Changes in version 2.4.2 o Added rsa_sign() to bypass FIPS when using legacy hashes Changes in version 2.4.1 (2026-05-14) o Fix build on msys2 with dynamic openssl Changes in version 2.4.0 (2026-04-15) o Small fixes for OpenSSL 4 Changes in version 2.3.5 (2026-02-26) o Windows: add workaround for 'bcrypt' name conflict Changes in version 2.3.4 (2025-09-30) o Fix build on legacy openssl 1.0.2 Changes in version 2.3.3 (2025-05-26) o Fix a unit test for CRAN Fedora builds Changes in version 2.3.2 (2025-02-03) o Remove R_unload_openssl() as it may interfere with other packages o Windows: update to openssl 3.4.0 and fix build on compilers without zlib Changes in version 2.3.1 (2025-01-09) o Fix case base64_decode(NA) for libssl 3.4.0 (#130) o Refactor to build with R_NO_REMAP Changes in version 2.3.0 (2024-12-16) o Windows: use OpenSSL from Rtools if found Changes in version 2.2.2 (2024-09-20) o Reduce test verbosity per CRAN request o Update maintainer email address Changes in version 2.2.1 (2024-08-16) o Skip some legacy sha1 tests on Redhat systems to fix #125 Changes in version 2.2.0 (2024-05-16) o Use new EVP_MD_fetch() api on libssl 3 to find non-default algorithms. o Add keccak() hash function o MacOS/Windows: update to OpenSSL 3.3.0 Changes in version 2.1.2 (2024-04-21) o MacOS: avoid linking against legacy versions of openssl Changes in version 2.1.1 (2023-09-25) o Windows: update to openssl 3.1.2 + arm support Changes in version 2.1.0 (2023-07-15) o Windows and autobrew binaries have been bumped to libssl 3.1.1. (MacOS CRAN binaries use libssl from CRAN 'recipes' which is currently libssl 1.1.1) o Added sha3() function Changes in version 2.0.6 (2023-03-09) o Add new functions pkcs7_encrypt and pkcs7_decrypt o Fix snprintf bug in hash functions Changes in version 2.0.5 (2022-12-06) o Replace sprintf with snprintf for CRAN Changes in version 2.0.4 (2022-10-17) o Fix strict-prototype warnings for CRAN Changes in version 2.0.3 (2022-09-14) o New function write_openssh_pem to support ed25519 in libssh2/gert Changes in version 2.0.2 (2022-05-24) o Disable tests that require internet access to comply with AON policy Changes in version 2.0.1 (2022-05-14) o Fix a unit test for a changed error message in openssl 3.0.2 Changes in version 2.0.0 (2022-03-02) o The default fingerprint() for keys has changed from md5 to sha256. This is a breaking change, but in line with other software phasing out md5, and needed to support systems where use of MD5 has been disabled to comply with FIPS. o Make the test-suite pass under FIPS on RHEL 8. o New family of ssl_ctx functions to manipulate an SSL context from inside curl https requests. o Rd manuals have been markdownified Changes in version 1.4.6 (2021-12-19) o Update unit tests to new pki.goog test servers Changes in version 1.4.5 (2021-09-02) o Tweaks and fixes for upcoming OpenSSLv3. Once OpenSSLv3 is released we should port the deprecated functions, but for now we keep supporting OpenSSL 1.0.2. Changes in version 1.4.4 (2021-04-30) o Fix rand_bytes for large input o Remove some legacy Windows workarounds from R 3.2 o Windows: upgrade libs to openssl 1.1.1k Changes in version 1.4.3 (2020-09-18) o Fix a harmless compiler warning for CRAN Changes in version 1.4.2 (2020-06-27) o Catch FIPS errors and add FIPS flag to openssl_config() o Win/Mac: update binary packages to openssl 1.1.1g o Early preparations for upcoming OpenSSL 3 Changes in version 1.4.1 (2019-07-18) o write_pkcs1 now supports RSA/DSA/EC keys for legacy ssh compatibility o as.list.cert() gains a parameter 'name_format' to control printing #72 Changes in version 1.4.0 o Expose ed25519 and x25519 functions for signatures and diffie hellman using curve25519. This is only supported when building against version 1.1.1 or newer of the openssl library. o Unit tests for curve25519 (this requires sodium) Changes in version 1.3.0 o read_key() now supports the new openssh private key format o Added bcrypt KDF which is needed to read the new openssh keys Changes in version 1.2.2 (2019-03-01) o Fix double free crash with libssl 1.1.1b Changes in version 1.2.1 (2019-01-17) o Hotfix release for crash in ecdsa_write() Changes in version 1.2 (2019-01-16) o askpass() has been moved into its own package and gains native programs for MacOS and Windows. o Added ecdsa_parse() and ecdsa_write() to support JWT signatures (jose pkg) Changes in version 1.1 (2018-11-15) o MacOS and Windows binaries now ship with libssl 1.1.1 (TLS 1.3 support) o Windows (breaking): my_key() and my_pubkey() now interpret ~/ as windows home dir instead of documents dir, for compatibility with other software. o my_pubkey() no longer uses USER_PUBKEY but instead USER_KEY + ".pub" o Use the OpenSSL 1.1 API in LibreSSL 2.7 o Suppress echo in askpass if stdin is a tty Changes in version 1.0.2 (2018-07-30) o Improve system error messages in download_ssl_cert() o Fix unit test (password error message) for libcrypto 1.1.1 Changes in version 1.0.1 (2018-03-03) o Fix a unit test from http://pki.goog/ (google changed servers) Changes in version 1.0 (2018-02-02) o Add the 'name' field to read_p12() output o Add write_pkcs1() for legacy OpenSSH keys o Fix unit tests using http://pki.goog/ (Google changed crt files to DER) Changes in version 0.9.9 (2017-11-10) o Workaround failing test on Mavericks due to IPv6 firewall issue Changes in version 0.9.8 (2017-11-03) o Fix build on OSX Mavericks Changes in version 0.9.7 (2017-09-06) o Configure script checks SHLIB_VERSION_NUMBER to find matching lib o Added internal stopifnot() replacement to give more helpful error mesasges o Add live SSL unit tests from https://pki.goog o Fix for OpenBSD/FreeBSD (#41) o Added as.integer.bignum() method o Update maintainer email address o Add symbol registration call in R_init_openssl o Reject empty digests when signing (#44) o Use OPENSSL_free to free OpenSSL's allocations (#44) o Cleanups for ec_keygen() (#44) o Windows: update OpenSSL to 1.1.0f Changes in version 0.9.6 (2016-12-31) o Add read_p7b() and write_p7b() for certificate bundles o Rename read_pkcs12 / write_pkcs12 to read_p12 / write_p12 o More unit test for rountripping certs o Workaround for PEM files with "RSA PUBLIC KEY" instead of "PUBLIC KEY" header o Fix example in bignum vignette for OpenSSL 1.1.0 (increase RSA key size) o Sync bundled cacert.pem with Mozilla as of: Wed Sep 14 03:12:05 2016 o Added blake2b and blake2s hash functions (only available in libssl 1.1) o Fix support for LibreSSL o Windows: update libssl/libcrypto to 1.1.0c Changes in version 0.9.5 (2016-10-28) o Support for new API in OpenSSL 1.1.0 o Remove 'pseudo_rand_bytes()' (deprecated in libssl) o Work around missing EVP_CIPH_GCM_MODE in OpenSSL 1.0.0 o Add read_pkcs12() and write_pkcs12() functions o Add read_pem() for debugging PEM files o Add base methods [, [[, $, names, .DollarNames for keys and certificates o Update libssl on Windows to 1.0.2h o Add #define _POSIX_C_SOURCE in ssl.c to ensure getaddrinfo() is available o Add as.character.hash method for raw hashes o Clear error buffer when raising an error Changes in version 0.9.4 (2016-05-25) o Fix ec_keygen() for old versions of OpenSSL o Added aes_ctr() and aes_gcm() modes o Added aes_keygen() o Added bignum_mod_inv() o Internal tools for JWT/JWK support (see pkg: jose) Changes in version 0.9.3 (2016-05-04) o Added ec_dh() function for ECDH o Added --atleast-version=1.0 to pkg-config in configure script o Switch as.list(cert) to RFC2253 format for 'subject' and 'issuer' fields Changes in version 0.9.2 (2016-02-26) o Disable EC stuff for OPENSSL_NO_EC (needed on some Solaris / Gentoo) o Added openssl_config() function to test if libssl is built with EC support o Make configure script bourne compatible (remove bash shebang) o Tweak for OpenBSD in ssl.c o Added sha224, sha384 and sha2 functions o Export the fingerprint function Changes in version 0.9.1 (2016-01-18) o Fix for getaddrinfo() in Solaris o Use the configurable askpass() for password prompt Changes in version 0.9 (2016-01-13) o Switched download_ssl_cert to getaddrinfo() api for ipv6 support o Fix for example for naming conflict with new digest package Changes in version 0.8 (2015-12-15) o Configure script now checks for OpenSSL minimum version 1.0.0 Changes in version 0.7 o Breaking change: hash functions now use hmac 'key' instead of a 'salt' o The my_key() and my_pubkey() functions now work as documented o as.list(cert) add alt_names field for https certs with multiple domains o added export_pem for certificates Changes in version 0.6 (2015-11-18) o Added --force-bottle to autobrew installer o Use nonblocking socket in ssl to set connection timeout o Fix UBSAN problem in ssl.c o Fix ASAN problem in hash.c Changes in version 0.5 (2015-11-15) o Major overhaul, add encryption, signature, cert stuff o Upgrade libssl and libcrypto on windows to 1.0.2d Changes in version 0.4 (2015-05-11) o Added base64 functions