diff --git a/ChangeLog b/ChangeLog index e4844784..b40555e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2020-04-06 Jay Berkenbilt + + * Add openssl crypto provider, contributed by Dean Scarff. This + provider is implemented using OpenSSL and also works with + BoringSSL. + 2020-04-04 Jay Berkenbilt * Add a new provideStreamData method for StreamDataProvider that diff --git a/manual/qpdf-manual.xml b/manual/qpdf-manual.xml index 3dc4e2f6..9720ad03 100644 --- a/manual/qpdf-manual.xml +++ b/manual/qpdf-manual.xml @@ -138,7 +138,9 @@ Recommended but not required: gnutls: https://www.gnutls.org/ - to be able to use the gnutls crypto provider + to be able to use the gnutls crypto provider, and/or openssl: + https://openssl.org/ + to be able to use the openssl crypto provider. @@ -271,10 +273,11 @@ make Starting with qpdf version 9.1.0, the available implementations - are native and gnutls. - Additional implementations may be added if needed. It is also - possible for a developer to provide their own implementation - without modifying the qpdf library. + are native and gnutls. In + qpdf 10.0.0, openssl was added. Additional + implementations may be added if needed. It is also possible for a + developer to provide their own implementation without modifying + the qpdf library. Build Support For Crypto Providers @@ -344,9 +347,10 @@ make own external dependencies that can be omitted if the crypto provider is not used. For example, if you are building qpdf yourself and are using an environment that does not support - gnutls, you can ensure that USE_CRYPTO_NATIVE - is defined, USE_CRYPTO_GNUTLS is not defined, - and DEFAULT_CRYPTO is defined to + gnutls or openssl, you can ensure that + USE_CRYPTO_NATIVE is defined, + USE_CRYPTO_GNUTLS is not defined, and + DEFAULT_CRYPTO is defined to "native". Then you must include the source files used in the native implementation, some of which were added or renamed from earlier versions, to your build, and you can @@ -4794,6 +4798,35 @@ print "\n"; + + + Build/Packaging Changes + + + + + Add a openssl crypto provider, which is + implemented with OpenSSL and also works with BoringSSL. + Thanks to Dean Scarff for this contribution. If you maintain + qpdf for a distribution, pay special attention to make sure + that you are including support for the crypto providers you + want. Package maintainers will have to weigh the advantages + of allowing users to pick a crypto provider at runtime + against the disadvantages of adding more dependencies to + qpdf. + + + + + Allow qpdf to built on stripped down systems whose C/C++ + libraries lack the wchar_t type. + Search for wchar_t in qpdf's + README.md for details. This should be very rare, but it is + known to be helpful in some embedded environments. + + + + CLI Enhancements @@ -4944,22 +4977,6 @@ print "\n"; - - - Build Changes - - - - - Allow qpdf to built on stripped down systems whose C/C++ - libraries lack the wchar_t type. - Search for wchar_t in qpdf's - README.md for details. This should be very rare, but it is - known to be helpful in some embedded environments. - - - -