supported by RFC5288 and RFC5289. Generalise some AES* cipherstrings to include GCM and add a special AESGCM string for GCM only.

    Steve Henson

    • Expand range of ctrls for AES GCM. Permit setting invocation field on decrypt and retrieval of invocation field only on encrypt.

    Steve Henson

    • Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support. As required by RFC5289 these ciphersuites cannot be used if for versions of TLS earlier than 1.2.

    Steve Henson

    • For FIPS capable OpenSSL interpret a NULL default public key method as unset and return the appropriate default but do not set the default. This means we can return the appropriate method in applications that switch between FIPS and non-FIPS modes.

    Steve Henson

    • Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an ENGINE is used then we cannot handle that in the FIPS module so we keep original code iff non-FIPS operations are allowed.

    Steve Henson

    • Add -attime option to openssl utilities.

    Peter Eckersley [email protected], Ben Laurie and Steve Henson

    • Redirect DSA and DH operations to FIPS module in FIPS mode.

    Steve Henson

    • Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use FIPS EC methods unconditionally for now.

    Steve Henson

    • New build option no-ec2m to disable characteristic 2 code.

    Steve Henson

    • Backport libcrypto audit of return value checking from 1.1.0-dev; not all cases can be covered as some introduce binary incompatibilities.

    Steve Henson

    • Redirect RSA operations to FIPS module including keygen, encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.

    Steve Henson

    • Add similar low level API blocking to ciphers.

    Steve Henson

    • Low level digest APIs are not approved in FIPS mode: any attempt to use these will cause a fatal error. Applications that really want to use them can use the private_* version instead.

    Steve Henson

    • Redirect cipher operations to FIPS module for FIPS builds.

    Steve Henson

    • Redirect digest operations to FIPS module for FIPS builds.

    Steve Henson

    • Update build system to add "fips" flag which will link in fipscanister.o for static and shared library builds embedding a signature if needed.

    Steve Henson

    • Output TLS supported curves in preference order instead of numerical order. This is currently hardcoded for the highest order curves first. This should be configurable so applications can judge speed vs strength.

    Steve Henson

    • Add TLS v1.2 server support for client authentication.

    Steve Henson

    • Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers and enable MD5.

    Steve Henson

    • Functions FIPS_mode_set() and FIPS_mode() which call the underlying FIPS modules versions.

    Steve Henson

    • Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don't know the hash algorithm to use until after the certificate request message is received.

    Steve Henson

    • Initial TLS v1.2 client support. Add a default signature algorithms extension including all the algorithms we support. Parse new signature format in client key exchange. Relax some ECC signing restrictions for TLS v1.2 as indicated in RFC5246.

    Steve Henson

    • Add server support for TLS v1.2 signature algorithms extension. Switch to new signature format when needed using client digest preference. All server ciphersuites should now work correctly in TLS v1.2. No client support yet and no support for client certificates.

    Steve Henson

    • Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based ciphersuites. At present only RSA key exchange ciphersuites work with TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods and version checking.

    Steve Henson

    • New option OPENSSL_NO_SSL_INTERN. If an application can be compiled with this defined it will not be affected by any changes to ssl internal structures. Add several utility functions to allow openssl application to work with OPENSSL_NO_SSL_INTERN defined.

    Steve Henson

    • A long standing patch to add support for SRP from EdelWeb (Peter Sylvester and Christophe Renou) was integrated. Christophe Renou [email protected], Peter Sylvester [email protected], Tom Wu [email protected], and Ben Laurie

    • Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.

    Steve Henson

    • Permit abbreviated handshakes when renegotiating using the function SSL_renegotiate_abbreviated().

    Robin Seggelmann [email protected]

    • Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), so some implementations get used automatically instead of needing explicit application support.

    Steve Henson

    • Add support for TLS key exporter as described in RFC5705.

    Robin Seggelmann [email protected], Steve Henson

    • Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only a few changes are required:

      Add SSL_OP_NO_TLSv1_1 flag. Add TLSv1_1 methods. Update version checking logic to handle version 1.1. Add explicit IV handling (ported from DTLS code). Add command line options to s_client/s_server.

    Steve Henson

    OpenSSL 1.0.0