1.2.0

Added

• Added support for ECDH with a KDF, which is used by ECC-based CMS (S/MIME).
• Added retrieval of OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for EC keys and retrieval of TLS-GROUP provider capabilities to enable mTLS authentication (thanks to @rshearman).
• Added mTLS example to documentation (thanks to @hoinmic).
• Added missing RAND parameters: 'state' and 'strength' (thanks to @mccarey).
• Added ability to run tests in a container (thanks to @afreof).
• Added Visual Studio properties to simplify the Windows build (thanks to @philippun1).

Changed

• Symmetric operations are disabled by default. In most situations these are not needed and cause a huge performance penalty. To enable, configure with --enable-op-digest or --enable-op-cipher.

Removed

• Removed unofficial support for tpm2-tss < 3.2.0, which do not support the openssl 3.x.

Fixed

• Fixed key export: the private keys are not exportable, which shall fix some TPM-based sign operations (thanks to @fhars).
• Fixed handle related operations on 32b machines (thanks to @dezgeg).
• Fixed OSSL_FUNC_KEYMGMT_HAS operations with NULL keys.
• Fixed a heap exception on some machines (thanks to @philippun1).
• Fixed build warnings when building on the Fedora Linux.
• In documentation and tests applied a correct order of providers (thanks to @hoinmic).
• Modified documentation: the user-space resource manager (abrmd) is almost mandatory for complex scenarios such as SSL or X.509 operations.