Lines Matching refs:now
34 SSL_CTX_set1_groups_list() now supports the DEFAULT keyword which sets the
55 The added functionality now enables support for PKCS#7 inner content
60 * The `-rawin` option of the `pkeyutl` command is now implied (and thus no
81 health check module. This also removes the now forbidden DRBG chaining.
100 sufficent. The existing macros now point to the new function
167 what were formerly build time locations can now be defined at run time
245 * ECC groups may now customize their initialization to save CPU by using
330 will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
353 reaches its upper bound of BIO_TYPE_MASK. It will now correctly return an
401 option now is an alias for `-set_subject`.
405 * OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1
601 now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
756 the EVP_KDF_CTX_set_params() function they are now concatenated not just
928 * The PKCS12_parse() function now supports MAC-less PKCS12 files.
949 default but are now no longer allowed. By default TLS compression was
955 * The SSL_CTX_set_cipher_list family functions now accept ciphers using their
971 * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
981 * The `x509`, `ca`, and `req` commands now produce X.509 v3 certificates.
1010 `CMS_sign()` now ignore any duplicate certificates in their `certs` argument
1060 * The OBJ_ calls are now thread safe using a global lock.
1070 * OPENSSL_malloc() and other allocation functions now raise errors on
1078 The RSA decryption API will now return a randomly generated deterministic
1317 * `s_client` and `s_server` commands now explicitly say when the TLS version
1339 `OPENSSL_LH_node_stats_bio` and `OPENSSL_LH_node_usage_stats_bio` are now
1343 The macro `DEFINE_LHASH_OF` is now deprecated in favour of the macro
1363 `rsa_pss_saltlen` parameter, which is now the default. Signature
1528 `OSSL_FUNC_KEYMGMT_GET_PARAMS` for EC and SM2 keys now honor
1861 * The functions `OPENSSL_LH_stats` and `OPENSSL_LH_stats_bio` now only report
1864 still listed in the output but are now always reported as zero.
2000 * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now
2053 multilib postfix is now always added to the default libdir. Use
2059 * The triple DES key wrap functionality now conforms to RFC 3217 but is
2117 * For the key types DH and DHX the allowed settable parameters are now different.
2121 * The openssl commands that read keys, certificates, and CRLs now
2138 * Support for RFC 5746 secure renegotiation is now required by default for
2145 now `const EVP_PKEY_CTX *` instead of `EVP_PKEY_CTX *`. Similarly
2148 now `const X509_PUBKEY *` instead of `X509_PUBKEY *`.
2156 * A public key check is now performed during EVP_PKEY_derive_set_peer().
2174 * The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
2198 * OSSL_STORE_INFO_get_type() may now return an additional value. In 1.1.1
2202 as type OSSL_STORE_INFO_PKEY in 1.1.1. In 3.0 decoded public keys are now
2227 * The deprecated function EVP_PKEY_get0() now returns NULL being called for a
2284 * pkcs12 now uses defaults of PBKDF2, AES and SHA-256, with a MAC iteration
2427 was incorrectly passing a DH object. It now passed an EVP_PKEY in all cases.
2447 `EVP_PKEY_CTX_set1_rsa_keygen_pubexp()`, which is now preferred.
2466 * The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
2504 now only a mere wrapper. All documentation is changed to only mention
2520 * Handshake now fails if Extended Master Secret extension is dropped
2683 modified to use PKEY APIs. These commands are now in maintenance mode
2693 APIs. They now write PKCS#8 keys by default. These commands are now in
2972 * The `x509`, `req`, and `ca` commands now make sure that X.509v3 certificates
3069 * Changed the library initialisation so that the config file is now loaded
3070 by default. This was already the case for libssl. It now occurs for both
3106 * `{CRYPTO,OPENSSL}_mem_debug_{push,pop}` are now no-ops and have been
3120 * The EVP_PKEY_CTX_set_dh_pad() macro has now been converted to a function.
3159 * Default cipher lists/suites are now available via a function, the
3210 The configuration option is now deprecated.
3265 and scrypt are now wrappers that call EVP_KDF.
3356 * AES-XTS mode now enforces that its two keys are different to mitigate
3365 versions. Their names now include the name of the final product, as
3391 * `PKCS12_parse` now maintains the order of the parsed certificates
3619 * Certificates with explicit curve parameters are now disallowed in
3624 * The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
3640 * Handshake now fails if Extended Master Secret extension is dropped
3694 application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
4119 now allow empty (zero character) pass phrases.
4133 * Remove ECDSA nonce padding: EC_POINT_mul is now responsible for
4222 in responder mode now supports the new "-multi" option, which
4224 requests. The "-timeout" option now also limits the OCSP
4257 The default RAND method now utilizes an AES-CTR DRBG according to
4290 now been removed.
4347 requirements. The RAND facility now uses/requires this.
4484 * s_client will now send the Server Name Indication (SNI) extension by
4495 * OpenSSL now fails if it receives an unrecognised record type in TLS1.0
4502 * 'openssl passwd' can now produce SHA256 and SHA512 based output,
4508 * Heartbeat support has been removed; the ABI is changed for now.
4720 now allow empty (zero character) pass phrases.
5133 with API compatibility. They new names are now completely documented.
5139 X509_CRL_up_ref(), X509_OBJECT_up_ref_count() methods are now returning an
5141 So now these methods also check the return value of CRYPTO_atomic_add(),
5157 * Automatic Darwin/OSX configuration has had a refresh, it will now
5193 * "shared" builds are now the default. To create only static libraries use
5254 * Headers are now wrapped, if necessary, with OPENSSL_NO_xxx, so
5255 it is always safe to #include a header now.
5291 * OpenSSL now uses a new threading API. It is no longer necessary to
5324 * RC4 based libssl ciphersuites are now classed as "weak" ciphers and are
5364 * Configuration change; it's now possible to build dynamic engines
5433 and on VMS. They now have names that are closer to the standard
5450 "peer" argument is now expected to be a BIO_ADDR object.
5463 * RSA_padding_check_PKCS1_type_1 now accepts inputs with and without
5501 Files such as Makefile include/openssl/opensslconf.h and are now
5521 going to be installed. The default is now /usr/local.
5538 to date GOST engine is now being maintained in an external repository.
5550 * The distribution now has Makefile.in files, which are used to
5552 before trying to build now.*
5623 now redirect key generation and no longer need to convert to or from
5626 Note: the ecdsa.h and ecdh.h headers are now no longer needed and just
5660 * Added ASYNC support. Libcrypto now includes the async sub-library to enable
5671 always enabled now. If you want to disable the support you should
5677 * SSL_{CTX}_set_tmp_ecdh() which can set 1 EC curve now internally calls
5692 SSL_get_state which now returns an "OSSL_HANDSHAKE_STATE" instead of an int.
5757 The testing framework has been largely rewritten and is now using
5774 and others were changed. All are now documented.
5877 now redundant). Users should not attempt to access internal structures
6161 anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
6300 can now return an error. The RAND changes required a change to the
6505 now allow empty (zero character) pass phrases.
6677 * OpenSSL now fails if it receives an unrecognised record type in TLS1.0
7241 incompatibility in the handling of HMAC. The previous ABI has now been
7744 certificate callback: for example you can now clear an existing
8414 incompatibility in the handling of HMAC. The previous ABI has now been
9108 hello: some (but not all) hanging servers will now work.
9113 Most broken servers should now work.
9211 header file e_os2.h as it now appears in public header file cms.h
9247 can now print out signatures instead of the standard hex dump.
9329 FIPS EC methods unconditionally for now.
9405 All server ciphersuites should now work correctly in TLS v1.2. No client
10091 * Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
10279 commands instead of having to add each one as a special case. So now
10421 Applications that want to provide their own thread IDs should now use
10425 Note that ERR_remove_state() is now deprecated, because it is tied
10437 case, the numeric thread callback will now override the automatic use
10485 The assembly language rules can now optionally generate the source
10507 IANA exists, this extension (for now) will have to be explicitly
10573 support is transparent because tickets are now stored in the encoded
10591 OpenSSL should now compile cleanly on gcc 4.2
10632 This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
10647 (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
10725 (yet). Complete overhaul of CRL handling: now the most suitable CRL is
10786 of degrees of non-zero coefficients is now terminated with -1.
10795 handling. For ECC, the code now distinguishes between fixed ECDH
10800 For consistency with EDH, ephemeral ECDH is now called "EECDH"
10802 certificates, use of ECDH certificates is now considered ECDH
10809 and "DEFAULT". The following aliases now exist for RFC 4492
10879 * Update PKCS#7 enveloped data routines to use new API. This is now
10913 structures for PKCS7_sign(). They are now set up by the relevant public
11027 extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
11114 place for the (very old) "NETSCAPE" format certificates which are now
11309 with non-FIPS digests are now usable in FIPS mode.
11476 So now fix this for real by retiring the MONT_HELPER macro
11596 This was broken until now in 0.9.8 releases, such that the only way
11716 support is transparent because tickets are now stored in the encoded
11734 extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
11818 BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
11825 RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
11829 BN_BLINDING_new() will now use BN_dup() for the modulus so that
11832 BN_BLINDING_new() and to BN_BLINDING_create_param() now
11939 128/256 bit distinction would be relevant, this works for now.
11996 versions), which is now available for royalty-free use
12011 now or any which still have the bug do not support compression.
12038 * Fixes and enhancements to zlib compression code. We now only use
12042 Static zlib linking now works on Windows and the new --with-zlib-include
12192 The patented RC5 and MDC2 algorithms will now be disabled unless
12258 * The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
12264 * Functionality for creating the initial serial number file is now
12308 * Extend ASN1 oid configuration module. It now additionally accepts the
12315 * Reimplemented the BN_CTX implementation. There is now no more static
12318 information can now expand as required, and rather than having a single
12319 static array of bignums, BN_CTX now uses a linked-list of such arrays
12350 BN_set_word() (which can fail due to needless expansion) is now deprecated;
12369 structures to try and expose faulty code further on. For now, openssl will
12407 internally to the implementation so I've used that for now.
12443 SHA-1 now is only used for "small" curves (where the
12570 * Support for single pass processing for S/MIME signing. This now
12590 will now compute a table of multiples of the generator that
12598 which use the IP:a.b.c.d can now take IPv6 addresses using the
12599 formats of RFC1884 2.2 . IPv6 addresses are now also displayed
12629 * Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
12704 EC_GROUP_new_curve_GFp() will now automatically use this
12836 The generic implementations (now internally called 'ec_wNAF_mul'
12994 - 'openssl req' now has a '-newkey ecdsa:file' option;
12995 - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
13158 The value now differs depending on if you build for FIPS or not.
13495 the 'flags' parameter. 'flags' is now honoured, so applications
13500 * Target "mingw" now allows native Windows code to be generated in
13915 Most commands now load modules from the config file,
14169 can now accelerate these by providing EVP_CIPHER and EVP_MD
14174 were changed in the original introduction of ENGINE code have now
14175 reverted back - the hooking from this code to ENGINE is now a good
14214 SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
14288 ex_data state - it's now all inside ex_data.c and all "class" code (eg.
14292 and counter, and there is now an API function to dynamically create new
14299 leak as before, but their memory debugging output will announce it now
14303 induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
14372 now have to pass a pointer to a des_key_schedule instead of a
14428 already does with RSA. testdsa.h now has 'priv_key/pub_key'
14616 * New dynamic control command support for ENGINEs. ENGINEs can now
14644 * Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
14740 than GF(p), some functions are limited to that for now.
14768 * Modify `EVP_Digest*()` routines so they now return values. Although the
14777 (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
14787 They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
14839 cleanup (among others, algorithm keywords are now sorted
14917 Additionally, it is now possible to define configuration/platform-
14958 * New nonce behavior. The return value of OCSP_check_nonce() now
15071 is initialised to -1 but X509_time_adj() now has to check the value
15177 `CRYPTO_get_[locked_]mem_functions` now writes 0 where such an
15205 (select timeout) and read in non-blocking mode. DEVRANDOM now
15243 is now in OCSP_REQUEST_new() (and the case insensitive name
15250 various functions. Extensions are now handled using the new
15374 for now but they will eventually go away.
15456 The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
15580 * 'openssl engine' can now list capabilities.
15624 * Rework the filename-translation in the DSO code. It is now possible to
16049 To avoid this problem, we now set s->new_session to 2 instead of
16426 Both problems are now fixed.
16970 verify code now looks up an issuer certificate by a
16979 Authority and subject key identifier are now cached.
16981 The LHASH 'certs' is X509_STORE has now been replaced
16991 The functions X509_STORE_add_cert() now checks for an
17004 All certificate lookup operations now go via a get_issuer()
17013 The verify_cb() and verify() callbacks now have equivalents
17065 Nuron (<http://www.nuron.com/>) and is now available in
17075 * Unrecognized PKCS#7 content types are now handled via a
17107 through syslog. The prefixes are now:
17151 value as LN and vice versa), these are now added on the
17216 are always statically linked for now, but there are
17287 * mkstack.pl now sorts each macro group into lexical order.
17301 * Reorganisation of the stack code. The macros are now all
17304 DEBUG_SAFESTACK is now handled in terms of function casts,
17347 (meaning that now 2^5 values will be precomputed, which is only 4 KB
17372 * The type-safe stack code has been rejigged. It is now only compiled
17436 Change lots of functions like EVP_EncryptUpdate() to now return a
17490 password on export: but it will try both on import. We now do
17492 the password is set to "" or NULL (NULL is now a valid password:
17514 * RSA_get_default_method() will now cause a default
17539 new functions (`NCONF_*`, for "New CONF") to handle it. The now
17639 ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
17814 * `..._ctrl` functions now have corresponding `..._callback_ctrl` functions
17823 * `<openssl/opensslconf.h>` (which is created by Configure) now contains
17852 * Reorganise password command line arguments: now passwords can be
17900 * ./config recognizes MacOS X now.
17930 one would link with the other. They are now in separate source files.
17963 DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
17973 callback function now provide an iteration count for the outer
18033 BN_is_prime(..., BN_prime_checks, ...) now uses
18046 "dhparam". The old programs are retained for now but will handle DH keys
18075 * Minor change to 'x509' utility. The -CAcreateserial option now uses 1
18094 So we also now have some wrapper functions that call the X509at functions
18108 * Precautions against using the PRNG uninitialized: RAND_bytes() now
18237 * SSL 3/TLS 1 servers now don't request certificates when an anonymous
18250 so if there's a conflict, we now throw out the old one to achieve
18268 The trust checking code now has a default behaviour: it will just
18304 * Initial support for MacOS is now provided. Examine INSTALL.MacOS
18404 * Modify the way the V3 extension code looks up extensions. This now
18408 crypto/x509v3/ext_dat.h now has the info: this file needs to be
18416 X509V3_add_standard_extensions(): this function now does nothing.
18458 verify structure is likely to change more often now.
18530 has been modified to it will now verify a self signed
18535 now gives a warning about a self signed certificate but
18638 since SSLeay releases. For now the offending routine has been replaced
18639 with non-optimised assembler. Even so, this now gives around 95%
18703 found in genrsa is now in app_rand.c and is used by all programs
18841 less strict. It will now permit CRL extensions even if it is not
19055 The `PEM[_ASN1]_{read,write}...` functions and macros now take an
19074 To avoid problematic command lines, these definitions are now in an
19147 "off" is now the default.
19154 even the default) are now avoided.
19201 up the length of negative integers. This has now been simplified to just
19225 Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
19343 This has also changed the EVP_PBE_CipherInit() function which now has a
19370 * config now generates no-xxx options for missing ciphers.
19434 * Bignum library bug fix. IRIX 6 passes "make test" now!
19442 and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
19452 * Fix most of the other PKCS#7 bugs. The "experimental" code can now
19502 intended anyway -- now it really works as intended).
19516 * Various fixes to the EVP and PKCS#7 code. It may now be able to
19524 is now called ctx->cert, since we don't resort to `s->ctx->[default_]cert`
19531 Note that using the SSL API in certain dirty ways now will result
19610 now it really counts the depth.
19668 * Partial rewrite of the DEF file generator to now parse the ANSI
19677 * Complete rewrite of the error code script(s). It is all now handled
19680 than the old method: it now uses a modified version of Ulf's parser to
19685 have now been deleted. Also the error code call doesn't have to appear all
19781 * Delete various functions and files that belonged to the (now obsolete)
19813 revoking a certificate. The -revoke option does the gory details now.
19831 all available ciphers including rc5, which was forgotten until now.
19833 are available, a new (up to now undocumented) command
19867 SSL2_SERVER_VERSION (not used at all) macros, which are now the
19963 * Change the meaning of 'ALL' in the cipher list. It now means "everything
20006 * Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
20023 * Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
20024 fine under Unix and passes some trivial tests I've now added. But the
20053 Configure script every time: One now can use
20061 now, which overrides the FreeBSD-elf entry on-the-fly.
20082 questions now is the OpenSSL core team under openssl-core@openssl.org.
20100 It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
20182 The new functions now let applications reconfigure the stuff and they
20225 option; it now only avoids using the RSA stuff. Same applies to NO_DSA
20226 now, too.
20352 message is now correct (it understands "crypto" and "ssl" on its
20353 command line). There is also now an "update" option. This will update
20450 and add a sample to openssl.cnf so req -x509 now adds appropriate
20475 Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
20485 now reads in the old error codes and retains the old numbers, only
20629 * First cut of a cleanup for `apps/`. First the `ssleay` program is now named
20675 EXPLICIT tags. Some non standard certificates use these: they can now
