From 0452b87ba471429171e0f459c22be3f59f330920 Mon Sep 17 00:00:00 2001 From: Futaura Date: Sat, 9 Dec 2023 15:46:26 +0000 Subject: [PATCH] Documentation updates for 5.13 release --- CHANGES.md | 88 ++++++++++++++++++++++++++++++++-------------- README.md | 4 +-- dist/AmiSSL.readme | 4 +-- 3 files changed, 66 insertions(+), 30 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6c24bbf3b..02ff1bf60 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,34 @@ +## AmiSSL 5.13 (?.12.2023) + +- Switched to OpenSSL 3.2, with full compatibility with the latest + OpenSSL 3.2.0 (23.11.2023) version, which includes the following + new features: + + Support for client side QUIC (RFC 9000) + + Support for Ed25519ctx, Ed25519ph and Ed448ph in addition to + existing support for Ed25519 and Ed448 (RFC 8032) + + Support for deterministic ECDSA signatures (RFC 6979) + + Support for AES-GCM-SIV, a nonce-misuse-resistant AEAD (RFC 8452) + + Support for the Argon2 KDF (RFC 9106) + + Support for Hybrid Public Key Encryption (HPKE) (RFC 9180) + + Support for SM4-XTS + + Support for Brainpool curves in TLS 1.3 + + Support for TLS Raw Public Keys (RFC 7250) + + Support for using the IANA standard names in TLS ciphersuite + configuration + + Multiple new features and improvements to CMP protocol support +- Use Exec mutexes instead of semaphores on AmigaOS 4.x, decreasing + system overhead. +- Use ASOPOOL_Protected instead of our own semaphore protection + on AmigaOS 4.x. +- Improved error handling should failures occur early in library + initialisation. +- The installer now properly handles any certificates that may have + been disabled by the user and will update them, but leave them + disabled. +- The installer on AmigaOS 4.x can now install the libraries whilst + AmiSSL is still in use, provided elf.library 53.35+ is installed + and no instances prior to AmiSSL 5.6 are still in memory. + ## AmiSSL 5.12 (25.10.2023) - Updated OpenSSL backend to full compatibility with the latest @@ -53,8 +84,8 @@ + Deprecated LHASH statistics functions. + FIPS 140-3 compliance changes. - Replaced many common Exec semaphore protected OpenSSL operations with - atomic inline assembly code on both OS3 and OS4, decreasing overhead - and increasing performance. + atomic inline assembly code on both AmigaOS 3.x and 4,x, decreasing + overhead and increasing performance. - Fixed bug in the 5.7 SDK (applications built with it should be recompiled using the 5.8 SDK). @@ -79,16 +110,18 @@ (CVE-2022-3996) - Updated root certificates to latest Mozilla-based bundle provided by https://curl.se/docs/caextract.html dated 10.1.2023. -- Correctly clear thread locks before using InitSemaphore() on OS3 (#70). -- Prevent OS4 load time emulation corrupting the data in the PPC ASM - optimised routines by moving data from .text section to .rodata (#38). +- Correctly clear thread locks before using InitSemaphore() on + AmigaOS 3.x (#70). +- Prevent AmigaOS 4.x load time emulation corrupting the data in the + PPC ASM optimised routines by moving data from .text section to + .rodata (#38). - Removed redundant code in PPC ASM optimised routines. - Removed unused PPC POWER8 specific ASM optimised routines. ## AmiSSL 5.6 (15.12.2022) -- Fixed TLS 1.3 cipher lookup failure regression on OS4 (#68). -- The improvement from v5.4 that released file locks on the OS4 +- Fixed TLS 1.3 cipher lookup failure regression on AmigaOS 4.x (#68). +- The improvement from v5.4 that released file locks on the AmigaOS 4.x libraries is now only activated with elf.library 53.35 or higher. - Minor build changes. @@ -116,9 +149,10 @@ default fallback busy wait function. - Consolidated all routines that individually open timer.device to instead use a single unified thread-safe solution. -- File locks on the OS4 libraries are released during initialisation and - no longer held until reboot or expunged from memory (#49). -- Handle setting of Roadshow TCP/IP stack type on OS3. +- File locks on the AmigaOS 4.x libraries are released during + initialisation and no longer held until reboot or expunged from + memory (#49). +- Handle setting of Roadshow TCP/IP stack type on AmigaOS 3.x. - Removed unnecessary multiple openings of dos.library, some of which were mistakenly never closed. - Reworked SDK macros for split API functions to better handle when @@ -158,7 +192,8 @@ the new built-in HTTP(S) client. - Added full autodocs for all the Amiga specific interface functions. - Improved and structured the developer README-SDK file. -- Added OpenSSL stub link libraries for OS3 (GCC) and OS4 (GCC & VBCC). +- Added OpenSSL stub link libraries for AmigaOS 3.x (GCC) and + AmigaOS 4.x (GCC & VBCC). - AmiSSL and OpenSSL switched to the Apache License, Version 2.0. - We have a new homepage at https://amissl.org which provides links to all AmiSSL resources, old and new. @@ -169,25 +204,25 @@ OpenSSL 1.1.1m (14.12.2021) version, which brings security and bug fixes. - Updated root certificates to latest Mozilla-based bundle provided by https://curl.se/docs/caextract.html dated 1.2.2022. -- Fixed RSA_X931_derive_ex() from not being reachable on OS3. +- Fixed RSA_X931_derive_ex() from not being reachable on AmigaOS 3.x. - Fixed crash after OpenSSL fatal error message requester shown. - Cleaned up and unified error requesters, removing redundant code. -- Fixed GCC linker alignment for all OS4 binaries. +- Fixed GCC linker alignment for all AmigaOS 4.x binaries. ## AmiSSL 4.11 (30.10.2021) - Updated root certificates to latest Mozilla-based bundle provided by https://curl.se/docs/caextract.html dated 26.10.2021. -- Legacy entropy generation is now faster on OS3 machines, with the +- Legacy entropy generation is now faster on AmigaOS 3.x machines, with the removal of delays caused by using the vblank timer, which typically causes AmiSSL to initialise 2 seconds faster (#57). - Fixed legacy entropy generation to correctly use an entropy factor of 4, as originally intended, which was broken since AmiSSL 4.3 (#57). - Entropy generation now uses SHA-256 instead of SHA-1. -- Tweaked OS4 memory allocations to not be locked. +- Tweaked AmigaOS 4.x memory allocations to not be locked. - Fixed issues when redirecting OpenSSL tool output to a file (#58). - Added Ctrl-C break detection to the OpenSSL tool. -- OS4 binaries now stripped further with --strip-unneeded-rel-relocs. +- AmigaOS 4.x binaries now stripped further with --strip-unneeded-rel-relocs. ## AmiSSL 4.10 (25.8.2021) @@ -219,7 +254,7 @@ OpenSSL 1.1.1j (16.02.2021) version, which brings security and bug fixes. - Updated root certificates to latest Mozilla-based bundle provided by https://curl.se/docs/caextract.html. -- Fixed corrupted OS3 libamisslauto.a (object name was too long). +- Fixed corrupted AmigaOS 3.x libamisslauto.a (object name was too long). - Tweaked SDK examples and OpenSSL includes to be more compatible with vanilla VBCC and SAS/C compiler installations. - Restored SAS/C support to AmiSSL autoopen link library code. @@ -234,7 +269,7 @@ - Updated root certificates to latest Mozilla-based bundle provided by https://curl.haxx.se/ca/ - Fixed OpenSSL command and https developer example not having execute file - permission bit set on OS3 + permission bit set on AmigaOS 3.x ## AmiSSL 4.6 (8.6.2020) @@ -273,13 +308,14 @@ - Improved BN performance for 68060 (disabled m68k asm replacement as it's slower due to the above). - Improved elliptic curve performance for all m68k processors. -- Fixed the OS3 target from crashing on systems with a 68020/030, but - without an FPU (#37). +- Fixed the AmigaOS 3.x target from crashing on systems with a 68020/030, + but without an FPU (#37). - Disabled Poly1305 FPU algorithm on Tabor A1222 (#38). -- Fixed TLS 1.3 cipher lookup failures on OS4, caused by compiler bug (#35). +- Fixed TLS 1.3 cipher lookup failures on AmigaOS 4.x, caused by a compiler + bug (#35). - OpenSSL.doc not updated for the last 14 years, but now automatically updated for each new release. -- Fixed crashing OpenSSL command on OS3 (#28). +- Fixed crashing OpenSSL command on AmigaOS 3.x (#28). - Fixed OpenSSL command not making path to openssl.cnf correctly (#34). - Fixed OpenSSL command -out parameter (#33). - OpenSSL s_server command can now be interrupted with Ctrl-C. @@ -304,7 +340,7 @@ OpenSSL 1.1.0g (02.11.2017) version. - Updated root certificates to latest Mozilla-based bundle provided by https://curl.haxx.se/ca/ -- Fixed https.c example cleanup code for non-OS4 targets (#18) +- Fixed https.c example cleanup code for non-AmigaOS 4.x targets (#18) - Reinstated AmigaOS multithreading support and semaphore protection, using the new thread API introduced in OpenSSL 1.1.0 (#17) - Include `ppcinline/macros.h` which contains all `LPXX()` macros to use the @@ -315,9 +351,9 @@ - Updated OpenSSL backend to full compatibility to latest OpenSSL 1.1.0e (16.02.2017) version. -- MorphOS can now be selected as an install target with the OS3/m68k version - being installed. For a native PPC version we would require some work to be - done by some talented MorphOS developers. +- MorphOS can now be selected as an install target with the AmigaOS 3.x/m68k + version being installed. For a native PPC version we would require some + work to be done by some talented MorphOS developers. - Added some m68k asm replacement code for potentially speeding up BN calculation routines. - Added AmiUpdate compatibility. diff --git a/README.md b/README.md index 64d82729b..0d0021add 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ it being a shared library, it can be used by several Amiga applications at the same time, without wasting resources. AmiSSL v5 is a new major release which has been updated with full -compatibility with OpenSSL 3.1. This includes important security related +compatibility with OpenSSL 3.2. This includes important security related fixes, a built-in HTTP(S) client and comes with the latest encryption ciphers which are required nowadays to connect to modern SSL-based services such as HTTPS and SSH. @@ -79,7 +79,7 @@ A port of the OpenSSL tool is also included and usually installed to `AmiSSL:` or `C:` during installation. It is a "command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell". The documentation for the OpenSSL tool is included in the archive and can also -be reviewed [online](https://www.openssl.org/docs/man3.1/man1/openssl.html). +be reviewed [online](https://www.openssl.org/docs/man3.2/man1/openssl.html). A sample openssl.cnf file is also installed to `AmiSSL:`, if it doesn't already exist, along with the CA.pl helper script, both of which aid the certificate generation features of the OpenSSL tool. The tsget.pl script is also included. diff --git a/dist/AmiSSL.readme b/dist/AmiSSL.readme index ca8698ff9..7c44b9e5e 100644 --- a/dist/AmiSSL.readme +++ b/dist/AmiSSL.readme @@ -21,7 +21,7 @@ it being a shared library, it can be used by several Amiga applications at the same time, without wasting resources. AmiSSL v5 is a new major release which has been updated with full -compatibility with OpenSSL 3.1. This includes important security related +compatibility with OpenSSL 3.2. This includes important security related fixes, a built-in HTTP(S) client and comes with the latest encryption ciphers which are required nowadays to connect to modern SSL-based services such as HTTPS and SSH. @@ -76,7 +76,7 @@ A port of the OpenSSL tool is also included and usually installed to AmiSSL: or C: during installation. It is a "command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell". The documentation for the OpenSSL tool is included in the archive and can also -be reviewed online: https://www.openssl.org/docs/man3.1/man1/openssl.html. +be reviewed online: https://www.openssl.org/docs/man3.2/man1/openssl.html. A sample openssl.cnf file is also installed to AmiSSL:, if it doesn't already exist, along with the CA.pl helper script, both of which aid the certificate generation features of the OpenSSL tool. The tsget.pl script is also included.