v. 2.4
 - added functional tests ECDH, KBKDF and AES KW
 - removed functional tests RSA PSS and DSA

 - used toolchains for library build:
   - QSEE (TZ OS version 4.0.6 and above):   llvm 4.0.11
   - TEEGRIS (TZ OS version 3.0 and above):  Teegris SDK v3.0.0 update 4 (2018-10-30)

v. 2.4 (RC 2)
- added KBKDF, AES KW and ECDH selftests
- removed RSA PSS selftest
- removed DSA from FIPS boundary
- removed function DSA_generate_key_fips from DSA API

v. 2.4 (RC 1)
- version of BoringSSL API is "7", version OpenSSL is 0x1010007f
- function "OPENSSL_free" also zeros the allocated memory (i.e. no need to call "OPENSSL_cleanse" before "OPENSSL_free")
- function "OPENSSL_realloc" also zeros previous allocated memory, note: it doesn't call platform realloc
- header openssl/fips_drbg.h was removed, instead of "FIPS_drbg_bytes" use "RAND_bytes"
- low level GCM API was excluded from public API, openssl/gcm.h was removed, use EVP API instead
- function "RSA_generate_key_186_4" was removed, use new function "RSA_generate_key_fips" instead, note: the public exponent is always 65537 and bits must be either 2048 or 3072
- added function "DSA_generate_key_fips" (which includes PWCT) to use instead of "DSA_generate_key"
- added function "EC_KEY_generate_key_fips" (which includes PWCT) to use instead of "EC_KEY_generate_key"
- function "bn_expand" returns one on success or zero on allocation failure
- function "RSA_padding_check_PKCS1_OAEP_mgf1" returns one on success and zero on error, also its prototype has changed
- other changed are below
  aead:
      changed EVP_AEAD_CTX
  asn1:
      changed ASN1_ADB_st
      removed NETSCAPE_X509, ASN1_BIT_STRING_name_print, ASN1_BIT_STRING_num_asc,
          ASN1_BIT_STRING_set_asc, UTF8_getc, UTF8_putc, a2d_ASN1_OBJECT, asn1_Finish,
          asn1_const_Finish, ASN1_check_infinite_end, ASN1_const_check_infinite_end,
          ASN1_UNIVERSALSTRING_to_string, ASN1_template_d2i, ASN1_template_i2d
  base:
      added OPENSSL_INIT_SETTINGS
      removed NETSCAPE_CERT_SEQUENCE, X509_OBJECTS, SSL_CUSTOM_EXTENSION, X509_CERT_PAIR
  bio:
      added BIO_set_shutdown, BIO_get_shutdown, BIO_meth_set_puts
      changed bio_st (aka BIO)
      removed BIO_set_callback, BIO_set_callback_arg, BIO_get_callback_arg
  bn:
      added BN_less_than_consttime, BN_MONT_CTX_new_for_modulus
      excluded from public API bn_correct_top, bn_wexpand, BN_kronecker
      deprecated BN_MONT_CTX_new (use BN_MONT_CTX_new_for_modulus instead), BN_MONT_CTX_set
      removed BN_generate_dsa_nonce
  buf:
      added BUF_MEM_append
  bytestring:
      added CBS_get_asn1_bool, CBS_asn1_oid_to_text, CBB_add_asn1_octet_string,
          CBB_add_asn1_bool, CBB_add_asn1_oid_from_text, CBB_flush_asn1_set_of
      functions CBS_get_any_asn1, CBS_get_any_asn1_element, CBB_add_asn1 support tag numbers greater than 30
  chiper:
      added EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_set_flags
  crypto:
      added OpenSSL_version, OpenSSL_version_num, OPENSSL_init_crypto
      function FIPS_mode returns FIPS_status()
  dh:
      added DH_set0_key, DH_set0_pqg, EVP_MD_CTX_new, EVP_MD_CTX_free
      removed DH_get_1024_160, DH_get_2048_224, DH_get_2048_256
  digest:
      added EVP_MD_CTX_reset, EVP_parse_digest_algorithm, EVP_marshal_digest_algorithm
      deprecated EVP_MD_CTX_create (use EVP_MD_CTX_new instead), EVP_MD_CTX_destroy (use EVP_MD_CTX_free instead)
  dsa:
      added DSA_set0_key, DSA_set0_pqg, DSA_generate_key_fips
      excluded from public API DSA_sign_setup
      changed dsa_st (aka DSA)
  ec:
      deprecated EC_POINT_clear_free (use EC_POINT_free instead)
  ec_key:
      added EC_KEY_check_fips, EC_KEY_generate_key_fips
      changed ecdsa_method_st (aka ECDSA_METHOD)
  ecdsa:
      added ECDSA_SIG_get0, ECDSA_SIG_set0
      removed ECDSA_sign_setup, ECDSA_do_sign_ex, ECDSA_sign_ex
  evp:
      added EVP_PKEY_new_ed25519_public, EVP_PKEY_new_ed25519_private, EVP_DigestSign, EVP_DigestVerify, EVP_PBE_scrypt
      changed evp_pkey_st (aka EVP_PKEY)
      removed EVP_PKEY_supports_digest
  hmac:
      added HMAC_CTX_new, HMAC_CTX_free, HMAC_CTX_reset
  mem:
      removed OPENSSL_realloc_clean (use OPENSSL_realloc instead)
  obj:
      added OBJ_get0_data, OBJ_length
  rsa:
      added RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_generate_key_fips,
          RSA_sign_pss_mgf1, RSA_verify_pss_mgf1, RSA_check_fips, RSA_flags
      function PKCS1_MGF1 is added to public API
      changed rsa_meth_st (aka RSA_METHOD)
      removed RSA_supports_digest, RSA_recover_crt_params, RSA_parse_public_key_buggy,
          RSA_generate_key_186_4 (use RSA_generate_key_fips instead)
  x509:
      added X509_NAME_ENTRY_set, X509_NAME_get0_der, X509_get0_notBefore, X509_get0_notAfter
      functions PKCS7_... were moved to openssl/pkcs7.h
      removed X509_objects_st, x509_cert_pair_st, Netscape_certificate_sequence, X509_certificate_type
  x509_vfy:
      added X509_OBJECT_get_type, X509_OBJECT_get0_X509, X509_STORE_get0_objects,
          X509_STORE_get0_param, X509_STORE_CTX_zero, X509_STORE_CTX_get0_untrusted
      removed x509_file_st


v. 2.3
- added Teegris support (x32 and x64): static library for regular TAs
- added Teegris support (x32 and x64): shared library for library of system cryptography
- added stack smashing protector for all supported platforms. Level of SSP is "-fstack-protector-strong"
- using internal SSP "Canary" and error handler
- added run once selftests on Teegris platform (shared library)


v. 2.2.1
- added embedding internal version of SCrypto in binaries
- added function FIPS_SCRYPTO_get_internal_version: getting the internal version in format "CL XXXXXX", where XXXXXX number of CL from P4

v. 2.2
- version info of BoringSSL is 2016.03, version OpenSSL is 0x100020af, API version is "3"
- SCrypto doesn't need external libc for MC and QC
- instead header #include "modes/internal.h" use #include "openssl/gcm.h"
- symbol function EC_GFp_mont_method() was removed, instead of the function must use variable EC_GFp_mont_method direct
- structure EC_KEY don't have members "flags" and "version"
- structure EC_GROUP don't have member "cofactor", and added member "one"
- structure EC_POINT don't have member "Z_is_one"
- definition of BN_FLG_CONSTTIME is removed
- functions "AES_wrap_key" and "AES_unwrap_key" return "-1" on error
- symbols change from FIPS_bssl_xxx to FIPS_SCRYPTO_xxx (to get rid of misunderstanding with displayed logs and analizing ram dumps)
- RSA 186-4 keygen PWCT do by the atcual signature generation and verification using RSA signature scheme (RSA PKCS 1.5) (FIPS 140-2 Section 4.9)
- increased the amount of entropy for DRBG (60 bytes for entropy and 20 bytes for nonce)
- KBKDF and SHA1 selftests are to be removed from FIPS section
- removed DRBG CRNGT
- RSA public exponent max size has been reduced from 64 to 33 bits

v. 2.1
- imprint script was improved and from now on it works with stripped binaries (like MC TAs in release mode). Warning: incompatible with SCrypto-2.0 imprint scheme

v. 2.0
- enabled CE (ARM Cryptography Extension)
- aarch64 for QC
- added driver version for MC
- added constructor for QSEE 4.x
- added fucntion ERR_print_all(): prints an error stack in a human readable form
- new imprint approach. Warning: incompatible with SCrypto-1.0 imprint scheme
- BoringSSL based version

v. 1.0
- initial version (OpenSSL based)