Home Explore Help
Register Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 1
Files Issues 1 Wiki
Browse Source

Last minute NEWS and CHANGES entries for the 3.0 release

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16533)
Tomas Mraz 2 years ago
parent
8e7d941ade
commit
95a444c9ad
2 changed files with 51 additions and 5 deletions
Split View Show Diff Stats
  1. 46 2
      CHANGES.md
  2. 5 3
      NEWS.md

+ 46 - 2
CHANGES.md
View File 

@@ -38,6 +38,37 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
 
+ * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now
 
+   deprecated.
 
+
 
+   *Matt Caswell*
 
+
 
+ * The `OPENSSL_s390xcap` environment variable can be used to set bits in the
 
+   S390X capability vector to zero. This simplifies testing of different code
 
+   paths on S390X architecture.
 
+
 
+   *Patrick Steuer*
 
+
 
+ * Encrypting more than 2^64 TLS records with AES-GCM is disallowed
 
+   as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from
 
+   SP 800-38D". The communication will fail at this point.
 
+
 
+   *Paul Dale*
 
+
 
+ * The EC_GROUP_clear_free() function is deprecated as there is nothing
 
+   confidential in EC_GROUP data.
 
+
 
+   *Nicola Tuveri*
 
+
 
+ * The byte order mark (BOM) character is ignored if encountered at the
 
+   beginning of a PEM-formatted file.
 
+
 
+   *Dmitry Belyavskiy*
 
+
 
+ * Added CMS support for the Russian GOST algorithms.
 
+
 
+   *Dmitry Belyavskiy*
 
+
 
  * Due to move of the implementation of cryptographic operations
 
    to the providers, validation of various operation parameters can
 
    be postponed until the actual operation is executed where previously
 
@@ -521,6 +552,11 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 
    *Richard Levitte*
 
 
+ * Added various `_ex` functions to the OpenSSL API that support using
 
+   a non-default `OSSL_LIB_CTX`.
 
+
 
+   *OpenSSL team*
 
+
 
  * Handshake now fails if Extended Master Secret extension is dropped
 
    on renegotiation.
 
 
@@ -1234,11 +1270,19 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 
    *Richard Levitte*
 
 
- * Add Single Step KDF (EVP_KDF_SS) to EVP_KDF.
 
+ * Added KB KDF (EVP_KDF_KB) to EVP_KDF.
 
+
 
+   *Robbie Harwood*
 
+
 
+ * Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF.
 
+
 
+   *Simo Sorce*
 
+
 
+ * Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF.
 
 
    *Shane Lontis*
 
 
- * Add KMAC to EVP_MAC.
 
+ * Added KMAC to EVP_MAC.
 
 
    *Shane Lontis*

+ 5 - 3
NEWS.md
View File 

@@ -29,9 +29,9 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 
 
   * Enhanced 'openssl list' with many new options.
 
-  * Added migration guide to man7
 
-  * Implemented support for fully "pluggable" TLSv1.3 groups
 
-  * Added suport for Kernel TLS (KTLS)
 
+  * Added migration guide to man7.
 
+  * Implemented support for fully "pluggable" TLSv1.3 groups.
 
+  * Added suport for Kernel TLS (KTLS).
 
   * Changed the license to the Apache License v2.0.
 
   * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
 
     RC4, RC5, and DES to the legacy provider.
 
@@ -47,6 +47,8 @@ OpenSSL 3.0
 
   * Remove the `RAND_DRBG` API.
 
   * Deprecated the `ENGINE` API.
 
   * Added `OSSL_LIB_CTX`, a libcrypto library context.
 
+  * Added various `_ex` functions to the OpenSSL API that support using
 
+    a non-default `OSSL_LIB_CTX`.
 
   * Interactive mode is removed from the 'openssl' program.
 
   * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are
 
     included in the FIPS provider.