+ This is a high-level summary of the most important changes.
+ For a full list of changes, see the git commit log; for example,
+ https://github.com/openssl/openssl/commits/ and pick the appropriate
+ release branch.
+
+ Changes between 1.1.0f and 1.1.1 [xx XXX xxxx]
+
+ *) Module names can prefixed with OSSL_ or OPENSSL_. This affects
+ util/mkerr.pl, which is adapted to allow those prefixes, leading to
+ error code calls like this:
+
+ OSSL_FOOerr(OSSL_FOO_F_SOMETHING, OSSL_FOO_R_WHATEVER);
+
+ With this change, we claim the namespaces OSSL and OPENSSL in a manner
+ that can be encoded in C. For the foreseeable future, this will only
+ affect new modules.
+ [Richard Levitte and Tim Hudson]
+
+ *) Removed BSD cryptodev engine.
+ [Rich Salz]
+
+ *) Add a build target 'build_all_generated', to build all generated files
+ and only that. This can be used to prepare everything that requires
+ things like perl for a system that lacks perl and then move everything
+ to that system and do the rest of the build there.
+ [Richard Levitte]
+
+ *) In the UI interface, make it possible to duplicate the user data. This
+ can be used by engines that need to retain the data for a longer time
+ than just the call where this user data is passed.
+ [Richard Levitte]
+
+ *) Ignore the '-named_curve auto' value for compatibility of applications
+ with OpenSSL 1.0.2.
+ [Tomas Mraz <tmraz@fedoraproject.org>]
+
+ *) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2
+ bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
+ alerts across multiple records (some of which could be empty). In practice
+ it make no sense to send an empty alert record, or to fragment one. TLSv1.3
+ prohibts this altogether and other libraries (BoringSSL, NSS) do not
+ support this at all. Supporting it adds significant complexity to the
+ record layer, and its removal is unlikely to cause inter-operability
+ issues.
+ [Matt Caswell]
+
+ *) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed
+ with Z. These are meant to replace LONG and ZLONG and to be size safe.
+ The use of LONG and ZLONG is discouraged and scheduled for deprecation
+ in OpenSSL 1.2.0.
+ [Richard Levitte]
+
+ *) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string,
+ 'z' is to be used for [s]size_t, and 'j' - with [u]int64_t.
+ [Richard Levitte, Andy Polyakov]
+
+ *) Add EC_KEY_get0_engine(), which does for EC_KEY what RSA_get0_engine()
+ does for RSA, etc.
+ [Richard Levitte]