- Update to 3.2.0:
  * The BLAKE2b hash algorithm supports a configurable output length
    by setting the "size" parameter.
  * Enable extra Arm64 optimization on Windows for GHASH, RAND and
    AES.
  * Added a function to delete objects from store by URI -
    OSSL_STORE_delete() and the corresponding provider-storemgmt API
    function OSSL_FUNC_store_delete().
  * Added OSSL_FUNC_store_open_ex() provider-storemgmt API function to
    pass a passphrase callback when opening a store.
  * Changed the default salt length used by PBES2 KDF's (PBKDF2 and
    scrypt) from 8 bytes to 16 bytes. The PKCS5 (RFC 8018) standard
    uses a 64 bit salt length for PBE, and recommends a minimum of 64
    bits for PBES2. For FIPS compliance PBKDF2 requires a salt length
    of 128 bits. This affects OpenSSL command line applications such
    as "genrsa" and "pkcs8" and API's such as
    PEM_write_bio_PrivateKey() that are reliant on the default value.
    The additional commandline option 'saltlen' has been added to the
    OpenSSL command line applications for "pkcs8" and "enc" to allow
    the salt length to be set to a non default value.
  * Changed the default value of the ess_cert_id_alg configuration
    option which is used to calculate the TSA's public key
    certificate identifier. The default algorithm is updated to be
    sha256 instead of sha1.
  * Added optimization for SM2 algorithm on aarch64. It uses a huge
    precomputed table for point multiplication of the base point,
    which increases the size of libcrypto from 4.4 MB to 4.9 MB. A
    new configure option no-sm2-precomp has been added to disable the
    precomputed table.
  * Added client side support for QUIC

• Files Changed
• Browse Source