https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.0g and 1.1.0h [xx XXX xxxx]
+
+ *) Add a build target 'build_all_generated', to build all generated files
+ and only that. This can be used to prepare everything that requires
+ things like perl for a system that lacks perl and then move everything
+ to that system and do the rest of the build there.
+ [Richard Levitte]
+
+ *) Backport SSL_OP_NO_RENGOTIATION
+
+ OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
+ (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
+ changes this is no longer possible in 1.1.0. Therefore the new
+ SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
+ 1.1.0 to provide equivalent functionality.
+
+ Note that if an application built against 1.1.0h headers (or above) is run
+ using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
+ accepted but nothing will happen, i.e. renegotiation will not be prevented.
+ [Matt Caswell]
+
+ *) Removed the OS390-Unix config target. It relied on a script that doesn't
+ exist.
+ [Rich Salz]
+
+ *) rsaz_1024_mul_avx2 overflow bug on x86_64
+
+ There is an overflow bug in the AVX2 Montgomery multiplication procedure
+ used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
+ Analysis suggests that attacks against RSA and DSA as a result of this
+ defect would be very difficult to perform and are not believed likely.
+ Attacks against DH1024 are considered just feasible, because most of the
+ work necessary to deduce information about a private key may be performed
+ offline. The amount of resources required for such an attack would be
+ significant. However, for an attack on TLS to be meaningful, the server
+ would have to share the DH1024 private key among multiple clients, which is
+ no longer an option since CVE-2016-0701.
+
+ This only affects processors that support the AVX2 but not ADX extensions
+ like Intel Haswell (4th generation).
+
+ This issue was reported to OpenSSL by David Benjamin (Google). The issue
+ was originally found via the OSS-Fuzz project.
+ (CVE-2017-3738)
+ [Andy Polyakov]
+
Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson]
- *) Add SRP support.
- [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
+ *) A long standing patch to add support for SRP from EdelWeb (Peter
+ Sylvester and Christophe Renou) was integrated.
+ [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
+ <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
+ Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]