Rework and simplify resource flow in drbg_add

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 0499bd50d36c281753f956121e0e243e50b31a0b..cf4587531fb8ce5e2279c793282c7cb8461dd274 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,19 @@
 
  Changes between 1.1.1 and 1.1.1a [xx XXX xxxx]
 
-  *)
+  *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+     the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+     are retained for backwards compatibility.
+     [Antoine Salon]
+
+  *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
+     if its length exceeds 4096 bytes. The limit has been raised to a buffer size
+     of two gigabytes and the error handling improved.
+
+     This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
+     categorized as a normal bug, not a security issue, because the DRBG reseeds
+     automatically and is fully functional even without additional randomness
+     provided by the application.
 
  Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
 
@@ -13107,4 +13119,3 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
      bytes sent in the client random.
      [Edward Bishop <ebishop@spyglass.com>]
-