X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=49e2597e9edc6c04f81a6297ba1df1f25c702257;hp=0499bd50d36c281753f956121e0e243e50b31a0b;hb=4ace4ccda2934d2628c3d63d41e79abe041621a7;hpb=fc4e1ab4708a3eb87a107df7e085d0d8125c5171 diff --git a/CHANGES b/CHANGES index 0499bd50d3..49e2597e9e 100644 --- a/CHANGES +++ b/CHANGES @@ -7,9 +7,113 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.1 and 1.1.1a [xx XXX xxxx] + Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] - *) + *) Change the license to the Apache License v2.0. + [Richard Levitte] + + *) Change the possible version information given with OPENSSL_API_COMPAT. + It may be a pre-3.0.0 style numerical version number as it was defined + in 1.1.0, and it may also simply take the major version number. + + Because of the version numbering of pre-3.0.0 releases, the values 0, + 1 and 2 are equivalent to 0x00908000L (0.9.8), 0x10000000L (1.0.0) and + 0x10100000L (1.1.0), respectively. + [Richard Levitte] + + *) Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH. + + o Major releases (indicated by incrementing the MAJOR release number) + may introduce incompatible API/ABI changes. + o Minor releases (indicated by incrementing the MINOR release number) + may introduce new features but retain API/ABI compatibility. + o Patch releases (indicated by incrementing the PATCH number) + are intended for bug fixes and other improvements of existing + features only (like improving performance or adding documentation) + and retain API/ABI compatibility. + [Richard Levitte] + + *) Remove the 'dist' target and add a tarball building script. The + 'dist' target has fallen out of use, and it shouldn't be + necessary to configure just to create a source distribution. + [Richard Levitte] + + *) Recreate the OS390-Unix config target. It no longer relies on a + special script like it did for OpenSSL pre-1.1.0. + [Richard Levitte] + + *) Instead of having the source directories listed in Configure, add + a 'build.info' keyword SUBDIRS to indicate what sub-directories to + look into. + [Richard Levitte] + + *) Add GMAC to EVP_MAC. + [Paul Dale] + + *) Ported the HMAC, CMAC and SipHash EVP_PKEY_METHODs to EVP_MAC. + [Richard Levitte] + + *) Added EVP_MAC, an EVP layer MAC API, to simplify adding MAC + implementations. This includes a generic EVP_PKEY to EVP_MAC bridge, + to facilitate the continued use of MACs through raw private keys in + functionality such as EVP_DigestSign* and EVP_DigestVerify*. + [Richard Levitte] + + *) Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users + should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type). + [Antoine Salon] + + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for + the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names + are retained for backwards compatibility. + [Antoine Salon] + + *) AES-XTS mode now enforces that its two keys are different to mitigate + the attacked described in "Efficient Instantiations of Tweakable + Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway. + Details of this attack can be obtained from: + http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf + [Paul Dale] + + *) Rename the object files, i.e. give them other names than in previous + versions. Their names now include the name of the final product, as + well as its type mnemonic (bin, lib, shlib). + [Richard Levitte] + + *) Added new option for 'openssl list', '-objects', which will display the + list of built in objects, i.e. OIDs with names. + [Richard Levitte] + + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + + *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input + if its length exceeds 4096 bytes. The limit has been raised to a buffer size + of two gigabytes and the error handling improved. + + This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been + categorized as a normal bug, not a security issue, because the DRBG reseeds + automatically and is fully functional even without additional randomness + provided by the application. Changes between 1.1.0i and 1.1.1 [11 Sep 2018] @@ -13107,4 +13211,3 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes sent in the client random. [Edward Bishop ] -