*Maxim Mikityanskiy*
+ * Added and enabled by default implicit rejection in RSA PKCS#1 v1.5
+ decryption as a protection against Bleichenbacher-like attacks.
+ The RSA decryption API will now return a randomly generated deterministic
+ message instead of an error in case it detects an error when checking
+ padding during PKCS#1 v1.5 decryption. This is a general protection against
+ issues like CVE-2020-25659 and CVE-2020-25657. This protection can be
+ disabled by calling
+ `EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection". "0")`
+ on the RSA decryption context.
+
+ *Hubert Kario*
+
OpenSSL 3.1
-----------
### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
+ * Added support for KMAC in KBKDF.
+
+ *Shane Lontis*
+
* Our provider implementations of `OSSL_FUNC_KEYMGMT_EXPORT` and
`OSSL_FUNC_KEYMGMT_GET_PARAMS` for EC and SM2 keys now honor
`OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` as set (and