- Update to 3.0.0 Alpha 7
* Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public
interface. Their functionality remains unchanged.
* Deprecated EVP_PKEY_set_alias_type(). This function was previously
needed as a workaround to recognise SM2 keys. With OpenSSL 3.0, this key
type is internally recognised so the workaround is no longer needed.
* Deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() & introduced
EVP_PKEY_CTX_set1_rsa_keygen_pubexp(), which is now preferred.
* Changed all "STACK" functions to be macros instead of inline functions.
Macro parameters are still checked for type safety at compile time via
helper inline functions.
* Remove the RAND_DRBG API:
The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()).
Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.
* Added the options '-crl_lastupdate' and '-crl_nextupdate' to 'openssl ca',
allowing the 'lastUpdate' and 'nextUpdate' fields in the generated CRL to
be set explicitly.
* 'PKCS12_parse' now maintains the order of the parsed certificates
when outputting them via '*ca' (rather than reversing it).
- Update openssl-DEFAULT_SUSE_cipher.patch
contained in upstream.
OBS-URL: https://build.opensuse.org/request/show/841985
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=17
