v. 2.5 - added license note v. 2.5 (RC 1) - fixed mobicore trustlet build linker error with trampoline-armv4.S - used toolchains for library build: - QSEE (TZ OS version 4.0.6 and above): llvm 8.0.9 - TEEGRIS (TZ OS version 4 and above): Teegris SDK v4.1.0, name of corresponding library contains tag "teegris4" - set default symbol visibility as hidden - enabled relocation read-only option for TEEGRIS (version 4) system library v. 2.5 (beta 2) - removed "#include " from public headers: include/openssl/base.h include/openssl/thread.h v. 2.5 (beta 1) - version of BoringSSL API is "9", version OpenSSL is 0x1010007f - improved imprint scheme: used HMAC SHA-256 instead of HMAC SHA-1, renamed script "imprint" to "imprint256". WARNING: incompatible with imprint scheme of previous versions of SCrypto - added function "ECDH_compute_key_fips" that uses appropriate SHA function as KDF - modified macro "OPENSSL_COMPILE_ASSERT(condition, msg_as_variable)" to "OPENSSL_STATIC_ASSERT(condition, msg_as_string)" - modified structure "bignum_st" (aka BIGNUM): renamed field "top" to "width" - modified structure "rsa_st" (aka RSA): added fields "d_fixed", "dmp1_fixed", "dmq1_fixed", "inv_small_mod_large_mont", "private_key_frozen" - removed functions like "EVP_aes_128_cfb...", "EVP_aes_192_cfb...", "EVP_aes_256_cfb..." - added a structured-lattice-based post-quantum key encapsulation mechanism HRSS - used toolchains for library build: - QSEE (TZ OS version 4.0.6 and above): llvm 4.0.11 - TEEGRIS (TZ OS version 3.0): Teegris SDK v3.0.0 update 4 (2018-10-30), name of corresponding library contains tag "teegris3" - TEEGRIS (TZ OS version 4 and above): Teegris SDK v4.0.0_Beta, name of corresponding library contains tag "teegris4" - other changes are below: aead: added EVP_aead_xchacha20_poly1305, EVP_aead_aes_128_ccm_bluetooth, evp_aead_ctx_st_state, EVP_aead_aes_128_gcm_tls13, EVP_aead_aes_256_gcm_tls13 changed evp_aead_ctx_st (aka EVP_AEAD_CTX), EVP_AEAD_MAX_NONCE_LENGTH removed EVP_aead_aes_128_cbc_sha1_ssl3, EVP_aead_aes_256_cbc_sha1_ssl3, EVP_aead_des_ede3_cbc_sha1_ssl3, EVP_aead_null_sha1_ssl3 asn1: removed D2I_OF, I2D_OF, I2D_OF_const, CHECKED_D2I_OF, CHECKED_I2D_OF, CHECKED_NEW_OF, CHECKED_PPTR_OF, d2i_ASN1_UINTEGER, ASN1_dup, ASN1_d2i_bio, ASN1_i2d_bio bio: added BIO_write_all bn: added BN_count_low_zero_bits, BN_MONT_CTX_new_consttime, BN_bn2binpad changed bignum_st removed BN_less_than_consttime bytestring: added CBS_get_u64, CBB_add_u64 cipher: added EVP_CIPHER_CTX_encrypting added as deprecated EVP_aes_192_ofb, EVP_des_ede3_ecb removed EVP_aes_128_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb128, EVP_aes_192_cfb1, EVP_aes_192_cfb8, EVP_aes_256_cfb128, EVP_aes_256_cfb1, EVP_aes_256_cfb8 cmac: added CMAC_CTX_copy ec: added EC_GROUP_order_bits, EC_curve_nid2nist, EC_curve_nist2nid removed EC_POINT_make_affine, EC_POINTs_make_affine ec_key: added EC_KEY_key2buf removed EC_KEY_copy ecdh: added ECDH_compute_key_fips evp: added EVP_PKEY_paramgen_init, EVP_PKEY_paramgen added as deprecated d2i_PublicKey, EVP_PKEY_get1_DH, EVP_PKEY_CTX_set_ec_param_enc lhash: changed lh_retrieve, lh_retrieve_key, lh_insert, lh_delete: specified prototypes of callback functions mem: added OPENSSL_clear_free as a wrapper for OPENSSL_free, note: OPENSSL_free already zeros the allocated memory, see release notes of v. 2.4 (RC 1) pkcs7: added as deprecated PKCS7_SIGNED, PKCS7_SIGN_ENVELOPE, PKCS7, d2i_PKCS7, d2i_PKCS7_bio, i2d_PKCS7, i2d_PKCS7_bio, PKCS7_free, PKCS7_type_is_data, PKCS7_type_is_digest, PKCS7_type_is_encrypted, PKCS7_type_is_enveloped, PKCS7_type_is_signed, PKCS7_type_is_signedAndEnveloped, PKCS7_sign pkcs8: added as deprecated i2d_PKCS12, i2d_PKCS12_bio, i2d_PKCS12_fp, PKCS12_create pool: added CRYPTO_BUFFER_alloc rsa: added RSA_print changed rsa_st sha: added SHA256_TransformBlocks changed sha512_state_st removed SHA384_Transform stack: added sk_pop_free_ex changed prototype of sk_find, sk_deep_copy, sk_pop_free type_check: added OPENSSL_STATIC_ASSERT removed OPENSSL_COMPILE_ASSERT, CHECKED_PTR_OF x509: added X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, d2i_DHparams_bio, i2d_DHparams_bio, i2d_re_X509_tbs, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, i2d_re_X509_REQ_tbs, X509_CRL_get0_signature, X509_CRL_get_signature_nid, i2d_re_X509_CRL_tbs, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate x509v3: added X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage removed X509V3_EXT_CRL_add_conf, hex_to_string, string_to_hex, name_cmp v. 2.4.3 - changed names of cache objects FIPS_SELFTEST_STATUS_SOURCE under Teegris SDK v4: from "fips/fips_selftest_status_source_64" to "/fips/fips_selftest_status_source_64" from "fips/fips_selftest_status_source_32" to "/fips/fips_selftest_status_source_32" - added MTK x32 platform support (chipset mtk6765), name of corresponding library contains tag "mediatek" - added symbol versioning for TEEGRIS platform under Teegris SDK v4 - made shared library executable for TEEGRIS platform under Teegris SDK v4 to run selftest without trustlet v. 2.4.2 - added support of chipsets with limited HW capabilities for MC (KINIBI): CE disabled, NEON enabled, name of corresponding library has suffix "_neon" - switched from HWRNG to PRNG to speed up obtaining additional_data in DRBG - added freeing of EC precomputed data via destructor on QSEE (except legacy) and TEEGRIS - added zeroization of CTR DRBG data via destructor on QSEE (except legacy) and TEEGRIS v. 2.4.1 - added info of machine bitness to the log output - modified binary naming scheme - added extended version info to output file name of binary - module version string definition FIPS_SCRYPTO_MODULE_VERSION_STR was moved from include/openssl/base.h to include/openssl/scrypto_version.h - added numerical module version definition FIPS_SCRYPTO_MODULE_VERSION_NUM (include/openssl/scrypto_version.h) v. 2.4 - added functional tests ECDH, KBKDF and AES KW - removed functional tests RSA PSS and DSA - used toolchains for library build: - QSEE (TZ OS version 4.0.6 and above): llvm 4.0.11 - TEEGRIS (TZ OS version 3.0 and above): Teegris SDK v3.0.0 update 4 (2018-10-30) v. 2.4 (RC 2) - added KBKDF, AES KW and ECDH selftests - removed RSA PSS selftest - removed DSA from FIPS boundary - removed function DSA_generate_key_fips from DSA API v. 2.4 (RC 1) - version of BoringSSL API is "7", version OpenSSL is 0x1010007f - function "OPENSSL_free" also zeros the allocated memory (i.e. no need to call "OPENSSL_cleanse" before "OPENSSL_free") - function "OPENSSL_realloc" also zeros previous allocated memory, note: it doesn't call platform realloc - header openssl/fips_drbg.h was removed, instead of "FIPS_drbg_bytes" use "RAND_bytes" - low level GCM API was excluded from public API, openssl/gcm.h was removed, use EVP API instead - function "RSA_generate_key_186_4" was removed, use new function "RSA_generate_key_fips" instead, note: the public exponent is always 65537 and bits must be either 2048 or 3072 - added function "DSA_generate_key_fips" (which includes PWCT) to use instead of "DSA_generate_key" - added function "EC_KEY_generate_key_fips" (which includes PWCT) to use instead of "EC_KEY_generate_key" - function "bn_expand" returns one on success or zero on allocation failure - function "RSA_padding_check_PKCS1_OAEP_mgf1" returns one on success and zero on error, also its prototype has changed - other changed are below aead: changed EVP_AEAD_CTX asn1: changed ASN1_ADB_st removed NETSCAPE_X509, ASN1_BIT_STRING_name_print, ASN1_BIT_STRING_num_asc, ASN1_BIT_STRING_set_asc, UTF8_getc, UTF8_putc, a2d_ASN1_OBJECT, asn1_Finish, asn1_const_Finish, ASN1_check_infinite_end, ASN1_const_check_infinite_end, ASN1_UNIVERSALSTRING_to_string, ASN1_template_d2i, ASN1_template_i2d base: added OPENSSL_INIT_SETTINGS removed NETSCAPE_CERT_SEQUENCE, X509_OBJECTS, SSL_CUSTOM_EXTENSION, X509_CERT_PAIR bio: added BIO_set_shutdown, BIO_get_shutdown, BIO_meth_set_puts changed bio_st (aka BIO) removed BIO_set_callback, BIO_set_callback_arg, BIO_get_callback_arg bn: added BN_less_than_consttime, BN_MONT_CTX_new_for_modulus excluded from public API bn_correct_top, bn_wexpand, BN_kronecker deprecated BN_MONT_CTX_new (use BN_MONT_CTX_new_for_modulus instead), BN_MONT_CTX_set removed BN_generate_dsa_nonce buf: added BUF_MEM_append bytestring: added CBS_get_asn1_bool, CBS_asn1_oid_to_text, CBB_add_asn1_octet_string, CBB_add_asn1_bool, CBB_add_asn1_oid_from_text, CBB_flush_asn1_set_of functions CBS_get_any_asn1, CBS_get_any_asn1_element, CBB_add_asn1 support tag numbers greater than 30 chiper: added EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_set_flags crypto: added OpenSSL_version, OpenSSL_version_num, OPENSSL_init_crypto function FIPS_mode returns FIPS_status() dh: added DH_set0_key, DH_set0_pqg, EVP_MD_CTX_new, EVP_MD_CTX_free removed DH_get_1024_160, DH_get_2048_224, DH_get_2048_256 digest: added EVP_MD_CTX_reset, EVP_parse_digest_algorithm, EVP_marshal_digest_algorithm deprecated EVP_MD_CTX_create (use EVP_MD_CTX_new instead), EVP_MD_CTX_destroy (use EVP_MD_CTX_free instead) dsa: added DSA_set0_key, DSA_set0_pqg, DSA_generate_key_fips excluded from public API DSA_sign_setup changed dsa_st (aka DSA) ec: deprecated EC_POINT_clear_free (use EC_POINT_free instead) ec_key: added EC_KEY_check_fips, EC_KEY_generate_key_fips changed ecdsa_method_st (aka ECDSA_METHOD) ecdsa: added ECDSA_SIG_get0, ECDSA_SIG_set0 removed ECDSA_sign_setup, ECDSA_do_sign_ex, ECDSA_sign_ex evp: added EVP_PKEY_new_ed25519_public, EVP_PKEY_new_ed25519_private, EVP_DigestSign, EVP_DigestVerify, EVP_PBE_scrypt changed evp_pkey_st (aka EVP_PKEY) removed EVP_PKEY_supports_digest hmac: added HMAC_CTX_new, HMAC_CTX_free, HMAC_CTX_reset mem: removed OPENSSL_realloc_clean (use OPENSSL_realloc instead) obj: added OBJ_get0_data, OBJ_length rsa: added RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_generate_key_fips, RSA_sign_pss_mgf1, RSA_verify_pss_mgf1, RSA_check_fips, RSA_flags function PKCS1_MGF1 is added to public API changed rsa_meth_st (aka RSA_METHOD) removed RSA_supports_digest, RSA_recover_crt_params, RSA_parse_public_key_buggy, RSA_generate_key_186_4 (use RSA_generate_key_fips instead) x509: added X509_NAME_ENTRY_set, X509_NAME_get0_der, X509_get0_notBefore, X509_get0_notAfter functions PKCS7_... were moved to openssl/pkcs7.h removed X509_objects_st, x509_cert_pair_st, Netscape_certificate_sequence, X509_certificate_type x509_vfy: added X509_OBJECT_get_type, X509_OBJECT_get0_X509, X509_STORE_get0_objects, X509_STORE_get0_param, X509_STORE_CTX_zero, X509_STORE_CTX_get0_untrusted removed x509_file_st v. 2.3 - added Teegris support (x32 and x64): static library for regular TAs - added Teegris support (x32 and x64): shared library for library of system cryptography - added stack smashing protector for all supported platforms. Level of SSP is "-fstack-protector-strong" - using internal SSP "Canary" and error handler - added run once selftests on Teegris platform (shared library) v. 2.2.1 - added embedding internal version of SCrypto in binaries - added function FIPS_SCRYPTO_get_internal_version: getting the internal version in format "CL XXXXXX", where XXXXXX number of CL from P4 v. 2.2 - version info of BoringSSL is 2016.03, version OpenSSL is 0x100020af, API version is "3" - SCrypto doesn't need external libc for MC and QC - instead header #include "modes/internal.h" use #include "openssl/gcm.h" - symbol function EC_GFp_mont_method() was removed, instead of the function must use variable EC_GFp_mont_method direct - structure EC_KEY don't have members "flags" and "version" - structure EC_GROUP don't have member "cofactor", and added member "one" - structure EC_POINT don't have member "Z_is_one" - definition of BN_FLG_CONSTTIME is removed - functions "AES_wrap_key" and "AES_unwrap_key" return "-1" on error - symbols change from FIPS_bssl_xxx to FIPS_SCRYPTO_xxx (to get rid of misunderstanding with displayed logs and analizing ram dumps) - RSA 186-4 keygen PWCT do by the atcual signature generation and verification using RSA signature scheme (RSA PKCS 1.5) (FIPS 140-2 Section 4.9) - increased the amount of entropy for DRBG (60 bytes for entropy and 20 bytes for nonce) - KBKDF and SHA1 selftests are to be removed from FIPS section - removed DRBG CRNGT - RSA public exponent max size has been reduced from 64 to 33 bits v. 2.1 - imprint script was improved and from now on it works with stripped binaries (like MC TAs in release mode). Warning: incompatible with SCrypto-2.0 imprint scheme v. 2.0 - enabled CE (ARM Cryptography Extension) - aarch64 for QC - added driver version for MC, name of corresponding library has suffix "_dr" - added constructor for QSEE 4.x - added fucntion ERR_print_all(): prints an error stack in a human readable form - new imprint approach. Warning: incompatible with SCrypto-1.0 imprint scheme - BoringSSL based version v. 1.0 - initial version (OpenSSL based)