www/64.html - diff

Return to 64.html CVS log

Up to [local] / www

Diff for /www/64.html between version 1.87 and 1.88

version 1.87, 2018/10/17 11:01:13

version 1.88, 2018/10/17 12:26:57

Line 552

<li>X509 verification is now more strict so

<a href="https://man.openbsd.org/X509_VERIFY_PARAM_set_flags.3">X509_VERIFY_PARAM</a>

host, ip or email failure will cause future

<a href="https://man.openbsd.org/X509_verify_cert.3">X509_verify_cert</a>

<a href="https://man.openbsd.org/X509_verify_cert.3">X509_verify_cert(3)</a>

calls to fail.

<li>Support for single DES cipher suites is removed.

<li>Support for RSASSA-PKCS1-v1_5 (RFC 8017) is added to

<li>Modified signature of CRYPTO_mem_leaks_* to return -1. This function

<li>Modified signature of <a href="https://man.openbsd.org/CRYPTO_mem_leaks.3">CRYPTO_mem_leaks_*(3)</a> to return -1. This function

is a no-op in LibreSSL, so this function returns an error to not

indicate the (non-)existence of memory leaks.

<li>SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate, BIO_set_cipher,

<li><a href="https://man.openbsd.org/SSL_copy_session_id.3">SSL_copy_session_id(3)</a>, PEM_Sign, <a href="https://man.openbsd.org/EVP_EncodeUpdate.3">EVP_EncodeUpdate(3)</a>, <a href="https://man.openbsd.org/BIO_set_cipher.3">BIO_set_cipher(3)</a>, <a href="https://man.openbsd.org/X509_OBJECT_up_ref_count.3">X509_OBJECT_up_ref_count(3)</a> now return an int for error handling, matching OpenSSL.

X509_OBJECT_up_ref_count now return an int for error handling,

matching OpenSSL.

<li>Converted a number of #defines into proper functions, matching

OpenSSL's ABI.

OpenSSL's ABI (e.g. <a href="https://man.openbsd.org/X509_CRL_get_issuer.3">X509_CRL_get_issuer(3)</a> and other X509_*get*(3) functions)

<li>Added X509_get0_serialNumber from OpenSSL.

<li>Added X509_get0_serialNumber(3) from OpenSSL.

<li>Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while adding

<li>Removed EVP_PKEY2PKCS8_broken(3) and PKCS8_set_broken(3), while adding

PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs, matching

PKCS8_pkey_add1_attr_by_NID(3) and PKCS8_pkey_get0_attrs(3), matching

OpenSSL.

<li>Removed broken pkcs8 formats from openssl(1).

<li>Removed broken pkcs8 formats from <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>.

<li>Added RSA_meth_get_finish() RSA_meth_set1_name() from OpenSSL.

<li>Added <a href="https://man.openbsd.org/RSA_meth_get_finish.3">RSA_meth_get_finish(3)</a> and <a href="https://man.openbsd.org/RSA_meth_set1_name.3">RSA_meth_set1_name(3)</a> from OpenSSL.

<li>Added new EVP_CIPHER_CTX_(get|set)_iv() API that allows the IV to be

<li>Added new <a href="https://man.openbsd.org/EVP_CIPHER_CTX_get_iv.3">EVP_CIPHER_CTX_(get|set)_iv(3)</a> API that allows the IV to be retrieved and set with appropriate validation.

retrieved and set with appropriate validation.

<li>Extensive documentation updates and additional API history.

<li>Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.

<li>Made ENGINE_finish and ENGINE_free succeed on NULL and simplify callers

<li>Made <a href="https://man.openbsd.org/ENGINE_finish.3">ENGINE_finish(3)</a> and <a href="https://man.openbsd.org/ENGINE_free.3">ENGINE_free(3)</a> succeed on NULL and simplify callers and matching OpenSSL behavior, rewrote ENGINE_* documentation.

and matching OpenSSL behavior, rewrote ENGINE_* documentation.

<li>Added const annotations to many existing APIs from OpenSSL, making

interoperability easier for downstream applications.

<li>Documented security pitfalls with BN_FLG_CONSTTIME and constant-time

<li>Documented <a href="https://man.openbsd.org/BN_set_flags.3#BUGS">security pitfalls</a> with BN_FLG_CONSTTIME and constant-time operation of BN_* functions.

operation of BN_* functions.

</ul>

<li>Testing and Proactive Security

<ul>