Last minute NEWS and CHANGES entries for the 3.0 release

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16533)
2021-09-07 13:18:22 +02:00 · 2021-09-07 13:18:22 +02:00 · 95a444c9ad
parent 8e7d941ade
commit 95a444c9ad
2 changed files with 51 additions and 5 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -38,6 +38,37 @@ breaking changes, and mappings for the large list of deprecated functions.

 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]

+ * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now
+   deprecated.
+
+   *Matt Caswell*
+
+ * The `OPENSSL_s390xcap` environment variable can be used to set bits in the
+   S390X capability vector to zero. This simplifies testing of different code
+   paths on S390X architecture.
+
+   *Patrick Steuer*
+
+ * Encrypting more than 2^64 TLS records with AES-GCM is disallowed
+   as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from
+   SP 800-38D". The communication will fail at this point.
+
+   *Paul Dale*
+
+ * The EC_GROUP_clear_free() function is deprecated as there is nothing
+   confidential in EC_GROUP data.
+
+   *Nicola Tuveri*
+
+ * The byte order mark (BOM) character is ignored if encountered at the
+   beginning of a PEM-formatted file.
+
+   *Dmitry Belyavskiy*
+
+ * Added CMS support for the Russian GOST algorithms.
+
+   *Dmitry Belyavskiy*
+
 * Due to move of the implementation of cryptographic operations
   to the providers, validation of various operation parameters can
   be postponed until the actual operation is executed where previously
@ -521,6 +552,11 @@ breaking changes, and mappings for the large list of deprecated functions.

   *Richard Levitte*

+ * Added various `_ex` functions to the OpenSSL API that support using
+   a non-default `OSSL_LIB_CTX`.
+
+   *OpenSSL team*
+
 * Handshake now fails if Extended Master Secret extension is dropped
   on renegotiation.

@ -1234,11 +1270,19 @@ breaking changes, and mappings for the large list of deprecated functions.

   *Richard Levitte*

- * Add Single Step KDF (EVP_KDF_SS) to EVP_KDF.
+ * Added KB KDF (EVP_KDF_KB) to EVP_KDF.
+
+   *Robbie Harwood*
+
+ * Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF.
+
+   *Simo Sorce*
+
+ * Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF.

   *Shane Lontis*

- * Add KMAC to EVP_MAC.
+ * Added KMAC to EVP_MAC.

   *Shane Lontis*

--- a/NEWS.md
+++ b/NEWS.md
@ -29,9 +29,9 @@ OpenSSL 3.0
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]

  * Enhanced 'openssl list' with many new options.
-  * Added migration guide to man7
-  * Implemented support for fully "pluggable" TLSv1.3 groups
-  * Added suport for Kernel TLS (KTLS)
+  * Added migration guide to man7.
+  * Implemented support for fully "pluggable" TLSv1.3 groups.
+  * Added suport for Kernel TLS (KTLS).
  * Changed the license to the Apache License v2.0.
  * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
    RC4, RC5, and DES to the legacy provider.
@ -47,6 +47,8 @@ OpenSSL 3.0
  * Remove the `RAND_DRBG` API.
  * Deprecated the `ENGINE` API.
  * Added `OSSL_LIB_CTX`, a libcrypto library context.
+  * Added various `_ex` functions to the OpenSSL API that support using
+    a non-default `OSSL_LIB_CTX`.
  * Interactive mode is removed from the 'openssl' program.
  * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are
    included in the FIPS provider.