X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES.md;h=4b7a73dc8991c0d6834cdec75cbcaff032abfa7e;hp=c6d93ef3ed6d00375ce0351209493d5d48eca3c1;hb=abfc73f374c2b80e15f6c9d0b3a7437b3e94afa8;hpb=c50604eb4a6d52b120ea07bad50d3d82a70b26f7 diff --git a/CHANGES.md b/CHANGES.md index c6d93ef3ed..4b7a73dc89 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,30 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ### + * Added OSSL_PARAM_BLD to the public interface. This allows OSSL_PARAM + arrays to be more easily constructed via a series of utility functions. + Create a parameter builder using OSSL_PARAM_BLD_new(), add parameters using + the various push functions and finally convert to a passable OSSL_PARAM + array using OSSL_PARAM_BLD_to_param(). + + *Paul Dale* + + * EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(), and + EVP_PKEY_get0_EC_KEY() can now handle EVP_PKEYs with provider side + internal keys, if they correspond to one of those built in types. + + *Richard Levitte* + + * Added EVP_PKEY_set_type_by_keymgmt(), to initialise an EVP_PKEY to + contain a provider side internal key. + + *Richard Levitte* + + * ASN1_verify(), ASN1_digest() and ASN1_sign() have been deprecated. + They are old functions that we don't use, and that you could disable with + the macro NO_ASN1_OLD. This goes all the way back to OpenSSL 0.9.7. + + *Richard Levitte* * The main project documents (README, NEWS, CHANGES, INSTALL, SUPPORT) have been converted to Markdown with the goal to produce documents @@ -933,7 +957,46 @@ OpenSSL 3.0 OpenSSL 1.1.1 ------------- -### Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] ### +### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] ### + + +### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] ### + + * Properly detect EOF while reading in libssl. Previously if we hit an EOF + while reading in libssl then we would report an error back to the + application (SSL_ERROR_SYSCALL) but errno would be 0. We now add + an error to the stack (which means we instead return SSL_ERROR_SSL) and + therefore give a hint as to what went wrong. + + *Matt Caswell* + + * Check that ed25519 and ed448 are allowed by the security level. Previously + signature algorithms not using an MD were not being checked that they were + allowed by the security level. + + *Kurt Roeckx* + + * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() + was not quite right. The behaviour was not consistent between resumption + and normal handshakes, and also not quite consistent with historical + behaviour. The behaviour in various scenarios has been clarified and + it has been updated to make it match historical behaviour as closely as + possible. + + *Matt Caswell* + + * *[VMS only]* The header files that the VMS compilers include automatically, + `__DECC_INCLUDE_PROLOGUE.H` and `__DECC_INCLUDE_EPILOGUE.H`, use pragmas + that the C++ compiler doesn't understand. This is a shortcoming in the + compiler, but can be worked around with `__cplusplus` guards. + + C++ applications that use OpenSSL libraries must be compiled using the + qualifier `/NAMES=(AS_IS,SHORTENED)` to be able to use all the OpenSSL + functions. Otherwise, only functions with symbols of less than 31 + characters can be used, as the linker will not be able to successfully + resolve symbols with longer names. + + *Richard Levitte* * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time.