diff options
| author | Pauli <pauli@openssl.org> | 2021-06-15 00:30:23 +0200 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-06-16 00:49:17 +0200 |
| commit | 8b29badad16266ca520f8ca1232518df4eb896ff (patch) | |
| tree | 340c7118c66371686e72b2a47e2c4fc14116f55a /NEWS.md | |
| parent | Disabling Encrypt-then-MAC extension in s_client/s_server (diff) | |
| download | openssl-8b29badad16266ca520f8ca1232518df4eb896ff.tar.xz openssl-8b29badad16266ca520f8ca1232518df4eb896ff.zip | |
new: update NEWS.md so it is correct.
- Removing the deprecation note for public key commands.
- Fixing the note about ECX and SHAKE in the FIPS provider.
- Noting which KDFs are included.
- Noting which MACs are included.
Fixes #15743
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15746)
Diffstat (limited to '')
| -rw-r--r-- | NEWS.md | 16 |
1 files changed, 7 insertions, 9 deletions
@@ -39,12 +39,8 @@ OpenSSL 3.0 * Deprecated the `ENGINE` API. * Added `OSSL_LIB_CTX`, a libcrypto library context. * Interactive mode is removed from the 'openssl' program. - * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in - the FIPS provider. None have the "fips=yes" property set and, as such, - will not be accidentially used. - * The algorithm specific public key command line applications have - been deprecated. These include dhparam, gendsa and others. The pkey - alternatives should be used instead: pkey, pkeyparam and genpkey. + * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are + included in the FIPS provider. * X509 certificates signed using SHA1 are no longer allowed at security level 1 or higher. The default security level for TLS is 1, so certificates signed using SHA1 are by default no longer trusted to @@ -75,10 +71,12 @@ OpenSSL 3.0 * Changed our version number scheme and set the next major release to 3.0.0 * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC - bridge. + bridge. Support MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305 + and SIPHASH. * Removed the heartbeat message in DTLS feature. - * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF - bridge. + * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to + EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2, + PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF. * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and Whirlpool digest functions have been deprecated. |