1.5.2 - 2025-01-10
- pkey.new() failed, if compile pkey.lua to LuaJIT bytecode (#193) 085f329
- pkey: fix compose of ecx key not effective 1dd84ae
1.5.1 - 2024-07-25
1.5.0 - 2024-07-23
- asn1: correct time_t to be 64 bits type (#171) 7d6d8b5
- bn: fix potential use-after-free in bn.new (#177) 224fae6
- objects: fix a buffer overflow issue in find_sigid_algs. (#175) d94064c
- param: fix issue when gettable schema may be overwritten by settable schema 7669555
- param: save converted value to prevent potential use-after-free 8c366c2
- pkey: fix potential use-after-free in pkey.paramgen (#176) e924ee0
- x509.*: fix potential use-after-free when get or set subject_alt_name, info_access and dist_points 407d31e
- x509.csr: fix potential use-after-free in set_extension and add_extension a0711de
- x509.store: fix potential use-after-free in store:verify and store:check_revocation b16f759
- x509.store: fix the string is not NUL terminated in set_purpose (#174) a88f1ba
1.4.0 - 2024-05-27
- ec: add missing cdef for EC_POINT_free 2093e88
1.3.1 - 2024-04-22
- aux/jwk: remove ecx.d if exporting as public key 9d34ff8
- aux/nginx: fix the typo of get_socket_ssl in the stream module ad18b3c
- aux/nginx: remove extra sanity test that prevent usage of lua-kong-nginx-module 2323526
1.3.0 - 2024-04-15
1.2.1 - 2024-02-27
- aux/nginx: support openresty 1.25.3 in FFI path 90b0a47
1.2.0 - 2023-12-28
- compat: works better with plain luajit d23b34a
- bn: add from_mpi, to_mpi and set API 073c943
- cipher: add set_buffer_size API 3d0a51c
- mac: add reset API 40fdbbb
- openssl: list functions can now optionally drop provider name b36ccba
1.1.0 - 2023-12-15
- err: standardize error format and add new API to get reason and library name d155657
- pkey: support pass in ctrl str options 2e401b3
1.0.2 - 2023-11-21
1.0.1 - 2023-11-07
1.0.0 - 2023-11-03
- fips: add get_fips_version_text 935227b
0.8.26 - 2023-10-30
- version: add support for all 3.x versions 1516b4d
- x509.csr: remove extension before adding it d6ed964
0.8.25 - 2023-09-05
0.8.24 - 2023-08-07
- ssl: support ngx_lua 10025 abaa66e
0.8.23 - 2023-06-20
- tests: add performance test (#112) 100b4e4
- x509.store: add store:check_revocation and add flag to skip check CRL for store:add (#1) 1a5a4c8
0.8.22 - 2023-04-26
0.8.21 - 2023-03-24
0.8.20 - 2023-03-10
0.8.19 - 2023-03-10
0.8.18 - 2023-03-04
- bn: to_binary supports left padding of zeros d59cac9
- pkey: allow to convert to and from binary format of ecdsa signature 9a20323
0.8.17 - 2023-01-20
0.8.16 - 2022-12-20
0.8.15 - 2022-10-28
0.8.14 - 2022-10-21
0.8.13 - 2022-10-14
- x509.altname: support set and get IP addresses (#74) 363c80d
- x509.store: add set_flags (#77) 8f3f16a
0.8.11 - 2022-10-12
- *: reuse cdata to improve performance fc9cecd
0.8.10 - 2022-06-24
- x509: add get_signature_digest_name d54b5d6
0.8.9 - 2022-06-23
- aux/nginx: add nginx 1.21.4 and ngx_lua 0.10.21 to support matrix 028da56
0.8.8 - 2022-04-14
- ctx: use global ctx where request is unavailable e3590cf
- x509.extension: correct X509V3_CTX size for OpenSSL 3.0 0946c59
- x509.extension: add X509V3_set_issuer_pkey in OpenSSL 3.0 dbd3f74
- x509.store: add set_purpose and verify_method parameter b7500fe
0.8.7 - 2022-03-18
- x509.crl: add functions to find and inspect revoked list in CRL 37c1661
0.8.6 - 2022-03-16
- obj: clean up stale error occured from OBJ_txt2* 219a2f0
- pkey: clear_error in passphrase type mismatch 8577422
- x509.*: move clear_error to last when loading 369eea1
- openssl: add function to list SSL ciphers 9861af1
- ssl: refine various handshake controlling functions 30bf41e
0.8.5 - 2022-02-02
- *: correct size type in cipher, hmac and rand in BoringSSL 54ce5f0
- bn: use BN_check_prime in OpenSSL 3.0 8c107e3
- kdf: correct FFI definition for BoringSSL 30ba7cf
- stack: correct indices to use size_t in BoringSSL 526ecb8
- *: add more modules for OSSL_LIB_CTX support 35f4bcb
0.8.4 - 2021-12-20
- x509.*: use SHA256 as default sign digest in BoringSSL 355681a
- pkey: add pkey:get_default_digest_type 0572e57
0.8.3 - 2021-12-16
- hmac: include evp.md headers 125ea05
0.8.2 - 2021-11-22
- jwk: fix typo of secp521r1 81d2a64
0.8.1 - 2021-11-05
- ssl_ctx: fix typo when getting SSL_CTX from request 7b9e90f
- ctx: add ctx module to provide OSSL_LIB_CTX context 65750bf
0.8.0 - 2021-10-29
- *: move EVP_* definition into seperate files e0c3d61
- auxiliary/nginx: set off_t to 64bit per nginx config (#32) 8c209fa
- pkey: allow sign/verify without md_alg for EdDSA on BoringSSL ab83fd4
- x509: compatibility for BoringSSL 1.1.0 (fips-20190808) 84244af
- evp: add geneirc function to get and set params c724e1d
- kdf: add new API with EVP_KDF interfaces 2336ae3
- mac: add EVP_MAC 0625be9
- openssl: add function list mac and kdf algorithms and set properties for EVP algorithm fetches 0ed8316
- openssl: support FIPS in OpenSSL 3.0 beb3ad3
- param: add new function to use OSSL_PARAM 5ffbbcc
- provider: cipher, digest, kdf, pkey and x509 can now fetch by provider and has new get_provider_name function 52938ca
0.7.5 - 2021-09-18
0.7.4 - 2021-08-02
- extension: fallback to ASN1_STRING_print in extension:text where X509V3_EXT_print is not available f0268f5
0.7.3 - 2021-06-29
- pkey: only pass in passphrase/passphrase_cb to PEM_* functions 6a56494
- pkey: avoid callbacks overflow when setting passphrase_cb e8aec4e
- pkey: allow to specify digest type and padding scheme in sign/verify ff982ba
0.7.2 - 2021-03-25
- *: redefine callback functions to a style FFI will not overflow f91202c
0.7.1 - 2021-03-18
- altname: return unsupported as value in not implemented types ef5e1ed
- auxiliary/nginx: typo in error message 4bd22d8
0.7.0 - 2021-02-19
- csr: count extension count in openssl 3.0 5af0f4b
- csr: BREAKING: remove csr:set_subject_alt function 513fd8a
- openssl: include crypto header in openssl.lua ef54bf7
- openssl: BREAKING: not load sub modules by default a402f05
- *: support BoringSSL 9c4e5dc
- bn: add generate_prime 2cc77a4
- openssl: add function to list supported cipher and digest algorithms 5bdc2a4
- openssl: add function to get and set fips mode f6de183
0.6.11 - 2021-01-21
- aux/nginx: only show warning message when function is being called 9964a6d
- openssl: not load ssl modules by default 390ad79
- ssl: add function to free the verify callback function 62dc81a
0.6.10 - 2021-01-12
- pkcs12: allow to define algorithm to encrypt key and cert b9678ce
- pkcs12: check on cert and key mismatch 5953cc2
- pkcs12: encode and decode for pkcs12 1467579
- pkey: add is_private function to check if it's a private key eb6cc1c
- ssl: add the ssl and ssl_ctx module 40f3999
0.6.9 - 2020-11-09
- *: not mutating tables when doing pairs to avoid missing of iterration 836d5c9
- pkey: fix typo in paramgen error message d341246
- tests: openssl3.0 alpha7 5caa0e6
- x509.altname: organize GC handling better f5a138c
- provider: add the provider module dff92af
- x509.*: add get_signature_nid and get_signature_name a35ae0a
0.6.8 - 2020-10-15
- pkey: correctly free parameter after new parameters are set for RSA and DH keys on OpenSSL 1.0.2 32d8c12
- tests: sort json in tests aeeb7c3
- pkey: allow to pass params for EC and DH keygen e9aa7c7
- pkey: get and set DH parameters ebaad8d
- pkey: support DH key and paramgen f4661c6
- pkey: support one shot signing for all key types 79ca0d4
0.6.7 - 2020-10-08
- pkey: sign_raw and verify_recover 90ed1b6
0.6.6 - 2020-09-29
- *: export tostring for x509.name and x509.altname 6143659
- kdf: fix HKDF potential buffer overflow da6f420
- x509.name: potential memory leak in x509.name:find() ac51fb1
- x509.store: return all error on load_file or add failure a4ee237
- x509.extension: support create by ASN.1 octet string and nconf 7d8e81f
0.6.5 - 2020-09-16
- *: x509.* set should return true on success 2a09575
0.6.4 - 2020-08-27
- x509.csr: finish {set,add}_extension functions d34b702
- x509.extension: add ability to convert to other data type 15a5c7f
0.6.3 - 2020-08-10
- *: cleanup and centralize ffi.typeof 5cbc247
- *: remove hack for openssl 3.0 around broken EVP_PKEY_base_id 33181c3
- cipher: use CipherFinal_ex and make test more robust 61fa022
- openssl: correctly check error for getting version num (#6) 6a4b9e6
- tests: pin lua-nginx-module and lua-resty-core 010b37e
- tests: make pkey parameter test less flaky d023edc
- x509.*: pass correct digest parameter to sign 982ad48
- *: support reset for hmac and digest 37ba4b0
- *: initial support for OpenSSL 3.0 be5dc10
- x509.csr: add get_extension and get_extensions function 638ca46
- x509.extensions: finish the stack implementation f4cf725
- x509.revoked: add the x509.revoked module 58f0ce1
0.6.2 - 2020-05-13
- *: add prefix to all error messages 8f52c25
- cipher: AEAD modes with authentication fd7471e
- pkey: support one shot sign/verify for Ed25519 and Ed448 keys 2565e85
- pkey: support key derivation for EC, X25519 and X448 keys 0c0d941
- pkey: output pkey to DER and JWK format 8da24a5
- pkey: load EC key from JWK format df0c06f
- pkey: set/get_parameters for EC key 67d54c8
- pkey: load RSA key from JWK format dc118b3
- pkey: add function to set rsa parameter 867fa10
0.6.1 - 2020-05-08
- x509: fail soft when CRL is not set 2f2eb5e
0.6.0 - 2020-03-11
- bn: mathematics, bit shift and comparasion operations 87bf557
- kdf: use give id as type parameter 0e767d0
- kdf: kdf.derive in luaossl compat mode 45788b6
0.6.0-rc.0 - 2020-03-02
0.5.4 - 2020-02-27
- store: set X509_V_FLAG_CRL_CHECK flag if a crl is added 88574d5
- x509.*: returns soft error if extension is not found a0a75aa
0.5.3 - 2020-02-22
- openssl: lua-resty-hmac compat fad844f
0.5.2 - 2020-02-09
- pkey: decrease copy by 1 when generating key bcc38e9
- x509.extension: allow to create an extension by NID 6d66a2d
0.5.1 - 2020-02-04
- x509.crl: fix creating empty crl instance 046ca36
0.5.0 - 2020-02-03
- *: add missing crl.dup function, organize store:add gc handler 6815e5d
- asn1: support GENERALIZEDTIME string format 8c7e2d6
- error: return latest error string not earliest in some cases 0b5955d
- stack: protective over first argument bf455ff
- x509: guard around oscp stack index 1b59b85
- x509.store: correctly save x509 instance references d8d755f
- *: add iterater and helpers for stack-like objects 46bb723
- autogen: generate tests for x509, csr and crl 1392428
- objects: add helper function for ASN1_OBJECT d037706
- pkey: asymmetric encryption and decryption 6d60451
- x509: add get_ocsp_url and get_crl_url 6141b6f
- x509: getter/setters for extensions 243f40d
- x509.altname: support iterate and decode over the stack 083a201
- x509.crl: add crl module 242f8cb
- x509.csr: autogen some csr functions as well 9800e36
- x509.extension: decode object, set/get critical flag and get text representation 8cb585f
- x509.extension: add x509.extension.dist_points and x509.extension.info_access 63d3992
0.4.4 - 2020-02-27
- pkey: clean up errors when trying loading key types 7b3d351
0.4.3 - 2020-01-15
- asn1: support GENERALIZEDTIME string format cc6326f
0.4.2 - 2020-01-06
- bn: memory leak in bn:to_hex 6718e9e
- compat: refine luaossl compat mode 0d86eb5
- openssl: typo in luaossl_compat #1 1c3ea60
- x509: memory leak in x509:set_not_(before|after) b4a32f8
- x509: and missing x509.get_serial_number code e7d0fb6
- x509.csr: correctly gc extension ece5be3
- x509.store: memory leak in store:add 57815dd
0.4.1 - 2019-12-24
- x509: correct X509_add1_ext_i2d include path b08b312
- x509: getters for basic constraints and basic constraints critical 82f5725
0.4.0 - 2019-12-20
- *: add x509.digest and bn.to_hex 11ea9ae
- version: add function to print human readable version 7687573
- x509: add x509 stack (chain) support 72154fc
- x509.chain: allow to duplicate a stack 3fa19b7
- x509.name: allow to iterate over objects and find objects 714a1e5
- x509.store: support certificate verification c9dd4bf
0.3.0 - 2019-12-12
0.2.1 - 2019-10-22
- x509: decrease by set_version by 1 per standard b6ea5b9