X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=7151e2bfb5797e365c706e785ced4d88eba49e4e;hb=8be6a4ed02297f380bbea269f2e1c08a592444bc;hp=28d732bcf15868f7a3fb8e6793c3b96853fdcc82;hpb=0b45d8eec051fd9816b6bf46a975fa461ffc983d;p=oweals%2Fopenssl.git

diff --git a/CHANGES b/CHANGES
index 28d732bcf1..7151e2bfb5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,44 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Join the directories crypto/x509 and crypto/x509v3
+     [Richard Levitte]
+
+  *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+     This changes the size when using the genpkey app when no size is given. It
+     fixes an omission in earlier changes that changed all RSA, DSA and DH
+     generation apps to use 2048 bits by default.
+     [Kurt Roeckx]
+
+  *) Added command 'openssl kdf' that uses the EVP_KDF API.
+     [Shane Lontis]
+
+   *) Added command 'openssl mac' that uses the EVP_MAC API.
+     [Shane Lontis]
+
+  *) Added OPENSSL_info() to get diverse built-in OpenSSL data, such
+     as default directories.  Also added the command 'openssl info'
+     for scripting purposes.
+     [Richard Levitte]
+
+  *) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been
+     deprecated. These undocumented functions were never integrated into the EVP
+     layer and implement the AES Infinite Garble Extension (IGE) mode and AES
+     Bi-directional IGE mode. These modes were never formally standardised and
+     usage of these functions is believed to be very small. In particular
+     AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
+     is ever used. The security implications are believed to be minimal, but
+     this issue was never fixed for backwards compatibility reasons. New code
+     should not use these modes.
+     [Matt Caswell]
+
+  *) Add prediction resistance to the DRBG reseeding process.
+     [Paul Dale]
+
+  *) Limit the number of blocks in a data unit for AES-XTS to 2^20 as
+     mandated by IEEE Std 1619-2018.
+     [Paul Dale]
+
   *) Added newline escaping functionality to a filename when using openssl dgst.
      This output format is to replicate the output format found in the '*sum'
      checksum programs. This aims to preserve backward compatibility.