X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=a13183f9e8f59704da5d88c58b1f1a88fc74eb5b;hp=0c1e8984bc41411236b3d75d7590719f7848a157;hb=8c8fbca92dc95bb8672dea194bbe414059a874d2;hpb=ba50543550c363e18bd6a7a1f3a757c50b0480a0 diff --git a/CHANGES b/CHANGES index 0c1e8984bc..a13183f9e8 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,45 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Updated CONTRIBUTING + [Rich Salz] + + *) Updated DRBG / RAND to request nonce and additional low entropy + randomness from the system. + [Matthias St. Pierre] + + *) Updated 'openssl rehash' to use OpenSSL consistent default. + [Richard Levitte] + + *) Moved the load of the ssl_conf module to libcrypto, which helps + loading engines that libssl uses before libssl is initialised. + [Matt Caswell] + + *) Added EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA + [Matt Caswell] + + *) Fixed X509_NAME_ENTRY_set to get multi-valued RDNs right in all cases. + [Ingo Schwarze, Rich Salz] + + *) Added output of accepting IP address and port for 'openssl s_server' + [Richard Levitte] + + *) Added a new API for TLSv1.3 ciphersuites: + SSL_CTX_set_ciphersuites() + SSL_set_ciphersuites() + [Matt Caswell] + + *) Memory allocation failures consistenly add an error to the error + stack. + [Rich Salz] + + *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values + in libcrypto when run as setuid/setgid. + [Bernd Edlinger] + + *) Load any config file by default when libssl is used. + [Matt Caswell] + *) Added new public header file and documentation for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview. [Matthias St. Pierre] @@ -26,7 +65,7 @@ below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3. In order to avoid issues where legacy TLSv1.2 ciphersuite configuration would otherwise inadvertently disable all TLSv1.3 ciphersuites the - configuraton has been separated out. See the ciphers man page or the + configuration has been separated out. See the ciphers man page or the SSL_CTX_set_ciphersuites() man page for more information. [Matt Caswell] @@ -294,7 +333,27 @@ issues, has been replaced to always returns NULL. [Rich Salz] - Changes between 1.1.0g and 1.1.0h [xx XXX xxxx] + + Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] + + *) Fixed a text canonicalisation bug in CMS + + Where a CMS detached signature is used with text content the text goes + through a canonicalisation process first prior to signing or verifying a + signature. This process strips trailing space at the end of lines, converts + line terminators to CRLF and removes additional trailing line terminators + at the end of a file. A bug in the canonicalisation process meant that + some characters, such as form-feed, were incorrectly treated as whitespace + and removed. This is contrary to the specification (RFC5485). This fix + could mean that detached text data signed with an earlier version of + OpenSSL 1.1.0 may fail to verify using the fixed version, or text data + signed with a fixed OpenSSL may fail to verify with an earlier version of + OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data + and use the "-binary" flag (for the "cms" command line application) or set + the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()). + [Matt Caswell] + + Changes between 1.1.0g and 1.1.0h [27 Mar 2018] *) Constructed ASN.1 types with a recursive definition could exceed the stack