-
Notifications
You must be signed in to change notification settings - Fork 17
/
ChangeLog
175 lines (175 loc) · 6.61 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
v4.4.0
[FEATURE] Updates for FIPS 140-3 certification 2024
[PATCH] Various bug fixes and housekeeping
v4.3.1
[PATCH] Various bug fixes and housekeeping
v4.3.0
[FEATURE] New API function ica_allow_external_gcm_iv_in_fips_mode
[PATCH] bug fixes
v4.2.3
[PATCH] Add OPENSSL_init_crypto in libica constructor
[PATCH] remove deprecated ioctl Z90STAT_STATUS_MASK
[PATCH] bug fixes
v4.2.2
[UPDATE] syslog msgs only in error cases
[UPDATE] don't count statistics in fips power-on self tests
[PATCH] various fixes and some new tests
v4.2.1
[PATCH] fix regression opening shared memory
v4.2.0
[FEATURE] Display build info via icainfo -v
[FEATURE] New API function ica_get_build_version()
[FEATURE] Display fips indication via icainfo -f
[FEATURE] New API function ica_get_fips_indicator()
[FEATURE] New API function ica_aes_gcm_initialize_fips()
[FEATURE] New API function ica_aes_gcm_kma_get_iv()
[FEATURE] New API function ica_get_msa_level()
[PATCH] icainfo: check for malloc error when getting functionlist
v4.1.1
- [PATCH] Fix aes-xts multi-part operations
[PATCH] Fix make dist
v4.1.0
- [FEATURE] FIPS: make libica FIPS 140-3 compliant
[FEATURE] New API function ica_ecdsa_sign_ex()
[FEATURE] New icainfo output option -r
- [PATCH] Various bug fixes
v4.0.3
- [PATCH] Reduce the number of open file descriptors
- [PATCH] Various bug fixes
v4.0.2
- [PATCH] Various bug fixes
v4.0.1
- [PATCH] Various bug fixes
- [PATCH] Compute HMAC from installed library
v4.0.0
- [UPDATE] NO_SW_FALLBACKS is now the default for libica.so
[UPDATE] Removed deprecated API functions including tests
[UPDATE] Introduced 'const' for some API function parameters
[FEATURE] icastats: new parm -k to display detailed counters
v3.9.0
- [FEATURE] Add support for OpenSSL 3.0
[FEATURE] icainfo: new parm -c to display available EC curves
v3.8.0
- [FEATURE] provide libica-cex module to satisfy special security requirements
[FEATURE] FIPS: enforce the HMAC check
- [UPDATE] exploit autoselect domain support for ECC
- [UPDATE] FIPS: Add SHA3 kats to fips powerup tests
v3.7.0
- [FEATURE] FIPS: Add HMAC based library integrity check
- [PATCH] icainfo: bugfix for RSA and EC related info for software column.
- [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
- [PATCH] FIPS: Fix DES and TDES key length
- [PATCH] icastats: Fix stats counter format
v3.6.1
- [PATCH] Fix x25519 and x448 handling of non-canonical values
v3.6.0
- [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448
v3.5.0
- [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify
v3.4.0
- [FEATURE] Add SHA-512/224 and SHA-512/256 support
v3.3.3
- [PATCH] Various bug fixes
v3.3.2
- [PATCH] Skip ECC tests if required HW is not available
- [PATCH] Update spec file
v3.3.1
- [PATCH] Fix configure.ac to honour CFLAGS
v3.3.0
- [FEATURE] Add CEX supported elliptic-curve crypto interfaces
- [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
- [FEATURE] Add interface to enable/disable SW fallbacks
- [FEATURE] Add 'make check' target, test-suite rework
v3.2.1
- [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
- [PATCH] Various bug fixes.
v3.2.0
- [FEATURE] New AES-GCM interface.
- [UPDATE] Add symbol versioning.
v3.1.1
- [PATCH] Various bug fixes related to old and new AES-GCM implementations.
- [UPDATE] Add SHA3 test cases. Improved and extended test suite.
v3.1.0
- [FEATURE] Add KMA support for AES-GCM.
- [FEATURE] Add SHA-3 support.
- [PATCH] Reject RSA keys with invalid key-length.
- [PATCH] Allow zero output length for ica_random_number_generate.
- [PATCH] icastats: Correct owner of shared segment when root creates it.
v3.0.2
- [PATCH] Fix locking callbacks for openSSL APIs.
v3.0.1
- [PATCH] Fixed msa level detection on zEC/BC12 GA1 and predecessors.
v3.0.0
- [FEATURE] Added FIPS mode.
- [PATCH] Sanitized exported symbols.
- [PATCH] Removed deprecated APIs. Marked some APIs as deprecated.
- [PATCH] Adapted to OpenSSL v1.1.0.
- [PATCH] RSA key generation is thread-save now.
v2.6.2
- [PATCH] Performance improvements for des-ctr, 3des-ctr and aes-ctr
v2.6.1
- [Patch] Fixed buffer overflow on random generation
- [Patch] Fixed DRBG entropy input
- [Patch] Fixed icastats test case
v2.6.0
- [FEATURE] Added NIST compliant deterministic random bit generator (DRBG)
v2.5.0
- [FEATURE] Added streaming support for Galois Counter Mode (AES-GCM)
- [FEATURE] Allow RSA Key generation for any granularity (57..4096 bits)
- [FEATURE] New RSA CRT Key check API (Convertion of non-compliant keys)
- [PATCH] Replaced deprecated RSA_key_generate function
- [PATCH] Fixed accounting for GCM, CCM and CMAC. Added accounting for GHASH
- [PATCH] Improved configure script to automatically build test cases
- [UPDATE] Added SHA test cases. Improved and extended test suite
v2.4.0
Reworked the statistic measurement facility (icastats)
- Statistics are now collected independent from the process context
- Statistic data gathered per user
- User based statistic management (reset/delete/summerize)
v2.3.0
Changes since Version 2.2.0:
- Introduced new API to recieve list of supported algorithms
v2.2.0
Introduce support for more MSA4 extensions.
New symetric encryption modes:
- CBC-CS (DES, TDES, AES-[128|192|256])
- CMAC (DES, TDES, AES-[128|192|256])
- CCM (AES-[128|192|256])
- GCM (AES-[128|256])
v2.1.1
Changes since Version 2.1.0:
- [PATCH] synchronize shared memory ref counting
- [PATCH] Fix result/error handling in testcase for ica_get_version()
- [PATCH] Fix temporary buffer allocation in ica_get_version()
- [UPDATE] Interface (API) description
- [PATCH] Fix commandline argument checking in RSA testcase
- [PATCH] Remove duplicate entry from target list
v2.1.0
- Introduce support for MSA4 extensions. New symmetric encryption modes:
CFB, CTR, OFB, XTS, CMAC
- New API calls:
- ica_get_version(...)
v2.0.6
Fix for tracker item 3202845.
Improve online help for icastats.
v2.0.5
Fix for performance improvement
Remove signal handler wrapping of crypto instructions.
v2.0.4
Fix for STCK buffer length
Correctly adjust the STCK buffer length in the PRNG based on whether
we are running in 31 or 64 bit.
v2.0.3
minor wording fix in icastats tool:
changed output wording from SHAxxx to SHA-xxx
Bugfix for:
libica abends with illegal instuction when CPACF is disabled.
v2.0.2
Bug fixes in asm, stcke for 31 bit, and fixes in programming samples
v2.0.1
Add locking for shared memory segment, which is needed when icastats
is linked dynamically against libica.
v2.0
Substitute software fallbacks with lowlevel OpenSSL function calls.
Rewrite most of libica.
Only Linux on System z code.