+ * Add a compile time option to prevent the caching of provider fetched
+ algorithms. This is enabled by including the no-cached-fetch option
+ at configuration time.
+
+ *Paul Dale*
+
+ * Combining the Configure options no-ec and no-dh no longer disables TLSv1.3.
+ Typically if OpenSSL has no EC or DH algorithms then it cannot support
+ connections with TLSv1.3. However OpenSSL now supports "pluggable" groups
+ through providers. Therefore third party providers may supply group
+ implementations even where there are no built-in ones. Attempting to create
+ TLS connections in such a build without also disabling TLSv1.3 at run time or
+ using third party provider groups may result in handshake failures. TLSv1.3
+ can be disabled at compile time using the "no-tls1_3" Configure option.
+
+ *Matt Caswell*
+
+ * The undocumented function X509_certificate_type() has been deprecated;
+ applications can use X509_get0_pubkey() and X509_get0_signature() to
+ get the same information.
+
+ *Rich Salz*
+
+ * Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range()
+ functions. They are identical to BN_rand() and BN_rand_range()
+ respectively.
+
+ *Tomáš Mráz*
+
+ * Deprecated the obsolete X9.31 RSA key generation related functions
+ BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
+ BN_X931_generate_prime_ex().
+
+ *Tomáš Mráz*
+
+ * The default key generation method for the regular 2-prime RSA keys was
+ changed to the FIPS 186-4 B.3.6 method (Generation of Probable Primes with
+ Conditions Based on Auxiliary Probable Primes). This method is slower
+ than the original method.
+
+ *Shane Lontis*
+
+ * Deprecated the BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions.
+ They are replaced with the BN_check_prime() function that avoids possible
+ misuse and always uses at least 64 rounds of the Miller-Rabin
+ primality test. At least 64 rounds of the Miller-Rabin test are now also
+ used for all prime generation, including RSA key generation.
+ This increases key generation time, especially for larger keys.
+
+ *Kurt Roeckx*
+
+ * Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
+ as they are not useful with non-deprecated functions.
+
+ *Rich Salz*
+
+ * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
+ OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
+ OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
+ OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length(). These
+ were used to collect all necessary data to form a HTTP request, and to
+ perform the HTTP transfer with that request. With OpenSSL 3.0, the
+ type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
+ with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(),
+ OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(),
+ OSSL_HTTP_REQ_CTX_i2d(), OSSL_HTTP_REQ_CTX_nbio(),
+ OSSL_HTTP_REQ_CTX_sendreq_d2i(), OSSL_HTTP_REQ_CTX_get0_mem_bio() and
+ OSSL_HTTP_REQ_CTX_set_max_response_length().
+
+ *Rich Salz and Richard Levitte*
+
+ * Validation of SM2 keys has been separated from the validation of regular EC
+ keys, allowing to improve the SM2 validation process to reject loaded private
+ keys that are not conforming to the SM2 ISO standard.
+ In particular, a private scalar `k` outside the range `1 <= k < n-1` is now
+ correctly rejected.
+
+ *Nicola Tuveri*
+
+ * Behavior of the `pkey` app is changed, when using the `-check` or `-pubcheck`
+ switches: a validation failure triggers an early exit, returning a failure
+ exit status to the parent process.
+
+ *Nicola Tuveri*
+
+ * Changed behavior of SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites()
+ to ignore unknown ciphers.
+
+ *Otto Hollmann*
+
+ * The `-cipher-commands` and `-digest-commands` options
+ of the command line utility `list` have been deprecated.
+ Instead use the `-cipher-algorithms` and `-digest-algorithms` options.
+
+ *Dmitry Belyavskiy*
+
+ * All of the low level EC_KEY functions have been deprecated including:
+
+ EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
+ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
+ EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
+ EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
+ EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
+ EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
+ EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign,
+ EC_KEY_METHOD_get_verify,
+ EC_KEY_new_ex, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags,
+ EC_KEY_clear_flags, EC_KEY_decoded_from_explicit_params,
+ EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
+ EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine,
+ EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
+ EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
+ EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form,
+ EC_KEY_set_conv_form, EC_KEY_set_ex_data, EC_KEY_get_ex_data,
+ EC_KEY_set_asn1_flag, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_can_sign,
+ EC_KEY_set_public_key_affine_coordinates, EC_KEY_key2buf, EC_KEY_oct2key,
+ EC_KEY_oct2priv, EC_KEY_priv2oct and EC_KEY_priv2buf.
+ Applications that need to implement an EC_KEY_METHOD need to consider
+ implementation of the functionality in a special provider.
+ For replacement of the functions manipulating the EC_KEY objects
+ see the EVP_PKEY-EC(7) manual page.
+
+ Additionally functions that read and write EC_KEY objects such as
+ o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
+ d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio,
+ d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp,
+ i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio,
+ i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio and i2d_EC_PUBKEY_fp
+ have also been deprecated. Applications should instead use the
+ OSSL_DECODER and OSSL_ENCODER APIs to read and write EC files.
+
+ Finally functions that assign or obtain EC_KEY objects from an EVP_PKEY such as
+ EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get1_EC_KEY and
+ EVP_PKEY_set1_EC_KEY are also deprecated. Applications should instead either
+ read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER
+ APIs. Or load an EVP_PKEY directly from EC data using EVP_PKEY_fromdata().
+
+ *Shane Lontis, Paul Dale, Richard Levitte, and Tomáš Mráz*
+
+ * Deprecated all the libcrypto and libssl error string loading
+ functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(),
+ ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(),
+ ERR_load_CMS_strings(), ERR_load_COMP_strings(), ERR_load_CONF_strings(),
+ ERR_load_CRYPTO_strings(), ERR_load_CT_strings(), ERR_load_DH_strings(),
+ ERR_load_DSA_strings(), ERR_load_EC_strings(), ERR_load_ENGINE_strings(),
+ ERR_load_ERR_strings(), ERR_load_EVP_strings(), ERR_load_KDF_strings(),
+ ERR_load_OBJ_strings(), ERR_load_OCSP_strings(), ERR_load_PEM_strings(),
+ ERR_load_PKCS12_strings(), ERR_load_PKCS7_strings(), ERR_load_RAND_strings(),
+ ERR_load_RSA_strings(), ERR_load_OSSL_STORE_strings(), ERR_load_TS_strings(),
+ ERR_load_UI_strings(), ERR_load_X509_strings(), ERR_load_X509V3_strings().
+
+ Calling these functions is not necessary since OpenSSL 1.1.0, as OpenSSL
+ now loads error strings automatically.
+
+ *Richard Levitte*
+
+ * The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as
+ well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been
+ deprecated. These are used to set the Diffie-Hellman (DH) parameters that
+ are to be used by servers requiring ephemeral DH keys. Instead applications
+ should consider using the built-in DH parameters that are available by
+ calling SSL_CTX_set_dh_auto() or SSL_set_dh_auto(). If custom parameters are
+ necessary then applications can use the alternative functions
+ SSL_CTX_set0_tmp_dh_pkey() and SSL_set0_tmp_dh_pkey(). There is no direct
+ replacement for the "callback" functions. The callback was originally useful
+ in order to have different parameters for export and non-export ciphersuites.
+ Export ciphersuites are no longer supported by OpenSSL. Use of the callback
+ functions should be replaced by one of the other methods described above.
+
+ *Matt Caswell*
+
+ * The `-crypt` option to the `passwd` command line tool has been removed.
+
+ *Paul Dale*
+
+ * The -C option to the `x509`, `dhparam`, `dsaparam`, and `ecparam` commands
+ were removed.
+
+ *Rich Salz*
+
+ * Add support for AES Key Wrap inverse ciphers to the EVP layer.
+ The algorithms are:
+ "AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV",
+ "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV".
+ The inverse ciphers use AES decryption for wrapping, and
+ AES encryption for unwrapping.
+
+ *Shane Lontis*
+
+ * Deprecated EVP_PKEY_set1_tls_encodedpoint() and
+ EVP_PKEY_get1_tls_encodedpoint(). These functions were previously used by
+ libssl to set or get an encoded public key in/from an EVP_PKEY object. With
+ OpenSSL 3.0 these are replaced by the more generic functions
+ EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key().
+ The old versions have been converted to deprecated macros that just call the
+ new functions.
+
+ *Matt Caswell*
+
+ * The security callback, which can be customised by application code, supports
+ the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+ in the "other" parameter. In most places this is what is passed. All these
+ places occur server side. However there was one client side call of this
+ security operation and it passed a DH object instead. This is incorrect
+ according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+ of the other locations. Therefore this client side call has been changed to
+ pass an EVP_PKEY instead.
+
+ *Matt Caswell*
+
+ * Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public
+ interface. Their functionality remains unchanged.
+
+ *Jordan Montgomery*
+
+ * Added new option for 'openssl list', '-providers', which will display the
+ list of loaded providers, their names, version and status. It optionally
+ displays their gettable parameters.
+
+ *Paul Dale*
+
+ * Deprecated EVP_PKEY_set_alias_type(). This function was previously
+ needed as a workaround to recognise SM2 keys. With OpenSSL 3.0, this key
+ type is internally recognised so the workaround is no longer needed.
+
+ Functionality is still retained as it is, but will only work with
+ EVP_PKEYs with a legacy internal key.
+
+ *Richard Levitte*
+
+ * Deprecated `EVP_PKEY_CTX_set_rsa_keygen_pubexp()` and introduced
+ `EVP_PKEY_CTX_set1_rsa_keygen_pubexp()`, which is now preferred.
+
+ *Jeremy Walch*
+
+ * Changed all "STACK" functions to be macros instead of inline functions. Macro
+ parameters are still checked for type safety at compile time via helper
+ inline functions.
+
+ *Matt Caswell*
+