X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=fe3e13aa0d8e792b51e8a11a0fffc40a335b8829;hp=00b5c4060fdf7dc96bcb091d6e6805eda05fdae9;hb=973abf52304b454e8f2220a11aa8b6c6512c44fb;hpb=6761890195526c28ff82a9e763fc9a86158832ce diff --git a/CHANGES b/CHANGES index 00b5c4060f..fe3e13aa0d 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,49 @@ release branch. Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Add blinding to an ECDSA signature to protect against side channel attacks + discovered by Keegan Ryan (NCC Group). + [Matt Caswell] + + *) Enforce checking in the pkeyutl command line app to ensure that the input + length does not exceed the maximum supported digest length when performing + a sign, verify or verifyrecover operation. + [Matt Caswell] + + *) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking + I/O in combination with something like select() or poll() will hang. This + can be turned off again using SSL_CTX_clear_mode(). + Many applications do not properly handle non-application data records, and + TLS 1.3 sends more of such records. Setting SSL_MODE_AUTO_RETRY works + around the problems in those applications, but can also break some. + It's recommended to read the manpages about SSL_read(), SSL_write(), + SSL_get_error(), SSL_shutdown(), SSL_CTX_set_mode() and + SSL_CTX_set_read_ahead() again. + [Kurt Roeckx] + + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + + *) Apply blinding to binary field modular inversion and remove patent + pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation. + [Billy Bob Brumley] + + *) Deprecate ec2_mult.c and unify scalar multiplication code paths for + binary and prime elliptic curves. + [Billy Bob Brumley] + + *) Remove ECDSA nonce padding: EC_POINT_mul is now responsible for + constant time fixed point multiplication. + [Billy Bob Brumley] + + *) Revise elliptic curve scalar multiplication with timing attack + defenses: ec_wNAF_mul redirects to a constant time implementation + when computing fixed point and variable point multiplication (which + in OpenSSL are mostly used with secret scalars in keygen, sign, + ECDH derive operations). + [Billy Bob Brumley, Nicola Tuveri, Cesar Pereida García, + Sohaib ul Hassan] *) Updated CONTRIBUTING [Rich Salz] @@ -65,7 +108,7 @@ below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3. In order to avoid issues where legacy TLSv1.2 ciphersuite configuration would otherwise inadvertently disable all TLSv1.3 ciphersuites the - configuraton has been separated out. See the ciphers man page or the + configuration has been separated out. See the ciphers man page or the SSL_CTX_set_ciphersuites() man page for more information. [Matt Caswell]