From 3bd65f9b5b4731acae395d045dea63d7fdfd507b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 22 Jun 2020 13:15:22 +0200 Subject: [PATCH] Update NEWS and CHANGES NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12228) --- CHANGES.md | 22 ++++++++++++++++++++++ NEWS.md | 1 + 2 files changed, 23 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 8f8ee33415..7da5ccd55c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,28 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Added a library context that applications as well as other + libraries can use to form a separate context within which libcrypto + operations are performed. + + There are two ways this can be used: + + - Directly, by passing a library context to functions that take + such an argument, such as `EVP_CIPHER_fetch` and similar algorithm + fetching functions. + - Indirectly, by creating a new library context and then assigning + it as the new default, with `OPENSSL_CTX_set0_default`. + + All public OpenSSL functions that take an `OPENSSL_CTX` pointer, + apart from the functions directly related to `OPENSSL_CTX`, accept + NULL to indicate that the default library context should be used. + + Library code that changes the default library context using + `OPENSSL_CTX_set0_default` should take care to restore it with a + second call before returning to the caller. + + *Richard Levitte* + * Handshake now fails if Extended Master Secret extension is dropped on renegotiation. diff --git a/NEWS.md b/NEWS.md index 759600cef9..1d36a903f1 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Added `OPENSSL_CTX`, a libcrypto library context. * Interactive mode is removed from the 'openssl' program. * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in the FIPS provider. None have the "fips=yes" property set and, as such,