X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=c35990e2af0fa0dd611bd7249770aa6bb235a755;hp=9ef85d6c895b5aa6b7a3599f2ce8fa11f4f67afe;hb=d6ee8f3dc4414cd97bd63b801f8644f0ff8a1f17;hpb=f19a5ff9ab85313f5b30cfc9fbed3a2eea60a59d

diff --git a/CHANGES b/CHANGES
index 9ef85d6c89..c35990e2af 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,16 @@
 
  Changes between 1.1.0f and 1.1.1 [xx XXX xxxx]
 
+  *) Add SM3 implemented according to GB/T 32905-2016
+     [ Jack Lloyd <jack.lloyd@ribose.com>,
+       Ronald Tse <ronald.tse@ribose.com>,
+       Erick Borsboom <erick.borsboom@ribose.com> ]
+
+  *) Add 'Maximum Fragment Length' TLS extension negotiation and support
+     as documented in RFC6066.
+     Based on a patch from Tomasz Moń
+     [Filipe Raimundo da Silva]
+
   *) Add SM4 implemented according to GB/T 32907-2016.
      [ Jack Lloyd <jack.lloyd@ribose.com>,
        Ronald Tse <ronald.tse@ribose.com>,
@@ -177,6 +187,40 @@
      issues, has been replaced to always returns NULL.
      [Rich Salz]
 
+
+ Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
+
+  *) bn_sqrx8x_internal carry bug on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients.
+
+     This only affects processors that support the BMI1, BMI2 and ADX extensions
+     like Intel Broadwell (5th generation) and later or AMD Ryzen.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3736)
+     [Andy Polyakov]
+
+  *) Malformed X.509 IPAddressFamily could cause OOB read
+
+     If an X.509 certificate has a malformed IPAddressFamily extension,
+     OpenSSL could do a one-byte buffer overread. The most likely result
+     would be an erroneous display of the certificate in text format.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3735)
+     [Rich Salz]
+
  Changes between 1.1.0e and 1.1.0f [25 May 2017]
 
   *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target