Correctly handle the return value from EVP_Cipher() in the CMAC code

[openssl.git] / CHANGES.md

diff --git a/CHANGES.md b/CHANGES.md
index acb4c904bbcd8cb36ce71939009a671a23ea1be0..24fb86fddb405b694422be744f5c6b88857688c4 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,17 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Handshake now fails if Extended Master Secret extension is dropped
+   on renegotiation.
+
+   *Tomas Mraz*
+
+ * Dropped interactive mode from the 'openssl' program.  From now on,
+   the `openssl` command without arguments is equivalent to `openssl
+   help`.
+
+   *Richard Levitte*
+
  * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and
    EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq().
    While the old function names have been retained for backward compatibility
@@ -166,6 +177,12 @@ OpenSSL 3.0
 
    *David von Oheimb*
 
+ * BIO_do_connect and BIO_do_handshake have been extended:
+   If domain name resolution yields multiple IP addresses all of them are tried
+   after connect() failures.
+
+   *David von Oheimb*
+
  * All of the low level RSA functions have been deprecated including:
 
    RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,