X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=e540c9c60d43ae2efc550b6cb94d53032e40750b;hp=760160fa1e67644859e1273ab1977780edd94f11;hb=9453b196343db579c590130adc63d35d2ff87188;hpb=35e742ecac9239539db016e1282b4cbdf501509c diff --git a/CHANGES b/CHANGES index 760160fa1e..e540c9c60d 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,56 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + Changes between 1.1.1 and 1.1.2 [xx XXX xxxx] + + *) Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users + should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type). + [Antoine Salon] + + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for + the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names + are retained for backwards compatibility. + [Antoine Salon] + + *) AES-XTS mode now enforces that its two keys are different to mitigate + the attacked described in "Efficient Instantiations of Tweakable + Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway. + Details of this attack can be obtained from: + http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf + [Paul Dale] + + *) Rename the object files, i.e. give them other names than in previous + versions. Their names now include the name of the final product, as + well as its type mnemonic (bin, lib, shlib). + [Richard Levitte] + + *) Added new option for 'openssl list', '-objects', which will display the + list of built in objects, i.e. OIDs with names. + [Richard Levitte] + + Changes between 1.1.1 and 1.1.1a [xx XXX xxxx] + + *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input + if its length exceeds 4096 bytes. The limit has been raised to a buffer size + of two gigabytes and the error handling improved. + + This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been + categorized as a normal bug, not a security issue, because the DRBG reseeds + automatically and is fully functional even without additional randomness + provided by the application. + + Changes between 1.1.0i and 1.1.1 [11 Sep 2018] + + *) Add a new ClientHello callback. Provides a callback interface that gives + the application the ability to adjust the nascent SSL object at the + earliest stage of ClientHello processing, immediately after extensions have + been collected but before they have been processed. In particular, this + callback can adjust the supported TLS versions in response to the contents + of the ClientHello + [Benjamin Kaduk] + + *) Add SM2 base algorithm support. + [Jack Lloyd] *) s390x assembly pack: add (improved) hardware-support for the following cryptographic primitives: sha3, shake, aes-gcm, aes-ccm, aes-ctr, aes-ofb, @@ -13092,4 +13141,3 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes sent in the client random. [Edward Bishop ] -