Add description in X509_STORE manipulation

[oweals/openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 12fe8845005a86ff6125b4f595d4e73ac226fb67..2cb84d4507cb0e4784f928d3542dc89b90bd8ad7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -7,7 +7,44 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 

- Changes between 1.1.1b and 1.1.1c [xx XXX xxxx]
+ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx]
+
+  *) Correct the extended master secret constant on EBCDIC systems. Without this
+     fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+     negotiate EMS will fail. Unfortunately this also means that TLS connections
+     between EBCDIC systems with this fix, and EBCDIC systems without this
+     fix will fail if they negotiate EMS.
+     [Matt Caswell]
+
+  *) Use Windows installation paths in the mingw builds
+
+     Mingw isn't a POSIX environment per se, which means that Windows
+     paths should be used for installation.
+     (CVE-2019-1552)
+     [Richard Levitte]
+
+  *) Changed DH parameters to generate the order q subgroup instead of 2q.
+     Previously generated DH parameters are still accepted by DH_check
+     but DH_generate_key works around that by clearing bit 0 of the
+     private key for those. This avoids leaking bit 0 of the private key.
+     [Bernd Edlinger]
+
+  *) Significantly reduce secure memory usage by the randomness pools.
+     [Paul Dale]
+
+  *) Revert the DEVRANDOM_WAIT feature for Linux systems
+
+     The DEVRANDOM_WAIT feature added a select() call to wait for the
+     /dev/random device to become readable before reading from the
+     /dev/urandom device.
+
+     It turned out that this change had negative side effects on
+     performance which were not acceptable. After some discussion it
+     was decided to revert this feature and leave it up to the OS
+     resp. the platform maintainer to ensure a proper initialization
+     during early boot time.
+
+ Changes between 1.1.1b and 1.1.1c [28 May 2019]

 
   *) Add build tests for C++.  These are generated files that only do one
      thing, to include one public OpenSSL head file each.  This tests that
 
   *) Add build tests for C++.  These are generated files that only do one
      thing, to include one public OpenSSL head file each.  This tests that


@@ -75,6 +112,16 @@
      (CVE-2019-1543)
      [Matt Caswell]
 
      (CVE-2019-1543)
      [Matt Caswell]
 

+  *) Add DEVRANDOM_WAIT feature for Linux systems
+
+     On older Linux systems where the getrandom() system call is not available,
+     OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG.
+     Contrary to getrandom(), the /dev/urandom device will not block during
+     early boot when the kernel CSPRNG has not been seeded yet.
+
+     To mitigate this known weakness, use select() to wait for /dev/random to
+     become readable before reading from /dev/urandom.
+

   *) Ensure that SM2 only uses SM3 as digest algorithm
      [Paul Yang]
 
   *) Ensure that SM2 only uses SM3 as digest algorithm
      [Paul Yang]
 


@@ -322,7 +369,7 @@
         SSL_set_ciphersuites()
      [Matt Caswell]
 
         SSL_set_ciphersuites()
      [Matt Caswell]
 

-  *) Memory allocation failures consistenly add an error to the error
+  *) Memory allocation failures consistently add an error to the error

      stack.
      [Rich Salz]
 
      stack.
      [Rich Salz]
 


@@ -6860,7 +6907,7 @@
      reason texts, thereby removing some of the footprint that may not
      be interesting if those errors aren't displayed anyway.
 
      reason texts, thereby removing some of the footprint that may not
      be interesting if those errors aren't displayed anyway.
 

-     NOTE: it's still possible for any application or module to have it's
+     NOTE: it's still possible for any application or module to have its

      own set of error texts inserted.  The routines are there, just not
      used by default when no-err is given.
      [Richard Levitte]
      own set of error texts inserted.  The routines are there, just not
      used by default when no-err is given.
      [Richard Levitte]


@@ -8826,7 +8873,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
 
   *) New function OPENSSL_cleanse(), which is used to cleanse a section of
  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
 
   *) New function OPENSSL_cleanse(), which is used to cleanse a section of

-     memory from it's contents.  This is done with a counter that will
+     memory from its contents.  This is done with a counter that will

      place alternating values in each byte.  This can be used to solve
      two issues: 1) the removal of calls to memset() by highly optimizing
      compilers, and 2) cleansing with other values than 0, since those can
      place alternating values in each byte.  This can be used to solve
      two issues: 1) the removal of calls to memset() by highly optimizing
      compilers, and 2) cleansing with other values than 0, since those can