X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=97bfa554848c3a4d3a7cf781df30443a0e31f212;hp=d176fa1181667d7395b15c0dbe8b6b3f0d9ed728;hb=6a74806ed741db24df3a7155e4bc11fb4ba9bc2a;hpb=a8cd439bf58708ffe234a9f707cf6a394d28a1f9 diff --git a/CHANGES b/CHANGES index d176fa1181..97bfa55484 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,41 @@ OpenSSL CHANGES _______________ - Changes between 1.1.0e and 1.1.1 [xx XXX xxxx] + This is a high-level summary of the most important changes. + For a full list of changes, see the git commit log; for example, + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + + Changes between 1.1.0f and 1.1.1 [xx XXX xxxx] + + *) In the UI interface, make it possible to duplicate the user data. This + can be used by engines that need to retain the data for a longer time + than just the call where this user data is passed. + [Richard Levitte] + + *) Ignore the '-named_curve auto' value for compatibility of applications + with OpenSSL 1.0.2. + [Tomas Mraz ] + + *) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2 + bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such + alerts across multiple records (some of which could be empty). In practice + it make no sense to send an empty alert record, or to fragment one. TLSv1.3 + prohibts this altogether and other libraries (BoringSSL, NSS) do not + support this at all. Supporting it adds significant complexity to the + record layer, and its removal is unlikely to cause inter-operability + issues. + [Matt Caswell] + + *) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed + with Z. These are meant to replace LONG and ZLONG and to be size safe. + The use of LONG and ZLONG is discouraged and scheduled for deprecation + in OpenSSL 1.2.0. + [Richard Levitte] + + *) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string, + 'z' is to be used for [s]size_t, and 'j' - with [u]int64_t. + [Richard Levitte, Andy Polyakov] *) Add EC_KEY_get0_engine(), which does for EC_KEY what RSA_get0_engine() does for RSA, etc. @@ -12,6 +46,12 @@ platform rather than 'mingw'. [Richard Levitte] + *) The functions X509_STORE_add_cert and X509_STORE_add_crl return + success if they are asked to add an object which already exists + in the store. This change cascades to other functions which load + certificates and CRLs. + [Paul Dale] + *) x86_64 assembly pack: annotate code with DWARF CFI directives to facilitate stack unwinding even from assembly subroutines. [Andy Polyakov] @@ -33,6 +73,12 @@ *) Add support for ARIA [Paul Dale] + *) s_client will now send the Server Name Indication (SNI) extension by + default unless the new "-noservername" option is used. The server name is + based on the host provided to the "-connect" option unless overridden by + using "-servername". + [Matt Caswell] + *) Add support for SipHash [Todd Short] @@ -53,6 +99,21 @@ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. [Emilia Käsper] + *) The RSA "null" method, which was partially supported to avoid patent + issues, has been replaced to always returns NULL. + [Rich Salz] + + Changes between 1.1.0e and 1.1.0f [25 May 2017] + + *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target + platform rather than 'mingw'. + [Richard Levitte] + + *) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c. + VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1, + which is the minimum version we support. + [Richard Levitte] + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] *) Encrypt-Then-Mac renegotiation crash @@ -466,7 +527,7 @@ *) Add X25519 support. Add ASN.1 and EVP_PKEY methods for X25519. This includes support for public and private key encoding using the format documented in - draft-ietf-curdle-pkix-02. The coresponding EVP_PKEY method supports + draft-ietf-curdle-pkix-02. The corresponding EVP_PKEY method supports key generation and key derivation. TLS support complies with draft-ietf-tls-rfc4492bis-08 and uses