* The X25519 and X448 key exchange implementation in the FIPS provider
is unapproved and has `fips=no` property.
- * Tomas Mraz*
+ *Tomáš Mráz*
+
+ * SHAKE-128 and SHAKE-256 implementations have no default digest length
+ anymore. That means these algorithms cannot be used with
+ EVP_DigestFinal/_ex() unless the `xoflen` param is set before.
+
+ This change was necessary because the preexisting default lengths were
+ half the size necessary for full collision resistance supported by these
+ algorithms.
+
+ *Tomáš Mráz*
+
+ * Setting `config_diagnostics=1` in the config file will cause errors to
+ be returned from SSL_CTX_new() and SSL_CTX_new_ex() if there is an error
+ in the ssl module configuration.
+
+ *Tomáš Mráz*
* Use an empty renegotiate extension in TLS client hellos instead of
the empty renegotiation SCSV, for all connections with a minimum TLS
*Tim Perry*
+ * Added support for integrity-only cipher suites TLS_SHA256_SHA256 and
+ TLS_SHA384_SHA384 in TLS 1.3, as defined in RFC 9150.
+
+ This work was sponsored by Siemens AG.
+
+ *Rajeev Ranjan*
+
+ * Added support for requesting CRL in CMP.
+
+ This work was sponsored by Siemens AG.
+
+ *Rajeev Ranjan*
+
* Added Attribute Certificate (RFC 5755) support. Attribute
Certificates can be created, parsed, modified and printed via the
public API. There is no command-line tool support at this time.
*Damian Hobson-Garcia*
+ * Added support to build Position Independent Executables (PIE). Configuration
+ option `enable-pie` configures the cflag '-fPIE' and ldflag '-pie' to
+ support Address Space Layout Randomization (ASLR) in the openssl executable,
+ removes reliance on external toolchain configurations.
+
+ *Craig Lorentzen*
+
OpenSSL 3.3
-----------
-### Changes between 3.2 and 3.3 [xx XXX xxxx]
+### Changes between 3.3.0 and 3.3.1 [xx XXX xxxx]
+
+ * Fixed an issue where checking excessively long DSA keys or parameters may
+ be very slow.
+
+ Applications that use the functions EVP_PKEY_param_check() or
+ EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
+ experience long delays. Where the key or parameters that are being checked
+ have been obtained from an untrusted source this may lead to a Denial of
+ Service.
+
+ To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
+ will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
+ reason.
+
+ ([CVE-2024-4603])
+
+ *Tomáš Mráz*
+
+### Changes between 3.2 and 3.3.0 [9 Apr 2024]
* The `-verify` option to the `openssl crl` and `openssl req` will make
the program exit with 1 on failure.