X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES.md;h=982e677fcc3c43803fd933986add7e798819af5b;hb=22063850586945fd98ad3656df21c16adfef89ae;hp=241d6ca23c4ec695f108689ad365a89b6c32a75a;hpb=c7f837cfcc5b2e5cd8eeeff82e0245323f206d02;p=oweals%2Fopenssl.git

diff --git a/CHANGES.md b/CHANGES.md
index 241d6ca23c..982e677fcc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,46 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Handshake now fails if Extended Master Secret extension is dropped
+   on renegotiation.
+
+   *Tomas Mraz*
+
+ * Dropped interactive mode from the 'openssl' program.  From now on,
+   the `openssl` command without arguments is equivalent to `openssl
+   help`.
+
+   *Richard Levitte*
+
+ * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and
+   EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq().
+   While the old function names have been retained for backward compatibility
+   they should not be used in new developments
+   because their return values are confusing: Unlike other `_cmp()` functions
+   they do not return 0 in case their arguments are equal.
+
+   *David von Oheimb*
+
+ * Deprecated EC_METHOD_get_field_type(). Applications should switch to
+   EC_GROUP_get_field_type().
+
+   *Billy Bob Brumley*
+
+ * Deprecated EC_GFp_simple_method(), EC_GFp_mont_method(),
+   EC_GF2m_simple_method(), EC_GFp_nist_method(), EC_GFp_nistp224_method()
+   EC_GFp_nistp256_method(), and EC_GFp_nistp521_method().
+   Applications should rely on the library automatically assigning a suitable
+   EC_METHOD internally upon EC_GROUP construction.
+
+   *Billy Bob Brumley*
+
+ * Deprecated EC_GROUP_new(), EC_GROUP_method_of(), and EC_POINT_method_of().
+   EC_METHOD is now an internal-only concept and a suitable EC_METHOD is
+   assigned internally without application intervention.
+   Users of EC_GROUP_new() should switch to a different suitable constructor.
+
+   *Billy Bob Brumley*
+
  * Add CAdES-BES signature verification support, mostly derived
    from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein.
 
@@ -137,6 +177,12 @@ OpenSSL 3.0
 
    *David von Oheimb*
 
+ * BIO_do_connect and BIO_do_handshake have been extended:
+   If domain name resolution yields multiple IP addresses all of them are tried
+   after connect() failures.
+
+   *David von Oheimb*
+
  * All of the low level RSA functions have been deprecated including:
 
    RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
@@ -315,8 +361,8 @@ OpenSSL 3.0
    and HMAC_CTX_get_md.
 
    Use of these low level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
-   L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+   time.  Instead applications should use L<EVP_MAC_new_ctx(3)>,
+   L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
    and L<EVP_MAC_final(3)>.
 
    *Paul Dale*
@@ -339,8 +385,8 @@ OpenSSL 3.0
    CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
 
    Use of these low level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
-   L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+   time.  Instead applications should use L<EVP_MAC_new_ctx(3)>,
+   L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
    and L<EVP_MAC_final(3)>.
 
    *Paul Dale*