X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=e540c9c60d43ae2efc550b6cb94d53032e40750b;hp=8d07a23709d2170531f7796132edb0a8d74249cd;hb=5e55159b3adbb30482992e8fa8621e47d331d012;hpb=80162ad645f8982102d6994b9ea9ca6c371e933d diff --git a/CHANGES b/CHANGES index 8d07a23709..e540c9c60d 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,56 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + Changes between 1.1.1 and 1.1.2 [xx XXX xxxx] + + *) Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users + should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type). + [Antoine Salon] + + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for + the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names + are retained for backwards compatibility. + [Antoine Salon] + + *) AES-XTS mode now enforces that its two keys are different to mitigate + the attacked described in "Efficient Instantiations of Tweakable + Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway. + Details of this attack can be obtained from: + http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf + [Paul Dale] + + *) Rename the object files, i.e. give them other names than in previous + versions. Their names now include the name of the final product, as + well as its type mnemonic (bin, lib, shlib). + [Richard Levitte] + + *) Added new option for 'openssl list', '-objects', which will display the + list of built in objects, i.e. OIDs with names. + [Richard Levitte] + + Changes between 1.1.1 and 1.1.1a [xx XXX xxxx] + + *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input + if its length exceeds 4096 bytes. The limit has been raised to a buffer size + of two gigabytes and the error handling improved. + + This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been + categorized as a normal bug, not a security issue, because the DRBG reseeds + automatically and is fully functional even without additional randomness + provided by the application. + + Changes between 1.1.0i and 1.1.1 [11 Sep 2018] + + *) Add a new ClientHello callback. Provides a callback interface that gives + the application the ability to adjust the nascent SSL object at the + earliest stage of ClientHello processing, immediately after extensions have + been collected but before they have been processed. In particular, this + callback can adjust the supported TLS versions in response to the contents + of the ClientHello + [Benjamin Kaduk] + + *) Add SM2 base algorithm support. + [Jack Lloyd] *) s390x assembly pack: add (improved) hardware-support for the following cryptographic primitives: sha3, shake, aes-gcm, aes-ccm, aes-ctr, aes-ofb, @@ -225,16 +274,7 @@ *) Support for TLSv1.3 added. Note that users upgrading from an earlier version of OpenSSL should review their configuration settings to ensure that they are still appropriate for TLSv1.3. For further information see: - https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ - - NOTE: In this pre-release of OpenSSL a draft version of the - TLSv1.3 standard has been implemented. Implementations of different draft - versions of the standard do not inter-operate, and this version will not - inter-operate with an implementation of the final standard when it is - eventually published. Different pre-release versions may implement - different versions of the draft. The final version of OpenSSL 1.1.1 will - implement the final version of the standard. - TODO(TLS1.3): Remove the above note before final release + https://wiki.openssl.org/index.php/TLS1.3 [Matt Caswell] *) Grand redesign of the OpenSSL random generator @@ -13101,4 +13141,3 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes sent in the client random. [Edward Bishop ] -