### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * Add support for AES Key Wrap inverse ciphers to the EVP layer.
+ The algorithms are:
+ "AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV",
+ "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV".
+ The inverse ciphers use AES decryption for wrapping, and
+ AES encryption for unwrapping.
+
+ *Shane Lontis*
+
+ * Deprecated EVP_PKEY_set1_tls_encodedpoint() and
+ EVP_PKEY_get1_tls_encodedpoint(). These functions were previously used by
+ libssl to set or get an encoded public key in/from an EVP_PKEY object. With
+ OpenSSL 3.0 these are replaced by the more generic functions
+ EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key().
+ The old versions have been converted to deprecated macros that just call the
+ new functions.
+
+ *Matt Caswell*
+
+ * The security callback, which can be customised by application code, supports
+ the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+ in the "other" parameter. In most places this is what is passed. All these
+ places occur server side. However there was one client side call of this
+ security operation and it passed a DH object instead. This is incorrect
+ according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+ of the other locations. Therefore this client side call has been changed to
+ pass an EVP_PKEY instead.
+
+ *Matt Caswell*
+
* Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public
interface. Their functionality remains unchanged.
*Jordan Montgomery*
+ * Added new option for 'openssl list', '-providers', which will display the
+ list of loaded providers, their names, version and status. It optionally
+ displays their gettable parameters.
+
+ *Paul Dale*
+
* Deprecated EVP_PKEY_set_alias_type(). This function was previously
needed as a workaround to recognise SM2 keys. With OpenSSL 3.0, this key
type is internally recognised so the workaround is no longer needed.
*Rich Salz and Richard Levitte*
- * Added a library context that applications as well as other
- libraries can use to form a separate context within which libcrypto
- operations are performed.
+ * Added a library context `OSSL_LIB_CTX` that applications as well as
+ other libraries can use to form a separate context within which
+ libcrypto operations are performed.
There are two ways this can be used:
such an argument, such as `EVP_CIPHER_fetch` and similar algorithm
fetching functions.
- Indirectly, by creating a new library context and then assigning
- it as the new default, with `OPENSSL_CTX_set0_default`.
+ it as the new default, with `OSSL_LIB_CTX_set0_default`.
- All public OpenSSL functions that take an `OPENSSL_CTX` pointer,
- apart from the functions directly related to `OPENSSL_CTX`, accept
+ All public OpenSSL functions that take an `OSSL_LIB_CTX` pointer,
+ apart from the functions directly related to `OSSL_LIB_CTX`, accept
NULL to indicate that the default library context should be used.
Library code that changes the default library context using
- `OPENSSL_CTX_set0_default` should take care to restore it with a
+ `OSSL_LIB_CTX_set0_default` should take care to restore it with a
second call before returning to the caller.
+ _(Note: the library context was initially called `OPENSSL_CTX` and
+ renamed to `OSSL_LIB_CTX` in version 3.0.0 alpha7.)_
+
*Richard Levitte*
* Handshake now fails if Extended Master Secret extension is dropped
*Richard Levitte*
+ * Added several checks to X509_verify_cert() according to requirements in
+ RFC 5280 in case `X509_V_FLAG_X509_STRICT` is set
+ (which may be done by using the CLI option `-x509_strict`):
+ * The basicConstraints of CA certificates must be marked critical.
+ * CA certificates must explicitly include the keyUsage extension.
+ * If a pathlenConstraint is given the key usage keyCertSign must be allowed.
+ * The issuer name of any certificate must not be empty.
+ * The subject name of CA certs, certs with keyUsage crlSign,
+ and certs without subjectAlternativeName must not be empty.
+ * If a subjectAlternativeName extension is given it must not be empty.
+ * The signatureAlgorithm field and the cert signature must be consistent.
+ * Any given authorityKeyIdentifier and any given subjectKeyIdentifier
+ must not be marked critical.
+ * The authorityKeyIdentifier must be given for X.509v3 certs
+ unless they are self-signed.
+ * The subjectKeyIdentifier must be given for all X.509v3 CA certs.
+
+ *David von Oheimb*
+
+ * Certificate verification using X509_verify_cert() meanwhile rejects EC keys
+ with explicit curve parameters (specifiedCurve) as required by RFC 5480.
+
+ *Tomas Mraz*
+
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a encoded key
or calling `EC_GROUP_new_from_ecpkparameters()`/
*David von Oheimb*
+ * Deprecated pthread fork support methods. These were unused so no
+ replacement is required.
+
+ - OPENSSL_fork_prepare()
+ - OPENSSL_fork_parent()
+ - OPENSSL_fork_child()
+
+ *Randall S. Becker*
+
OpenSSL 1.1.1
-------------