[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Mon Sep 10 13:00:20 UTC 2018

The branch master has been updated
       via  3f8b623aaa4044908900767a8991b7769b320880 (commit)
      from  7a8f6cad82d0b01732066bd7ef189e753c98cffe (commit)

- Log -----------------------------------------------------------------
commit 3f8b623aaa4044908900767a8991b7769b320880
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Sep 10 11:51:30 2018 +0100

    Updates NEWS for the 1.1.1 release
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7164)


Summary of changes:
 NEWS | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/NEWS b/NEWS
index 9ac7456..b49d51a 100644
--- a/NEWS
+++ b/NEWS
@@ -8,19 +8,36 @@
   Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release]
       o Support for TLSv1.3 added
+      o Complete rewrite of the OpenSSL random number generator to introduce the
+        following capabilities
+          o The default RAND method now utilizes an AES-CTR DRBG according to
+            NIST standard SP 800-90Ar1.
+          o Support for multiple DRBG instances with seed chaining.
+          o There is a public and private DRBG instance.
+          o The DRBG instances are fork-safe.
+          o Keep all global DRBG instances on the secure heap if it is enabled.
+          o The public and private DRBG instance are per thread for lock free
+            operation
+      o Support for various new cryptographic algorithms including:
+          o SHA3
+          o SHA512/224 and SHA512/256
+          o EdDSA (including Ed25519 and Ed448)
+          o X448 (adding to the existing X25519 support in 1.1.0)
+          o Multi-prime RSA
+          o SM2
+          o SM3
+          o SM4
+          o SipHash
+          o ARIA (including TLS support)
+      o Significant Side-Channel attack security improvements
+      o Add 'Maximum Fragment Length' TLS extension negotiation and support
+      o A new STORE module, which implements a uniform and URI based reader of
+        stores that can contain keys, certificates, CRLs and numerous other
+        objects.
       o Move the display of configuration data to configdata.pm.
       o Allow GNU style "make variables" to be used with Configure.
-      o Add a STORE module (OSSL_STORE)
       o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
-      o Add multi-prime RSA (RFC 8017) support
-      o Add SM3 implemented according to GB/T 32905-2016
-      o Add SM4 implemented according to GB/T 32907-2016.
-      o Add 'Maximum Fragment Length' TLS extension negotiation and support
-      o Add ARIA support
-      o Add SHA3
       o Rewrite of devcrypto engine
-      o Add support for SipHash
-      o Grand redesign of the OpenSSL random generator
   Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]

More information about the openssl-commits mailing list