openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

new: update NEWS.md so it is correct. 

- Removing the deprecation note for public key commands.
- Fixing the note about ECX and SHAKE in the FIPS provider.
- Noting which KDFs are included.
- Noting which MACs are included.

Fixes #15743

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15746)
This commit is contained in:
Pauli 2021-06-15 08:30:23 +10:00
parent 4832560be3
commit 8b29badad1
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
NEWS.md
View File

@ -39,12 +39,8 @@ OpenSSL 3.0
* Deprecated the `ENGINE` API. * Deprecated the `ENGINE` API.
* Added `OSSL_LIB_CTX`, a libcrypto library context. * Added `OSSL_LIB_CTX`, a libcrypto library context.
* Interactive mode is removed from the 'openssl' program. * Interactive mode is removed from the 'openssl' program.
* The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are
the FIPS provider. None have the "fips=yes" property set and, as such, included in the FIPS provider.
will not be accidentially used.
* The algorithm specific public key command line applications have
been deprecated. These include dhparam, gendsa and others. The pkey
alternatives should be used instead: pkey, pkeyparam and genpkey.
* X509 certificates signed using SHA1 are no longer allowed at security * X509 certificates signed using SHA1 are no longer allowed at security
level 1 or higher. The default security level for TLS is 1, so level 1 or higher. The default security level for TLS is 1, so
certificates signed using SHA1 are by default no longer trusted to certificates signed using SHA1 are by default no longer trusted to
@ -75,10 +71,12 @@ OpenSSL 3.0
* Changed our version number scheme and set the next major release to * Changed our version number scheme and set the next major release to
3.0.0 3.0.0
* Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC
bridge. bridge. Support MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305
and SIPHASH.
* Removed the heartbeat message in DTLS feature. * Removed the heartbeat message in DTLS feature.
* Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to
bridge. EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2,
PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF.
* All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
SHA256, SHA384, SHA512 and Whirlpool digest functions have been SHA256, SHA384, SHA512 and Whirlpool digest functions have been
deprecated. deprecated.