11.4.6 2 - Update unit tests to new pki.goog test servers 3 41.4.5 5 - Tweaks and fixes for upcoming OpenSSLv3. Once OpenSSLv3 is released we should 6 port the deprecated functions, but for now we keep supporting OpenSSL 1.0.2. 7 81.4.4 9 - Fix rand_bytes for large input 10 - Remove some legacy Windows workarounds from R 3.2 11 - Windows: upgrade libs to openssl 1.1.1k 12 131.4.3 14 - Fix a harmless compiler warning for CRAN 15 161.4.2 17 - Catch FIPS errors and add FIPS flag to openssl_config() 18 - Win/Mac: update binary packages to openssl 1.1.1g 19 - Early preparations for upcoming OpenSSL 3 20 211.4.1 22 - write_pkcs1 now supports RSA/DSA/EC keys for legacy ssh compatibility 23 - as.list.cert() gains a parameter 'name_format' to control printing #72 24 251.4.0 26 - Expose ed25519 and x25519 functions for signatures and diffie hellman using 27 curve25519. This is only supported when building against version 1.1.1 or newer 28 of the openssl library. 29 - Unit tests for curve25519 (this requires sodium) 30 311.3.0 32 - read_key() now supports the new openssh private key format 33 - Added bcrypt KDF which is needed to read the new openssh keys 34 351.2.2 36 - Fix double free crash with libssl 1.1.1b 37 381.2.1 39 - Hotfix release for crash in ecdsa_write() 40 411.2 42 - askpass() has been moved into its own package and gains native programs 43 for MacOS and Windows. 44 - Added ecdsa_parse() and ecdsa_write() to support JWT signatures (jose pkg) 45 461.1 47 - MacOS and Windows binaries now ship with libssl 1.1.1 (TLS 1.3 support) 48 - Windows (breaking): my_key() and my_pubkey() now interpret ~/ as windows 49 home dir instead of documents dir, for compatibility with other software. 50 - my_pubkey() no longer uses USER_PUBKEY but instead USER_KEY + ".pub" 51 - Use the OpenSSL 1.1 API in LibreSSL 2.7 52 - Suppress echo in askpass if stdin is a tty 53 541.0.2 55 - Improve system error messages in download_ssl_cert() 56 - Fix unit test (password error message) for libcrypto 1.1.1 57 581.0.1 59 - Fix a unit test from http://pki.goog/ (google changed servers) 60 611.0 62 - Add the 'name' field to read_p12() output 63 - Add write_pkcs1() for legacy OpenSSH keys 64 - Fix unit tests using http://pki.goog/ (Google changed crt files to DER) 65 660.9.9 67 - Workaround failing test on Mavericks due to IPv6 firewall issue 68 690.9.8 70 - Fix build on OSX Mavericks 71 720.9.7 73 - Configure script checks SHLIB_VERSION_NUMBER to find matching lib 74 - Added internal stopifnot() replacement to give more helpful error mesasges 75 - Add live SSL unit tests from https://pki.goog 76 - Fix for OpenBSD/FreeBSD (#41) 77 - Added as.integer.bignum() method 78 - Update maintainer email address 79 - Add symbol registration call in R_init_openssl 80 - Reject empty digests when signing (#44) 81 - Use OPENSSL_free to free OpenSSL's allocations (#44) 82 - Cleanups for ec_keygen() (#44) 83 - Windows: update OpenSSL to 1.1.0f 84 850.9.6 86 - Add read_p7b() and write_p7b() for certificate bundles 87 - Rename read_pkcs12 / write_pkcs12 to read_p12 / write_p12 88 - More unit test for rountripping certs 89 - Workaround for PEM files with "RSA PUBLIC KEY" instead of "PUBLIC KEY" header 90 - Fix example in bignum vignette for OpenSSL 1.1.0 (increase RSA key size) 91 - Sync bundled cacert.pem with Mozilla as of: Wed Sep 14 03:12:05 2016 92 - Added blake2b and blake2s hash functions (only available in libssl 1.1) 93 - Fix support for LibreSSL 94 - Windows: update libssl/libcrypto to 1.1.0c 95 960.9.5 97 - Support for new API in OpenSSL 1.1.0 98 - Remove 'pseudo_rand_bytes()' (deprecated in libssl) 99 - Work around missing EVP_CIPH_GCM_MODE in OpenSSL 1.0.0 100 - Add read_pkcs12() and write_pkcs12() functions 101 - Add read_pem() for debugging PEM files 102 - Add base methods [, [[, $, names, .DollarNames for keys and certificates 103 - Update libssl on Windows to 1.0.2h 104 - Add #define _POSIX_C_SOURCE in ssl.c to ensure getaddrinfo() is available 105 - Add as.character.hash method for raw hashes 106 - Clear error buffer when raising an error 107 1080.9.4 109 - Fix ec_keygen() for old versions of OpenSSL 110 - Added aes_ctr() and aes_gcm() modes 111 - Added aes_keygen() 112 - Added bignum_mod_inv() 113 - Internal tools for JWT/JWK support (see pkg: jose) 114 1150.9.3 116 - Added ec_dh() function for ECDH 117 - Added --atleast-version=1.0 to pkg-config in configure script 118 - Switch as.list(cert) to RFC2253 format for 'subject' and 'issuer' fields 119 1200.9.2 121 - Disable EC stuff for OPENSSL_NO_EC (needed on some Solaris / Gentoo) 122 - Added openssl_config() function to test if libssl is built with EC support 123 - Make configure script bourne compatible (remove bash shebang) 124 - Tweak for OpenBSD in ssl.c 125 - Added sha224, sha384 and sha2 functions 126 - Export the fingerprint function 127 1280.9.1 129 - Fix for getaddrinfo() in Solaris 130 - Use the configurable askpass() for password prompt 131 1320.9 133 - Switched download_ssl_cert to getaddrinfo() api for ipv6 support 134 - Fix for example for naming conflict with new digest package 135 1360.8 137 - Configure script now checks for OpenSSL minimum version 1.0.0 138 1390.7 140 - Breaking change: hash functions now use hmac 'key' instead of a 'salt' 141 - The my_key() and my_pubkey() functions now work as documented 142 - as.list(cert) add alt_names field for https certs with multiple domains 143 - added export_pem for certificates 144 1450.6 146 - Added --force-bottle to autobrew installer 147 - Use nonblocking socket in ssl to set connection timeout 148 - Fix UBSAN problem in ssl.c 149 - Fix ASAN problem in hash.c 150 1510.5 152 - Major overhaul, add encryption, signature, cert stuff 153 - Upgrade libssl and libcrypto on windows to 1.0.2d 154 1550.4 156 - Added base64 functions 157