X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=e70e42b5706f82ae02b22fdc458b6ae9e3c49935;hp=a72dabaf39440d7cf70f057e139c9547cca285f1;hb=dcb982d792d6064ed3493e79749208d8c257ff04;hpb=b2aea0e3d9a15e30ebce8b6da213df4a3f346155

diff --git a/CHANGES b/CHANGES
index a72dabaf39..e70e42b570 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,74 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Limit the number of blocks in a data unit for AES-XTS to 2^20 as
+     mandated by IEEE Std 1619-2018.
+
+  *) Added newline escaping functionality to a filename when using openssl dgst.
+     This output format is to replicate the output format found in the '*sum'
+     checksum programs. This aims to preserve backward compatibility.
+     [Matt Eaton, Richard Levitte, and Paul Dale]
+
+  *) Removed the heartbeat message in DTLS feature, as it has very
+     little usage and doesn't seem to fulfill a valuable purpose.
+     The configuration option is now deprecated.
+     [Richard Levitte]
+
+  *) Changed the output of 'openssl {digestname} < file' to display the
+     digest name in its output.
+     [Richard Levitte]
+
+  *) Added a new generic trace API which provides support for enabling
+     instrumentation through trace output. This feature is mainly intended
+     as an aid for developers and is disabled by default. To utilize it,
+     OpenSSL needs to be configured with the `enable-trace` option.
+
+     If the tracing API is enabled, the application can activate trace output
+     by registering BIOs as trace channels for a number of tracing and debugging
+     categories.
+
+     The 'openssl' application has been expanded to enable any of the types
+     available via environment variables defined by the user, and serves as
+     one possible example on how to use this functionality.
+     [Richard Levitte & Matthias St. Pierre]
+
+  *) Added build tests for C++.  These are generated files that only do one
+     thing, to include one public OpenSSL head file each.  This tests that
+     the public header files can be usefully included in a C++ application.
+
+     This test isn't enabled by default.  It can be enabled with the option
+     'enable-buildtest-c++'.
+     [Richard Levitte]
+
+  *) Add Single Step KDF (EVP_KDF_SS) to EVP_KDF.
+     [Shane Lontis]
+
+  *) Add KMAC to EVP_MAC.
+     [Shane Lontis]
+
+  *) Added property based algorithm implementation selection framework to
+     the core.
+     [Paul Dale]
+
+  *) Added SCA hardening for modular field inversion in EC_GROUP through
+     a new dedicated field_inv() pointer in EC_METHOD.
+     This also addresses a leakage affecting conversions from projective
+     to affine coordinates.
+     [Billy Bob Brumley, Nicola Tuveri]
+
+  *) Added EVP_KDF, an EVP layer KDF API, to simplify adding KDF and PRF
+     implementations.  This includes an EVP_PKEY to EVP_KDF bridge for
+     those algorithms that were already supported through the EVP_PKEY API
+     (scrypt, TLS1 PRF and HKDF).  The low-level KDF functions for PBKDF2
+     and scrypt are now wrappers that call EVP_KDF.
+     [David Makepeace]
+
+  *) Build devcrypto engine as a dynamic engine.
+     [Eneas U de Queiroz]
+
+  *) Add keyed BLAKE2 to EVP_MAC.
+     [Antoine Salon]
+
   *) Fix a bug in the computation of the endpoint-pair shared secret used
      by DTLS over SCTP. This breaks interoperability with older versions
      of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
@@ -74,7 +142,7 @@
      implementations.  This includes a generic EVP_PKEY to EVP_MAC bridge,
      to facilitate the continued use of MACs through raw private keys in
      functionality such as EVP_DigestSign* and EVP_DigestVerify*.
-     [Richard Levitte]     
+     [Richard Levitte]
 
   *) Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users
      should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type).
@@ -106,6 +174,19 @@
      applications with zero-copy system calls such as sendfile and splice.
      [Boris Pismenny]
 
+ Changes between 1.1.1a and 1.1.1b [xx XXX xxxx]
+
+  *) Change the info callback signals for the start and end of a post-handshake
+     message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
+     and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+     confused by this and assume that a TLSv1.2 renegotiation has started. This
+     can break KeyUpdate handling. Instead we no longer signal the start and end
+     of a post handshake message exchange (although the messages themselves are
+     still signalled). This could break some applications that were expecting
+     the old signals. However without this KeyUpdate is not usable for many
+     applications.
+     [Matt Caswell]
+
  Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
 
   *) Timing vulnerability in DSA signature generation