### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ###
+ * Added OSSL_PARAM_BLD to the public interface. This allows OSSL_PARAM
+ arrays to be more easily constructed via a series of utility functions.
+ Create a parameter builder using OSSL_PARAM_BLD_new(), add parameters using
+ the various push functions and finally convert to a passable OSSL_PARAM
+ array using OSSL_PARAM_BLD_to_param().
+
+ *Paul Dale*
+
+ * EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(), and
+ EVP_PKEY_get0_EC_KEY() can now handle EVP_PKEYs with provider side
+ internal keys, if they correspond to one of those built in types.
+
+ *Richard Levitte*
+
+ * Added EVP_PKEY_set_type_by_keymgmt(), to initialise an EVP_PKEY to
+ contain a provider side internal key.
+
+ *Richard Levitte*
+
+ * ASN1_verify(), ASN1_digest() and ASN1_sign() have been deprecated.
+ They are old functions that we don't use, and that you could disable with
+ the macro NO_ASN1_OLD. This goes all the way back to OpenSSL 0.9.7.
+
+ *Richard Levitte*
+
+ * The main project documents (README, NEWS, CHANGES, INSTALL, SUPPORT)
+ have been converted to Markdown with the goal to produce documents
+ which not only look pretty when viewed online in the browser, but
+ remain well readable inside a plain text editor.
+
+ To achieve this goal, a 'minimalistic' Markdown style has been applied
+ which avoids formatting elements that interfere too much with the
+ reading flow in the text file. For example, it
+
+ * avoids [ATX headings][] and uses [setext headings][] instead
+ (which works for `<h1>` and `<h2>` headings only).
+ * avoids [inline links][] and uses [reference links][] instead.
+ * avoids [fenced code blocks][] and uses [indented code blocks][] instead.
+
+ [ATX headings]: https://github.github.com/gfm/#atx-headings
+ [setext headings]: https://github.github.com/gfm/#setext-headings
+ [inline links]: https://github.github.com/gfm/#inline-link
+ [reference links]: https://github.github.com/gfm/#reference-link
+ [fenced code blocks]: https://github.github.com/gfm/#fenced-code-blocks
+ [indented code blocks]: https://github.github.com/gfm/#indented-code-blocks
+
+ *Matthias St. Pierre*
+
+
* The test suite is changed to preserve results of each test recipe.
A new directory test-runs/ with subdirectories named like the
test recipes are created in the build tree for this purpose.
OpenSSL 1.1.1
-------------
-### Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] ###
+### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] ###
+
+
+### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] ###
+
+ * Properly detect EOF while reading in libssl. Previously if we hit an EOF
+ while reading in libssl then we would report an error back to the
+ application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
+ an error to the stack (which means we instead return SSL_ERROR_SSL) and
+ therefore give a hint as to what went wrong.
+
+ *Matt Caswell*
+
+ * Check that ed25519 and ed448 are allowed by the security level. Previously
+ signature algorithms not using an MD were not being checked that they were
+ allowed by the security level.
+
+ *Kurt Roeckx*
+
+ * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
+ was not quite right. The behaviour was not consistent between resumption
+ and normal handshakes, and also not quite consistent with historical
+ behaviour. The behaviour in various scenarios has been clarified and
+ it has been updated to make it match historical behaviour as closely as
+ possible.
+
+ *Matt Caswell*
+
+ * *[VMS only]* The header files that the VMS compilers include automatically,
+ `__DECC_INCLUDE_PROLOGUE.H` and `__DECC_INCLUDE_EPILOGUE.H`, use pragmas
+ that the C++ compiler doesn't understand. This is a shortcoming in the
+ compiler, but can be worked around with `__cplusplus` guards.
+
+ C++ applications that use OpenSSL libraries must be compiled using the
+ qualifier `/NAMES=(AS_IS,SHORTENED)` to be able to use all the OpenSSL
+ functions. Otherwise, only functions with symbols of less than 31
+ characters can be used, as the linker will not be able to successfully
+ resolve symbols with longer names.
+
+ *Richard Levitte*
* Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
The presence of this system service is determined at run-time.
projects / openssl.git / blobdiff