Look up availability of getentropy() at runtime.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index e8b92ccc0267a5cd4a5d72d69ce9213b02d98992..7a478521c1dc9639aaee0ab89765d930e1335a93 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,25 @@
  release branch.
 
  Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
+  *) Enforce checking in the pkeyutl command line app to ensure that the input
+     length does not exceed the maximum supported digest length when performing
+     a sign, verify or verifyrecover operation.
+     [Matt Caswell]
+
+  *) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking
+     I/O in combination with something like select() or poll() will hang. This
+     can be turned off again using SSL_CTX_clear_mode().
+     Many applications do not properly handle non-application data records, and
+     TLS 1.3 sends more of such records. Setting SSL_MODE_AUTO_RETRY works
+     around the problems in those applications, but can also break some.
+     It's recommended to read the manpages about SSL_read(), SSL_write(),
+     SSL_get_error(), SSL_shutdown(), SSL_CTX_set_mode() and
+     SSL_CTX_set_read_ahead() again.
+     [Kurt Roeckx]
+
+  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+     now allow empty (zero character) pass phrases.
+     [Richard Levitte]
 
   *) Apply blinding to binary field modular inversion and remove patent
      pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation.