X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES.md;h=68fa1e00330de54b1a3713c07fca24a86825eb31;hp=589cc5537e27e7eba1a3aa481d78483b88ae6830;hb=c8567c392c1dc3dd15651c0d2746a5b87b5a88dd;hpb=43a70f02022ebbc29aa71853f04f1dc0d9772846 diff --git a/CHANGES.md b/CHANGES.md index 589cc5537e..68fa1e0033 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,53 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Deprecated EC_METHOD_get_field_type(). Applications should switch to + EC_GROUP_get_field_type(). + + *Billy Bob Brumley* + + * Deprecated EC_GFp_simple_method(), EC_GFp_mont_method(), + EC_GF2m_simple_method(), EC_GFp_nist_method(), EC_GFp_nistp224_method() + EC_GFp_nistp256_method(), and EC_GFp_nistp521_method(). + Applications should rely on the library automatically assigning a suitable + EC_METHOD internally upon EC_GROUP construction. + + *Billy Bob Brumley* + + * Deprecated EC_GROUP_new(), EC_GROUP_method_of(), and EC_POINT_method_of(). + EC_METHOD is now an internal-only concept and a suitable EC_METHOD is + assigned internally without application intervention. + Users of EC_GROUP_new() should switch to a different suitable constructor. + + *Billy Bob Brumley* + + * Add CAdES-BES signature verification support, mostly derived + from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein. + + *Filipe Raimundo da Silva* + + * Add CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API. + + *Antonio Iacono* + + * Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine(). These + functions are not widely used and now OpenSSL automatically perform this + conversion when needed. + + *Billy Bob Brumley* + + * Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and + EC_KEY_precompute_mult(). These functions are not widely used and + applications should instead switch to named curves which OpenSSL has + hardcoded lookup tables for. + + *Billy Bob Brumley* + + * Deprecated EC_POINTs_mul(). This function is not widely used and applications + should instead use the L function. + + *Billy Bob Brumley* + * Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's that are not applicable to the new provider model. Applications should instead use EVP_default_properties_is_fips_enabled() and @@ -30,6 +77,12 @@ OpenSSL 3.0 *Shane Lontis* + * The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option + is set, an unexpected EOF is ignored, it pretends a close notify was received + instead and so the returned error becomes SSL_ERROR_ZERO_RETURN. + + *Dmitry Belyavskiy* + * Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely used and applications should instead use the @@ -509,13 +562,6 @@ OpenSSL 3.0 - SSL_CTX_load_verify_dir() - SSL_CTX_load_verify_store() - Also, the following functions are now deprecated: - - - X509_STORE_load_locations() (use X509_STORE_load_file(), - X509_STORE_load_path() or X509_STORE_load_store() instead) - - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(), - SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead) - *Richard Levitte* * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.