Remove DRBG from SSL structure.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 4ccc3f312e9f6cac070af918a9c35059bcd4936c..c44dc0fdc78974351460ce21b876d28f762bf965 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,27 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Removed NextStep support and the macro OPENSSL_UNISTD
+     [Rich Salz]
+
+  *) Removed DES_check_key.  Also removed OPENSSL_IMPLEMENT_GLOBAL,
+     OPENSSL_GLOBAL_REF, OPENSSL_DECLARE_GLOBAL.
+     Also removed "export var as function" capability; we do not export
+     variables, only functions.
+     [Rich Salz]
+
+  *) RC5_32_set_key has been changed to return an int type, with 0 indicating
+     an error and 1 indicating success. In previous versions of OpenSSL this
+     was a void type. If a key was set longer than the maximum possible this
+     would crash.
+     [Matt Caswell]
+
+  *) Support SM2 signing and verification schemes with X509 certificate.
+     [Paul Yang]
+
+  *) Use SHA256 as the default digest for TS query in the ts app.
+     [Tomas Mraz]
+
   *) Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898.
      This checks that the salt length is at least 128 bits, the derived key
      length is at least 112 bits, and that the iteration count is at least 1000.
@@ -18,7 +39,7 @@
      EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE.
      [Shane Lontis]
 
-  *) Default cipher lists/suites are now avaialble via a function, the
+  *) Default cipher lists/suites are now available via a function, the
      #defines are deprecated.
      [Todd Short]
 
@@ -441,7 +462,7 @@
         SSL_set_ciphersuites()
      [Matt Caswell]
 
-  *) Memory allocation failures consistenly add an error to the error
+  *) Memory allocation failures consistently add an error to the error
      stack.
      [Rich Salz]
 
@@ -6979,7 +7000,7 @@
      reason texts, thereby removing some of the footprint that may not
      be interesting if those errors aren't displayed anyway.
 
-     NOTE: it's still possible for any application or module to have it's
+     NOTE: it's still possible for any application or module to have its
      own set of error texts inserted.  The routines are there, just not
      used by default when no-err is given.
      [Richard Levitte]
@@ -8945,7 +8966,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
 
   *) New function OPENSSL_cleanse(), which is used to cleanse a section of
-     memory from it's contents.  This is done with a counter that will
+     memory from its contents.  This is done with a counter that will
      place alternating values in each byte.  This can be used to solve
      two issues: 1) the removal of calls to memset() by highly optimizing
      compilers, and 2) cleansing with other values than 0, since those can