X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=CHANGES;h=2b281f8da9eea7fd5761d6e8e4a1497678f44c11;hb=0a054d2a0b1ccab07587185245455093454fe353;hp=45f97e67407b88ff8a24ecd796c5fe85b5c50001;hpb=46994f71631922565924e3ca6303950c36337b33;p=openssl.git diff --git a/CHANGES b/CHANGES index 45f97e6740..2b281f8da9 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,77 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Enhanced the documentation of EVP_PKEY_size(), EVP_PKEY_bits() + and EVP_PKEY_security_bits(). Especially EVP_PKEY_size() needed + a new formulation to include all the things it can be used for, + as well as words of caution. + [Richard Levitte] + + *) All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, + SHA384, SHA512 and Whirlpool digest functions have been deprecated. + These include: + MD2, MD2_options, MD2_Init, MD2_Update, MD2_Final, MD4, MD4_Init, + MD4_Update, MD4_Final, MD4_Transform, MD5, MD5_Init, MD5_Update, + MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final, + RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final, + RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final, + SHA1_Transform, SHA224_Init, SHA224_Update, SHA224_Final, + SHA224_Transform, SHA256_Init, SHA256_Update, SHA256_Final, + SHA256_Transform, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, + SHA512, SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform, + WHIRLPOOL, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_BitUpdate + and WHIRLPOOL_Final. + Use of these low level functions has been informally discouraged for a long + time. Instead applications should instead use the EVP_DigestInit_ex, + EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions. + [Paul Dale] + + *) Corrected the documentation of the return values from the EVP_DigestSign* + set of functions. The documentation mentioned negative values for some + errors, but this was never the case, so the mention of negative values + was removed. + + Code that followed the documentation and thereby check with something + like 'EVP_DigestSignInit(...) <= 0' will continue to work undisturbed. + [Richard Levitte] + + *) All of the low level cipher functions have been deprecated including: + AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt, + AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt, + AES_cfb1_encrypt, AES_cfb8_encrypt, AES_ofb128_encrypt, + AES_wrap_key, AES_unwrap_key, BF_set_key, BF_encrypt, BF_decrypt, + BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, + BF_options, Camellia_set_key, Camellia_encrypt, Camellia_decrypt, + Camellia_ecb_encrypt, Camellia_cbc_encrypt, Camellia_cfb128_encrypt, + Camellia_cfb1_encrypt, Camellia_cfb8_encrypt, Camellia_ofb128_encrypt, + Camellia_ctr128_encrypt, CAST_set_key, CAST_encrypt, CAST_decrypt, + CAST_ecb_encrypt, CAST_cbc_encrypt, CAST_cfb64_encrypt, + CAST_ofb64_encrypt, DES_options, DES_encrypt1, DES_encrypt2, + DES_encrypt3, DES_decrypt3, DES_cbc_encrypt, DES_ncbc_encrypt, + DES_pcbc_encrypt, DES_xcbc_encrypt, DES_cfb_encrypt, DES_cfb64_encrypt, + DES_ecb_encrypt, DES_ofb_encrypt, DES_ofb64_encrypt, DES_random_key, + DES_set_odd_parity, DES_check_key_parity, DES_is_weak_key, DES_set_key, + DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, + DES_string_to_key, DES_string_to_2keys, DES_fixup_key_parity, + DES_ecb2_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, + DES_ede2_ofb64_encrypt, DES_ecb3_encrypt, DES_ede3_cbc_encrypt, + DES_ede3_cfb64_encrypt, DES_ede3_cfb_encrypt, DES_ede3_ofb64_encrypt, + DES_cbc_cksum, DES_quad_cksum, IDEA_encrypt, IDEA_options, + IDEA_ecb_encrypt, IDEA_set_encrypt_key, IDEA_set_decrypt_key, + IDEA_cbc_encrypt, IDEA_cfb64_encrypt, IDEA_ofb64_encrypt, RC2_set_key, + RC2_encrypt, RC2_decrypt, RC2_ecb_encrypt, RC2_cbc_encrypt, + RC2_cfb64_encrypt, RC2_ofb64_encrypt, RC4, RC4_options, RC4_set_key, + RC5_32_set_key, RC5_32_encrypt, RC5_32_decrypt, RC5_32_ecb_encrypt, + RC5_32_cbc_encrypt, RC5_32_cfb64_encrypt, RC5_32_ofb64_encrypt, + SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt, + SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt. + + Use of these low level functions has been informally discouraged for a long + time. Instead applications should use the high level EVP APIs, e.g. + EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the + equivalently named decrypt functions. + [Matt Caswell and Paul Dale] + *) Removed include/openssl/opensslconf.h.in and replaced it with include/openssl/configuration.h.in, which differs in not including . A short header include/openssl/opensslconf.h @@ -41,6 +112,10 @@ (CVE-2019-1551) [Andy Polyakov] + *) Most memory-debug features have been deprecated, and the functionality + replaced with no-ops. + [Rich Salz] + *) Introduced a new method type and API, OSSL_SERIALIZER, to represent generic serializers. An implementation is expected to be able to serialize an object associated with a given name (such @@ -150,6 +225,10 @@ pages for further details. [Matt Caswell] + *) Most common options (such as -rand/-writerand, TLS version control, etc) + were refactored and point to newly-enhanced descriptions in openssl.pod + [Rich Salz] + *) Over two thousand fixes were made to the documentation, including: adding missing command flags, better style conformance, documentation of internals, etc.