From f1ffaaeece5efb7d2f4859a59e3164edf9b4b769 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Thu, 15 Apr 2021 18:25:17 +1000
Subject: Fixes related to separation of DH and DHX types

Fix dh_rfc5114 option in genpkey.

Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444

Updated documentation for app to indicate what options are available for
DH and DHX keys.

DH and DHX now have different keymanager gen_set_params() methods.

Added CHANGES entry to indicate the breaking change.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14883)
---
 CHANGES.md | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'CHANGES.md')

diff --git a/CHANGES.md b/CHANGES.md
index d2d9e01f35..480c4091a9 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,13 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * For the key types DH and DHX the allowed settable parameters are now different.
+   Previously (in 1.1.1) these conflicting parameters were allowed, but will now
+   result in errors. See EVP_PKEY-DH(7) for further details. This affects the
+   behaviour of openssl-genpkey(1) for DH parameter generation.
+
+   *Shane Lontis*
+
  * The default manual page suffix ($MANSUFFIX) has been changed to "ossl"
 
    *Matt Caswell*
-- 
cgit v1.2.3