[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Jun 15 22:50:09 UTC 2021
The branch master has been updated
via 42cf25fcb6ea3c9e5998a1c4f55eedaad53b346f (commit)
via 8b29badad16266ca520f8ca1232518df4eb896ff (commit)
from 4832560be3b2a709557497cd881f8c390ba7ec34 (commit)
- Log -----------------------------------------------------------------
commit 42cf25fcb6ea3c9e5998a1c4f55eedaad53b346f
Author: Pauli <pauli at openssl.org>
Date: Tue Jun 15 08:32:48 2021 +1000
new: update NEWS.md so it is correct.
- Removing the deprecation note for public key commands.
- Fixing the note about ECX and SHAKE in the FIPS provider.
- Noting which KDFs are included.
- Noting which MACs are included.
Fixes #15743
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15746)
commit 8b29badad16266ca520f8ca1232518df4eb896ff
Author: Pauli <pauli at openssl.org>
Date: Tue Jun 15 08:30:23 2021 +1000
new: update NEWS.md so it is correct.
- Removing the deprecation note for public key commands.
- Fixing the note about ECX and SHAKE in the FIPS provider.
- Noting which KDFs are included.
- Noting which MACs are included.
Fixes #15743
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15746)
-----------------------------------------------------------------------
Summary of changes:
NEWS.md | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/NEWS.md b/NEWS.md
index 50a2fd36e2..13a4e1bbf6 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -39,12 +39,8 @@ OpenSSL 3.0
* Deprecated the `ENGINE` API.
* Added `OSSL_LIB_CTX`, a libcrypto library context.
* Interactive mode is removed from the 'openssl' program.
- * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
- the FIPS provider. None have the "fips=yes" property set and, as such,
- will not be accidentially used.
- * The algorithm specific public key command line applications have
- been deprecated. These include dhparam, gendsa and others. The pkey
- alternatives should be used instead: pkey, pkeyparam and genpkey.
+ * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are
+ included in the FIPS provider.
* X509 certificates signed using SHA1 are no longer allowed at security
level 1 or higher. The default security level for TLS is 1, so
certificates signed using SHA1 are by default no longer trusted to
@@ -75,10 +71,12 @@ OpenSSL 3.0
* Changed our version number scheme and set the next major release to
3.0.0
* Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC
- bridge.
+ bridge. Supported MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305
+ and SIPHASH.
* Removed the heartbeat message in DTLS feature.
- * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
- bridge.
+ * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to
+ EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2,
+ PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF.
* All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
SHA256, SHA384, SHA512 and Whirlpool digest functions have been
deprecated.
More information about the openssl-commits
mailing list