===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/64.html,v
retrieving revision 1.87
retrieving revision 1.88
diff -c -r1.87 -r1.88
*** www/64.html 2018/10/17 11:01:13 1.87
--- www/64.html 2018/10/17 12:26:57 1.88
***************
*** 552,586 ****
X509 verification is now more strict so
X509_VERIFY_PARAM
host, ip or email failure will cause future
! X509_verify_cert
calls to fail.
Support for single DES cipher suites is removed.
Support for RSASSA-PKCS1-v1_5 (RFC 8017) is added to
RSA_sign(3)
! Modified signature of CRYPTO_mem_leaks_* to return -1. This function
is a no-op in LibreSSL, so this function returns an error to not
indicate the (non-)existence of memory leaks.
! SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate, BIO_set_cipher,
! X509_OBJECT_up_ref_count now return an int for error handling,
! matching OpenSSL.
Converted a number of #defines into proper functions, matching
! OpenSSL's ABI.
! Added X509_get0_serialNumber from OpenSSL.
! Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while adding
! PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs, matching
OpenSSL.
! Removed broken pkcs8 formats from openssl(1).
! Added RSA_meth_get_finish() RSA_meth_set1_name() from OpenSSL.
! Added new EVP_CIPHER_CTX_(get|set)_iv() API that allows the IV to be
! retrieved and set with appropriate validation.
Extensive documentation updates and additional API history.
Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.
! Made ENGINE_finish and ENGINE_free succeed on NULL and simplify callers
! and matching OpenSSL behavior, rewrote ENGINE_* documentation.
Added const annotations to many existing APIs from OpenSSL, making
interoperability easier for downstream applications.
! Documented security pitfalls with BN_FLG_CONSTTIME and constant-time
! operation of BN_* functions.
Testing and Proactive Security
--- 552,581 ----
- X509 verification is now more strict so
X509_VERIFY_PARAM
host, ip or email failure will cause future
! X509_verify_cert(3)
calls to fail.
- Support for single DES cipher suites is removed.
- Support for RSASSA-PKCS1-v1_5 (RFC 8017) is added to
RSA_sign(3)
!
- Modified signature of CRYPTO_mem_leaks_*(3) to return -1. This function
is a no-op in LibreSSL, so this function returns an error to not
indicate the (non-)existence of memory leaks.
!
- SSL_copy_session_id(3), PEM_Sign, EVP_EncodeUpdate(3), BIO_set_cipher(3), X509_OBJECT_up_ref_count(3) now return an int for error handling, matching OpenSSL.
- Converted a number of #defines into proper functions, matching
! OpenSSL's ABI (e.g. X509_CRL_get_issuer(3) and other X509_*get*(3) functions)
!
- Added X509_get0_serialNumber(3) from OpenSSL.
!
- Removed EVP_PKEY2PKCS8_broken(3) and PKCS8_set_broken(3), while adding
! PKCS8_pkey_add1_attr_by_NID(3) and PKCS8_pkey_get0_attrs(3), matching
OpenSSL.
!
- Removed broken pkcs8 formats from openssl(1).
!
- Added RSA_meth_get_finish(3) and RSA_meth_set1_name(3) from OpenSSL.
!
- Added new EVP_CIPHER_CTX_(get|set)_iv(3) API that allows the IV to be retrieved and set with appropriate validation.
- Extensive documentation updates and additional API history.
- Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.
!
- Made ENGINE_finish(3) and ENGINE_free(3) succeed on NULL and simplify callers and matching OpenSSL behavior, rewrote ENGINE_* documentation.
- Added const annotations to many existing APIs from OpenSSL, making
interoperability easier for downstream applications.
!
- Documented security pitfalls with BN_FLG_CONSTTIME and constant-time operation of BN_* functions.
Testing and Proactive Security