Lines Matching refs:now
40 SSL_CTX_set1_groups_list() now supports the DEFAULT keyword which sets the
61 The added functionality now enables support for PKCS#7 inner content
66 * The `-rawin` option of the `pkeyutl` command is now implied (and thus no
87 health check module. This also removes the now forbidden DRBG chaining.
106 sufficent. The existing macros now point to the new function
173 what were formerly build time locations can now be defined at run time
251 * ECC groups may now customize their initialization to save CPU by using
336 will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
359 reaches its upper bound of BIO_TYPE_MASK. It will now correctly return an
407 option now is an alias for `-set_subject`.
411 * OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1
607 now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
762 the EVP_KDF_CTX_set_params() function they are now concatenated not just
934 * The PKCS12_parse() function now supports MAC-less PKCS12 files.
955 default but are now no longer allowed. By default TLS compression was
961 * The SSL_CTX_set_cipher_list family functions now accept ciphers using their
977 * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
987 * The `x509`, `ca`, and `req` commands now produce X.509 v3 certificates.
1016 `CMS_sign()` now ignore any duplicate certificates in their `certs` argument
1066 * The OBJ_ calls are now thread safe using a global lock.
1076 * OPENSSL_malloc() and other allocation functions now raise errors on
1084 The RSA decryption API will now return a randomly generated deterministic
1323 * `s_client` and `s_server` commands now explicitly say when the TLS version
1345 `OPENSSL_LH_node_stats_bio` and `OPENSSL_LH_node_usage_stats_bio` are now
1349 The macro `DEFINE_LHASH_OF` is now deprecated in favour of the macro
1369 `rsa_pss_saltlen` parameter, which is now the default. Signature
1534 `OSSL_FUNC_KEYMGMT_GET_PARAMS` for EC and SM2 keys now honor
1867 * The functions `OPENSSL_LH_stats` and `OPENSSL_LH_stats_bio` now only report
1870 still listed in the output but are now always reported as zero.
2006 * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now
2059 multilib postfix is now always added to the default libdir. Use
2065 * The triple DES key wrap functionality now conforms to RFC 3217 but is
2123 * For the key types DH and DHX the allowed settable parameters are now different.
2127 * The openssl commands that read keys, certificates, and CRLs now
2144 * Support for RFC 5746 secure renegotiation is now required by default for
2151 now `const EVP_PKEY_CTX *` instead of `EVP_PKEY_CTX *`. Similarly
2154 now `const X509_PUBKEY *` instead of `X509_PUBKEY *`.
2162 * A public key check is now performed during EVP_PKEY_derive_set_peer().
2180 * The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
2204 * OSSL_STORE_INFO_get_type() may now return an additional value. In 1.1.1
2208 as type OSSL_STORE_INFO_PKEY in 1.1.1. In 3.0 decoded public keys are now
2233 * The deprecated function EVP_PKEY_get0() now returns NULL being called for a
2290 * pkcs12 now uses defaults of PBKDF2, AES and SHA-256, with a MAC iteration
2433 was incorrectly passing a DH object. It now passed an EVP_PKEY in all cases.
2453 `EVP_PKEY_CTX_set1_rsa_keygen_pubexp()`, which is now preferred.
2472 * The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
2510 now only a mere wrapper. All documentation is changed to only mention
2526 * Handshake now fails if Extended Master Secret extension is dropped
2689 modified to use PKEY APIs. These commands are now in maintenance mode
2699 APIs. They now write PKCS#8 keys by default. These commands are now in
2978 * The `x509`, `req`, and `ca` commands now make sure that X.509v3 certificates
3075 * Changed the library initialisation so that the config file is now loaded
3076 by default. This was already the case for libssl. It now occurs for both
3112 * `{CRYPTO,OPENSSL}_mem_debug_{push,pop}` are now no-ops and have been
3126 * The EVP_PKEY_CTX_set_dh_pad() macro has now been converted to a function.
3165 * Default cipher lists/suites are now available via a function, the
3216 The configuration option is now deprecated.
3271 and scrypt are now wrappers that call EVP_KDF.
3362 * AES-XTS mode now enforces that its two keys are different to mitigate
3371 versions. Their names now include the name of the final product, as
3397 * `PKCS12_parse` now maintains the order of the parsed certificates
3625 * Certificates with explicit curve parameters are now disallowed in
3630 * The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
3646 * Handshake now fails if Extended Master Secret extension is dropped
3700 application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
4125 now allow empty (zero character) pass phrases.
4139 * Remove ECDSA nonce padding: EC_POINT_mul is now responsible for
4228 in responder mode now supports the new "-multi" option, which
4230 requests. The "-timeout" option now also limits the OCSP
4263 The default RAND method now utilizes an AES-CTR DRBG according to
4296 now been removed.
4353 requirements. The RAND facility now uses/requires this.
4490 * s_client will now send the Server Name Indication (SNI) extension by
4501 * OpenSSL now fails if it receives an unrecognised record type in TLS1.0
4508 * 'openssl passwd' can now produce SHA256 and SHA512 based output,
4514 * Heartbeat support has been removed; the ABI is changed for now.
4726 now allow empty (zero character) pass phrases.
5139 with API compatibility. They new names are now completely documented.
5145 X509_CRL_up_ref(), X509_OBJECT_up_ref_count() methods are now returning an
5147 So now these methods also check the return value of CRYPTO_atomic_add(),
5163 * Automatic Darwin/OSX configuration has had a refresh, it will now
5199 * "shared" builds are now the default. To create only static libraries use
5260 * Headers are now wrapped, if necessary, with OPENSSL_NO_xxx, so
5261 it is always safe to #include a header now.
5297 * OpenSSL now uses a new threading API. It is no longer necessary to
5330 * RC4 based libssl ciphersuites are now classed as "weak" ciphers and are
5370 * Configuration change; it's now possible to build dynamic engines
5439 and on VMS. They now have names that are closer to the standard
5456 "peer" argument is now expected to be a BIO_ADDR object.
5469 * RSA_padding_check_PKCS1_type_1 now accepts inputs with and without
5507 Files such as Makefile include/openssl/opensslconf.h and are now
5527 going to be installed. The default is now /usr/local.
5544 to date GOST engine is now being maintained in an external repository.
5556 * The distribution now has Makefile.in files, which are used to
5558 before trying to build now.*
5629 now redirect key generation and no longer need to convert to or from
5632 Note: the ecdsa.h and ecdh.h headers are now no longer needed and just
5666 * Added ASYNC support. Libcrypto now includes the async sub-library to enable
5677 always enabled now. If you want to disable the support you should
5683 * SSL_{CTX}_set_tmp_ecdh() which can set 1 EC curve now internally calls
5698 SSL_get_state which now returns an "OSSL_HANDSHAKE_STATE" instead of an int.
5763 The testing framework has been largely rewritten and is now using
5780 and others were changed. All are now documented.
5883 now redundant). Users should not attempt to access internal structures
6167 anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
6306 can now return an error. The RAND changes required a change to the
6511 now allow empty (zero character) pass phrases.
6683 * OpenSSL now fails if it receives an unrecognised record type in TLS1.0
7247 incompatibility in the handling of HMAC. The previous ABI has now been
7750 certificate callback: for example you can now clear an existing
8420 incompatibility in the handling of HMAC. The previous ABI has now been
9114 hello: some (but not all) hanging servers will now work.
9119 Most broken servers should now work.
9217 header file e_os2.h as it now appears in public header file cms.h
9253 can now print out signatures instead of the standard hex dump.
9335 FIPS EC methods unconditionally for now.
9411 All server ciphersuites should now work correctly in TLS v1.2. No client
10097 * Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
10285 commands instead of having to add each one as a special case. So now
10427 Applications that want to provide their own thread IDs should now use
10431 Note that ERR_remove_state() is now deprecated, because it is tied
10443 case, the numeric thread callback will now override the automatic use
10491 The assembly language rules can now optionally generate the source
10513 IANA exists, this extension (for now) will have to be explicitly
10579 support is transparent because tickets are now stored in the encoded
10597 OpenSSL should now compile cleanly on gcc 4.2
10638 This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
10653 (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
10731 (yet). Complete overhaul of CRL handling: now the most suitable CRL is
10792 of degrees of non-zero coefficients is now terminated with -1.
10801 handling. For ECC, the code now distinguishes between fixed ECDH
10806 For consistency with EDH, ephemeral ECDH is now called "EECDH"
10808 certificates, use of ECDH certificates is now considered ECDH
10815 and "DEFAULT". The following aliases now exist for RFC 4492
10885 * Update PKCS#7 enveloped data routines to use new API. This is now
10919 structures for PKCS7_sign(). They are now set up by the relevant public
11033 extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
11120 place for the (very old) "NETSCAPE" format certificates which are now
11315 with non-FIPS digests are now usable in FIPS mode.
11482 So now fix this for real by retiring the MONT_HELPER macro
11602 This was broken until now in 0.9.8 releases, such that the only way
11722 support is transparent because tickets are now stored in the encoded
11740 extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
11824 BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
11831 RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
11835 BN_BLINDING_new() will now use BN_dup() for the modulus so that
11838 BN_BLINDING_new() and to BN_BLINDING_create_param() now
11945 128/256 bit distinction would be relevant, this works for now.
12002 versions), which is now available for royalty-free use
12017 now or any which still have the bug do not support compression.
12044 * Fixes and enhancements to zlib compression code. We now only use
12048 Static zlib linking now works on Windows and the new --with-zlib-include
12198 The patented RC5 and MDC2 algorithms will now be disabled unless
12264 * The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
12270 * Functionality for creating the initial serial number file is now
12314 * Extend ASN1 oid configuration module. It now additionally accepts the
12321 * Reimplemented the BN_CTX implementation. There is now no more static
12324 information can now expand as required, and rather than having a single
12325 static array of bignums, BN_CTX now uses a linked-list of such arrays
12356 BN_set_word() (which can fail due to needless expansion) is now deprecated;
12375 structures to try and expose faulty code further on. For now, openssl will
12413 internally to the implementation so I've used that for now.
12449 SHA-1 now is only used for "small" curves (where the
12576 * Support for single pass processing for S/MIME signing. This now
12596 will now compute a table of multiples of the generator that
12604 which use the IP:a.b.c.d can now take IPv6 addresses using the
12605 formats of RFC1884 2.2 . IPv6 addresses are now also displayed
12635 * Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
12710 EC_GROUP_new_curve_GFp() will now automatically use this
12842 The generic implementations (now internally called 'ec_wNAF_mul'
13000 - 'openssl req' now has a '-newkey ecdsa:file' option;
13001 - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
13164 The value now differs depending on if you build for FIPS or not.
13501 the 'flags' parameter. 'flags' is now honoured, so applications
13506 * Target "mingw" now allows native Windows code to be generated in
13921 Most commands now load modules from the config file,
14175 can now accelerate these by providing EVP_CIPHER and EVP_MD
14180 were changed in the original introduction of ENGINE code have now
14181 reverted back - the hooking from this code to ENGINE is now a good
14220 SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
14294 ex_data state - it's now all inside ex_data.c and all "class" code (eg.
14298 and counter, and there is now an API function to dynamically create new
14305 leak as before, but their memory debugging output will announce it now
14309 induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
14378 now have to pass a pointer to a des_key_schedule instead of a
14434 already does with RSA. testdsa.h now has 'priv_key/pub_key'
14622 * New dynamic control command support for ENGINEs. ENGINEs can now
14650 * Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
14746 than GF(p), some functions are limited to that for now.
14774 * Modify `EVP_Digest*()` routines so they now return values. Although the
14783 (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
14793 They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
14845 cleanup (among others, algorithm keywords are now sorted
14923 Additionally, it is now possible to define configuration/platform-
14964 * New nonce behavior. The return value of OCSP_check_nonce() now
15077 is initialised to -1 but X509_time_adj() now has to check the value
15183 `CRYPTO_get_[locked_]mem_functions` now writes 0 where such an
15211 (select timeout) and read in non-blocking mode. DEVRANDOM now
15249 is now in OCSP_REQUEST_new() (and the case insensitive name
15256 various functions. Extensions are now handled using the new
15380 for now but they will eventually go away.
15462 The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
15586 * 'openssl engine' can now list capabilities.
15630 * Rework the filename-translation in the DSO code. It is now possible to
16055 To avoid this problem, we now set s->new_session to 2 instead of
16432 Both problems are now fixed.
16976 verify code now looks up an issuer certificate by a
16985 Authority and subject key identifier are now cached.
16987 The LHASH 'certs' is X509_STORE has now been replaced
16997 The functions X509_STORE_add_cert() now checks for an
17010 All certificate lookup operations now go via a get_issuer()
17019 The verify_cb() and verify() callbacks now have equivalents
17071 Nuron (<http://www.nuron.com/>) and is now available in
17081 * Unrecognized PKCS#7 content types are now handled via a
17113 through syslog. The prefixes are now:
17157 value as LN and vice versa), these are now added on the
17222 are always statically linked for now, but there are
17293 * mkstack.pl now sorts each macro group into lexical order.
17307 * Reorganisation of the stack code. The macros are now all
17310 DEBUG_SAFESTACK is now handled in terms of function casts,
17353 (meaning that now 2^5 values will be precomputed, which is only 4 KB
17378 * The type-safe stack code has been rejigged. It is now only compiled
17442 Change lots of functions like EVP_EncryptUpdate() to now return a
17496 password on export: but it will try both on import. We now do
17498 the password is set to "" or NULL (NULL is now a valid password:
17520 * RSA_get_default_method() will now cause a default
17545 new functions (`NCONF_*`, for "New CONF") to handle it. The now
17645 ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
17820 * `..._ctrl` functions now have corresponding `..._callback_ctrl` functions
17829 * `<openssl/opensslconf.h>` (which is created by Configure) now contains
17858 * Reorganise password command line arguments: now passwords can be
17906 * ./config recognizes MacOS X now.
17936 one would link with the other. They are now in separate source files.
17969 DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
17979 callback function now provide an iteration count for the outer
18039 BN_is_prime(..., BN_prime_checks, ...) now uses
18052 "dhparam". The old programs are retained for now but will handle DH keys
18081 * Minor change to 'x509' utility. The -CAcreateserial option now uses 1
18100 So we also now have some wrapper functions that call the X509at functions
18114 * Precautions against using the PRNG uninitialized: RAND_bytes() now
18243 * SSL 3/TLS 1 servers now don't request certificates when an anonymous
18256 so if there's a conflict, we now throw out the old one to achieve
18274 The trust checking code now has a default behaviour: it will just
18310 * Initial support for MacOS is now provided. Examine INSTALL.MacOS
18410 * Modify the way the V3 extension code looks up extensions. This now
18414 crypto/x509v3/ext_dat.h now has the info: this file needs to be
18422 X509V3_add_standard_extensions(): this function now does nothing.
18464 verify structure is likely to change more often now.
18536 has been modified to it will now verify a self signed
18541 now gives a warning about a self signed certificate but
18644 since SSLeay releases. For now the offending routine has been replaced
18645 with non-optimised assembler. Even so, this now gives around 95%
18709 found in genrsa is now in app_rand.c and is used by all programs
18847 less strict. It will now permit CRL extensions even if it is not
19061 The `PEM[_ASN1]_{read,write}...` functions and macros now take an
19080 To avoid problematic command lines, these definitions are now in an
19153 "off" is now the default.
19160 even the default) are now avoided.
19207 up the length of negative integers. This has now been simplified to just
19231 Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
19349 This has also changed the EVP_PBE_CipherInit() function which now has a
19376 * config now generates no-xxx options for missing ciphers.
19440 * Bignum library bug fix. IRIX 6 passes "make test" now!
19448 and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
19458 * Fix most of the other PKCS#7 bugs. The "experimental" code can now
19508 intended anyway -- now it really works as intended).
19522 * Various fixes to the EVP and PKCS#7 code. It may now be able to
19530 is now called ctx->cert, since we don't resort to `s->ctx->[default_]cert`
19537 Note that using the SSL API in certain dirty ways now will result
19616 now it really counts the depth.
19674 * Partial rewrite of the DEF file generator to now parse the ANSI
19683 * Complete rewrite of the error code script(s). It is all now handled
19686 than the old method: it now uses a modified version of Ulf's parser to
19691 have now been deleted. Also the error code call doesn't have to appear all
19787 * Delete various functions and files that belonged to the (now obsolete)
19819 revoking a certificate. The -revoke option does the gory details now.
19837 all available ciphers including rc5, which was forgotten until now.
19839 are available, a new (up to now undocumented) command
19873 SSL2_SERVER_VERSION (not used at all) macros, which are now the
19969 * Change the meaning of 'ALL' in the cipher list. It now means "everything
20012 * Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
20029 * Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
20030 fine under Unix and passes some trivial tests I've now added. But the
20059 Configure script every time: One now can use
20067 now, which overrides the FreeBSD-elf entry on-the-fly.
20088 questions now is the OpenSSL core team under openssl-core@openssl.org.
20106 It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
20188 The new functions now let applications reconfigure the stuff and they
20231 option; it now only avoids using the RSA stuff. Same applies to NO_DSA
20232 now, too.
20358 message is now correct (it understands "crypto" and "ssl" on its
20359 command line). There is also now an "update" option. This will update
20456 and add a sample to openssl.cnf so req -x509 now adds appropriate
20481 Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
20491 now reads in the old error codes and retains the old numbers, only
20635 * First cut of a cleanup for `apps/`. First the `ssleay` program is now named
20681 EXPLICIT tags. Some non standard certificates use these: they can now
