More information
#### Details
`SubjectAlternativeName` and `ExtendedKeyUsage` arguments were parsed using the OpenSSL function `X509V3_EXT_nconf`. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads.
Thanks to David Benjamin (Google) for reporting this issue.
#### Severity
High
#### References
- [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854)
- [https://github.com/sfackler/rust-openssl](https://togithub.com/sfackler/rust-openssl)
- [https://rustsec.org/advisories/RUSTSEC-2023-0023.html](https://rustsec.org/advisories/RUSTSEC-2023-0023.html)
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-9qwg-crg9-m2vc) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
opensslX509NameBuilder::build returned object is not thread safe
More information
#### Details
OpenSSL has a `modified` bit that it can set on on `X509_NAME` objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.
Thanks to David Benjamin (Google) for reporting this issue.
#### Severity
Moderate
#### References
- [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854)
- [https://rustsec.org/advisories/RUSTSEC-2023-0022.html](https://rustsec.org/advisories/RUSTSEC-2023-0022.html)
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-3gxf-9r58-2ghg) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
opensslX509Extension::new and X509Extension::new_nid null pointer dereference
More information
#### Details
These functions would crash when the context argument was None with certain extension types.
Thanks to David Benjamin (Google) for reporting this issue.
#### Severity
Unknown
#### References
- [https://crates.io/crates/openssl](https://crates.io/crates/openssl)
- [https://rustsec.org/advisories/RUSTSEC-2023-0024.html](https://rustsec.org/advisories/RUSTSEC-2023-0024.html)
- [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854)
This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0024) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).
opensslX509Extension::new and X509Extension::new_nid null pointer dereference
More information
#### Details
These functions would crash when the context argument was None with certain extension types.
Thanks to David Benjamin (Google) for reporting this issue.
#### Severity
High
#### References
- [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854)
- [https://github.com/sfackler/rust-openssl](https://togithub.com/sfackler/rust-openssl)
- [https://rustsec.org/advisories/RUSTSEC-2023-0024.html](https://rustsec.org/advisories/RUSTSEC-2023-0024.html)
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-6hcf-g6gr-hhcr) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
opensslSubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read
More information
#### Details
`SubjectAlternativeName` and `ExtendedKeyUsage` arguments were parsed using the OpenSSL
function `X509V3_EXT_nconf`. This function parses all input using an OpenSSL mini-language
which can perform arbitrary file reads.
Thanks to David Benjamin (Google) for reporting this issue.
#### Severity
Unknown
#### References
- [https://crates.io/crates/openssl](https://crates.io/crates/openssl)
- [https://rustsec.org/advisories/RUSTSEC-2023-0023.html](https://rustsec.org/advisories/RUSTSEC-2023-0023.html)
- [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854)
This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0023) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).
opensslX509NameBuilder::build returned object is not thread safe
More information
#### Details
OpenSSL has a `modified` bit that it can set on on `X509_NAME` objects. If this
bit is set then the object is not thread-safe even when it appears the code is
not modifying the value.
Thanks to David Benjamin (Google) for reporting this issue.
#### Severity
Unknown
#### References
- [https://crates.io/crates/openssl](https://crates.io/crates/openssl)
- [https://rustsec.org/advisories/RUSTSEC-2023-0022.html](https://rustsec.org/advisories/RUSTSEC-2023-0022.html)
- [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854)
This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0022) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).
More information
#### Details
When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte.
#### Severity
Moderate
#### References
- [https://github.com/sfackler/rust-openssl/issues/1965](https://togithub.com/sfackler/rust-openssl/issues/1965)
- [https://github.com/sfackler/rust-openssl/pull/1968](https://togithub.com/sfackler/rust-openssl/pull/1968)
- [https://github.com/sfackler/rust-openssl](https://togithub.com/sfackler/rust-openssl)
- [https://rustsec.org/advisories/RUSTSEC-2023-0044.html](https://rustsec.org/advisories/RUSTSEC-2023-0044.html)
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-xcf7-rvmh-g6q4) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
More information
#### Details
When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte.
#### Severity
Unknown
#### References
- [https://crates.io/crates/openssl](https://crates.io/crates/openssl)
- [https://rustsec.org/advisories/RUSTSEC-2023-0044.html](https://rustsec.org/advisories/RUSTSEC-2023-0044.html)
- [https://github.com/sfackler/rust-openssl/issues/1965](https://togithub.com/sfackler/rust-openssl/issues/1965)
This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0044) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).
More information
#### Details
This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound.
Use of this function should be replaced with `X509StoreRef::all_certificates`.
#### Severity
Unknown
#### References
- [https://crates.io/crates/openssl](https://crates.io/crates/openssl)
- [https://rustsec.org/advisories/RUSTSEC-2023-0072.html](https://rustsec.org/advisories/RUSTSEC-2023-0072.html)
- [https://github.com/sfackler/rust-openssl/issues/2096](https://togithub.com/sfackler/rust-openssl/issues/2096)
This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0072) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).
Release Notes
sfackler/rust-openssl (openssl)
### [`v0.10.64`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.64)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64)
#### What's Changed
- Make \_STACK opaque for LibreSSL >= 3.9.0 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2153](https://togithub.com/sfackler/rust-openssl/pull/2153)
- enable x509 verify and groups list for boringssl by [@zh-jq](https://togithub.com/zh-jq) in [https://github.com/sfackler/rust-openssl/pull/2155](https://togithub.com/sfackler/rust-openssl/pull/2155)
- Cleanup some not-required Path::new invocations by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2158](https://togithub.com/sfackler/rust-openssl/pull/2158)
- fixed a clippy (nightly) warning by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2161](https://togithub.com/sfackler/rust-openssl/pull/2161)
- Bump actions versions by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2162](https://togithub.com/sfackler/rust-openssl/pull/2162)
- Add support for setting the nonce type and digest on a PKEY_CTX by [@facutuesca](https://togithub.com/facutuesca) in [https://github.com/sfackler/rust-openssl/pull/2144](https://togithub.com/sfackler/rust-openssl/pull/2144)
- rebuild openssl-sys if the underlying openssl has changed by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/2157](https://togithub.com/sfackler/rust-openssl/pull/2157)
- Added binding for EVP_default_properties_enable_fips by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2168](https://togithub.com/sfackler/rust-openssl/pull/2168)
- LibreSSL 3.9: fix CRYPTO_malloc/free signatures by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2170](https://togithub.com/sfackler/rust-openssl/pull/2170)
- Expose alias on X509 structs by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2167](https://togithub.com/sfackler/rust-openssl/pull/2167)
- bump openssl and openssl-sys + changelogs by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/2175](https://togithub.com/sfackler/rust-openssl/pull/2175)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64
### [`v0.10.63`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.63)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63)
#### What's Changed
- Allow passing a passphrase callback when loading a public key by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2135](https://togithub.com/sfackler/rust-openssl/pull/2135)
- Expose several additional ciphers for symmetry with symm by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2140](https://togithub.com/sfackler/rust-openssl/pull/2140)
- brew: add openssl@3.0 (for 3.0.x LTS releases) by [@chenrui333](https://togithub.com/chenrui333) in [https://github.com/sfackler/rust-openssl/pull/2141](https://togithub.com/sfackler/rust-openssl/pull/2141)
- Add PKey::from_dhx by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2142](https://togithub.com/sfackler/rust-openssl/pull/2142)
- Make X509\_PURPOSE opaque for LibreSSL >= 3.9.0 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2145](https://togithub.com/sfackler/rust-openssl/pull/2145)
- PEM parsing: check last error instead of first by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2148](https://togithub.com/sfackler/rust-openssl/pull/2148)
- Expose brainpool NIDs on libressl by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2150](https://togithub.com/sfackler/rust-openssl/pull/2150)
- Add two methods to the PKCS7 API by [@facutuesca](https://togithub.com/facutuesca) in [https://github.com/sfackler/rust-openssl/pull/2111](https://togithub.com/sfackler/rust-openssl/pull/2111)
- add more boringssl methods by [@zh-jq](https://togithub.com/zh-jq) in [https://github.com/sfackler/rust-openssl/pull/2138](https://togithub.com/sfackler/rust-openssl/pull/2138)
- Release openssl v0.10.63 and openssl-sys v0.9.99 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2152](https://togithub.com/sfackler/rust-openssl/pull/2152)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63
### [`v0.10.62`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.62)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62)
#### What's Changed
- fixes [#2119](https://togithub.com/sfackler/rust-openssl/issues/2119) -- use ErrorStack abstraction in X.509 error handling by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2120](https://togithub.com/sfackler/rust-openssl/pull/2120)
- Fix building with latest BoringSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2121](https://togithub.com/sfackler/rust-openssl/pull/2121)
- Fix tests on macOS by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2123](https://togithub.com/sfackler/rust-openssl/pull/2123)
- Upcoming API changes in LibreSSL 3.9 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2124](https://togithub.com/sfackler/rust-openssl/pull/2124)
- Add `rand_priv_bytes` by [@overvenus](https://togithub.com/overvenus) in [https://github.com/sfackler/rust-openssl/pull/2126](https://togithub.com/sfackler/rust-openssl/pull/2126)
- Add nid constant for curve brainpoolP320r1 by [@nicklaswj](https://togithub.com/nicklaswj) in [https://github.com/sfackler/rust-openssl/pull/2129](https://togithub.com/sfackler/rust-openssl/pull/2129)
- Release openssl v0.10.62 and openssl-sys v0.9.98 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2133](https://togithub.com/sfackler/rust-openssl/pull/2133)
#### New Contributors
- [@overvenus](https://togithub.com/overvenus) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2126](https://togithub.com/sfackler/rust-openssl/pull/2126)
- [@nicklaswj](https://togithub.com/nicklaswj) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2129](https://togithub.com/sfackler/rust-openssl/pull/2129)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62
### [`v0.10.61`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.61): openssl v0.10.61
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.60...openssl-v0.10.61)
### [`v0.10.60`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.60)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60)
#### What's Changed
- Correct off-by-one in minimum output buffer size computation by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2088](https://togithub.com/sfackler/rust-openssl/pull/2088)
- Expose a few more (bad) ciphers in cipher::Cipher by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2084](https://togithub.com/sfackler/rust-openssl/pull/2084)
- add temp key bindings by [@jmayclin](https://togithub.com/jmayclin) in [https://github.com/sfackler/rust-openssl/pull/2076](https://togithub.com/sfackler/rust-openssl/pull/2076)
- Expose ChaCha20 on LibreSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2093](https://togithub.com/sfackler/rust-openssl/pull/2093)
- Revert "Correct off-by-one in minimum output buffer size computation" by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2090](https://togithub.com/sfackler/rust-openssl/pull/2090)
- Added `update_unchecked` to `symm::Crypter` by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2100](https://togithub.com/sfackler/rust-openssl/pull/2100)
- fixes [#2096](https://togithub.com/sfackler/rust-openssl/issues/2096) -- deprecate `X509StoreRef::objects`, it is unsound by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2099](https://togithub.com/sfackler/rust-openssl/pull/2099)
- Don't leak when overwriting ex data by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2102](https://togithub.com/sfackler/rust-openssl/pull/2102)
- Release openssl v0.10.60 and openssl-sys v0.9.96 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2104](https://togithub.com/sfackler/rust-openssl/pull/2104)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60
### [`v0.10.59`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.59)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59)
#### What's Changed
- Add binding to NID of Chacha20-Poly1305 cipher by [@Arnavion](https://togithub.com/Arnavion) in [https://github.com/sfackler/rust-openssl/pull/2081](https://togithub.com/sfackler/rust-openssl/pull/2081)
- Fixed cfg for RSA_PSS by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2079](https://togithub.com/sfackler/rust-openssl/pull/2079)
- fixes [#2050](https://togithub.com/sfackler/rust-openssl/issues/2050) -- build and test on libressl 3.8.2 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2082](https://togithub.com/sfackler/rust-openssl/pull/2082)
- Release openssl v0.10.59 and openssl-sys v0.9.95 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2083](https://togithub.com/sfackler/rust-openssl/pull/2083)
#### New Contributors
- [@Arnavion](https://togithub.com/Arnavion) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2081](https://togithub.com/sfackler/rust-openssl/pull/2081)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59
### [`v0.10.58`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.58)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58)
#### What's Changed
- LibreSSL 3.8.1 support by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2035](https://togithub.com/sfackler/rust-openssl/pull/2035)
- Update vendored version to openssl 3 by [@amousset](https://togithub.com/amousset) in [https://github.com/sfackler/rust-openssl/pull/1925](https://togithub.com/sfackler/rust-openssl/pull/1925)
- Test against 3.2.0-alpha1 by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2037](https://togithub.com/sfackler/rust-openssl/pull/2037)
- Removed reference to non-existent method by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2039](https://togithub.com/sfackler/rust-openssl/pull/2039)
- Bump CI to 1.1.1w by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2040](https://togithub.com/sfackler/rust-openssl/pull/2040)
- \[openssl-sys] Add X509\_check\_{host,email,ip,ip_asc} fns by [@jgallagher](https://togithub.com/jgallagher) in [https://github.com/sfackler/rust-openssl/pull/2042](https://togithub.com/sfackler/rust-openssl/pull/2042)
- Expose CBC mode for several more (bad) ciphers by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2045](https://togithub.com/sfackler/rust-openssl/pull/2045)
- Expose two additional Pkey IDs by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2046](https://togithub.com/sfackler/rust-openssl/pull/2046)
- Add support for CRL extensions and the Authority Information Access eā¦ by [@AdmiralGT](https://togithub.com/AdmiralGT) in [https://github.com/sfackler/rust-openssl/pull/2003](https://togithub.com/sfackler/rust-openssl/pull/2003)
- Fix clippy warnings produced by newer Rust by [@wiktor-k](https://togithub.com/wiktor-k) in [https://github.com/sfackler/rust-openssl/pull/2052](https://togithub.com/sfackler/rust-openssl/pull/2052)
- Use osslconf on BoringSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2056](https://togithub.com/sfackler/rust-openssl/pull/2056)
- Make X509\_ALGOR opaque for LibreSSL by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2060](https://togithub.com/sfackler/rust-openssl/pull/2060)
- Don't ignore ECDSA tests without GF2m support by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2061](https://togithub.com/sfackler/rust-openssl/pull/2061)
- Clarify 'possible LibreSSL bug' by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2062](https://togithub.com/sfackler/rust-openssl/pull/2062)
- Enable BN_mod_sqrt() for upcoming LibreSSL 3.8.2 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2063](https://togithub.com/sfackler/rust-openssl/pull/2063)
- Enable SHA-3 for LibreSSL 3.8.0 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2064](https://togithub.com/sfackler/rust-openssl/pull/2064)
- Remove DH_generate_parameters for LibreSSL 3.8.2 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2065](https://togithub.com/sfackler/rust-openssl/pull/2065)
- Use EVP_MD_CTX\_{new,free}() in LibreSSL 3.8.2 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2067](https://togithub.com/sfackler/rust-openssl/pull/2067)
- Enable HKDF support for LibreSSL >= 3.6.0 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2066](https://togithub.com/sfackler/rust-openssl/pull/2066)
- Two build script fixes for LibreSSL by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2068](https://togithub.com/sfackler/rust-openssl/pull/2068)
- Respect OPENSSL_NO_OCB on AES functions by [@GuyLewin](https://togithub.com/GuyLewin) in [https://github.com/sfackler/rust-openssl/pull/2070](https://togithub.com/sfackler/rust-openssl/pull/2070)
- Support OPENSSL_NO_SCRYPT by [@GuyLewin](https://togithub.com/GuyLewin) in [https://github.com/sfackler/rust-openssl/pull/2071](https://togithub.com/sfackler/rust-openssl/pull/2071)
- Bump 3.2.0 beta by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2073](https://togithub.com/sfackler/rust-openssl/pull/2073)
- add security level bindings by [@jmayclin](https://togithub.com/jmayclin) in [https://github.com/sfackler/rust-openssl/pull/2074](https://togithub.com/sfackler/rust-openssl/pull/2074)
- Release openssl v0.10.58 and openssl-sys v0.9.94 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2078](https://togithub.com/sfackler/rust-openssl/pull/2078)
#### New Contributors
- [@amousset](https://togithub.com/amousset) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1925](https://togithub.com/sfackler/rust-openssl/pull/1925)
- [@jgallagher](https://togithub.com/jgallagher) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2042](https://togithub.com/sfackler/rust-openssl/pull/2042)
- [@AdmiralGT](https://togithub.com/AdmiralGT) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2003](https://togithub.com/sfackler/rust-openssl/pull/2003)
- [@botovq](https://togithub.com/botovq) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2060](https://togithub.com/sfackler/rust-openssl/pull/2060)
- [@GuyLewin](https://togithub.com/GuyLewin) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2070](https://togithub.com/sfackler/rust-openssl/pull/2070)
- [@jmayclin](https://togithub.com/jmayclin) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2074](https://togithub.com/sfackler/rust-openssl/pull/2074)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58
### [`v0.10.57`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.57)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.56...openssl-v0.10.57)
#### What's Changed
- Expose chacha20\_poly1305 on LibreSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2011](https://togithub.com/sfackler/rust-openssl/pull/2011)
- Add openssl::cipher_ctx::CipherCtx::clone by [@johntyner](https://togithub.com/johntyner) in [https://github.com/sfackler/rust-openssl/pull/2017](https://togithub.com/sfackler/rust-openssl/pull/2017)
- Add X509VerifyParam::set_email by [@dhouck](https://togithub.com/dhouck) in [https://github.com/sfackler/rust-openssl/pull/2018](https://togithub.com/sfackler/rust-openssl/pull/2018)
- Add perl-FindBin dep for fedora by [@JadedBlueEyes](https://togithub.com/JadedBlueEyes) in [https://github.com/sfackler/rust-openssl/pull/2023](https://togithub.com/sfackler/rust-openssl/pull/2023)
- Update to bitflags 2.2.1. by [@qwandor](https://togithub.com/qwandor) in [https://github.com/sfackler/rust-openssl/pull/1906](https://togithub.com/sfackler/rust-openssl/pull/1906)
- Release openssl v0.10.57 and openssl-sys v0.9.92 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2025](https://togithub.com/sfackler/rust-openssl/pull/2025)
#### New Contributors
- [@johntyner](https://togithub.com/johntyner) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2017](https://togithub.com/sfackler/rust-openssl/pull/2017)
- [@dhouck](https://togithub.com/dhouck) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2018](https://togithub.com/sfackler/rust-openssl/pull/2018)
- [@JadedBlueEyes](https://togithub.com/JadedBlueEyes) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2023](https://togithub.com/sfackler/rust-openssl/pull/2023)
- [@qwandor](https://togithub.com/qwandor) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1906](https://togithub.com/sfackler/rust-openssl/pull/1906)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.56...openssl-v0.10.57
### [`v0.10.56`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.56): openssl v0.10.56
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.55...openssl-v0.10.56)
### [`v0.10.55`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.55)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55)
#### What's Changed
- Fix warnings from BoringSSL on Rust 1.70 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1948](https://togithub.com/sfackler/rust-openssl/pull/1948)
- Honor OPENSSL_NO_OCB if OpenSSL was built this way by [@davidben](https://togithub.com/davidben) in [https://github.com/sfackler/rust-openssl/pull/1952](https://togithub.com/sfackler/rust-openssl/pull/1952)
- Fix some deprecated patterns when using BoringSSL by [@davidben](https://togithub.com/davidben) in [https://github.com/sfackler/rust-openssl/pull/1945](https://togithub.com/sfackler/rust-openssl/pull/1945)
- add get_asn1\_flag to EcGroupRef by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1947](https://togithub.com/sfackler/rust-openssl/pull/1947)
- Fixed type mutability on asn1\_flag by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1954](https://togithub.com/sfackler/rust-openssl/pull/1954)
- allow affine_coordinates on boring and libre by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1955](https://togithub.com/sfackler/rust-openssl/pull/1955)
- add support for EVP_PKEY_derive_set_peer_ex in OpenSSL 3 by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1956](https://togithub.com/sfackler/rust-openssl/pull/1956)
- Use type-safe wrappers instead of EVP_PKEY_assign by [@davidben](https://togithub.com/davidben) in [https://github.com/sfackler/rust-openssl/pull/1959](https://togithub.com/sfackler/rust-openssl/pull/1959)
- add Nid::SM2 and pkey Id::SM2 by [@zh-jq](https://togithub.com/zh-jq) in [https://github.com/sfackler/rust-openssl/pull/1962](https://togithub.com/sfackler/rust-openssl/pull/1962)
- Fix handling of empty host strings by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/1968](https://togithub.com/sfackler/rust-openssl/pull/1968)
- Remove old codes that belows supported Rust version. by [@tesuji](https://togithub.com/tesuji) in [https://github.com/sfackler/rust-openssl/pull/1966](https://togithub.com/sfackler/rust-openssl/pull/1966)
- Release openssl v0.10.55 and openssl-sys v0.9.89 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1970](https://togithub.com/sfackler/rust-openssl/pull/1970)
#### New Contributors
- [@davidben](https://togithub.com/davidben) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1952](https://togithub.com/sfackler/rust-openssl/pull/1952)
- [@tesuji](https://togithub.com/tesuji) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1966](https://togithub.com/sfackler/rust-openssl/pull/1966)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55
### [`v0.10.54`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.54)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54)
#### What's Changed
- Remove converting [PKCS#8](https://togithub.com/PKCS/rust-openssl/issues/8) passphrase to CString by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1941](https://togithub.com/sfackler/rust-openssl/pull/1941)
- Version bump for openssl v0.10.54 release by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1942](https://togithub.com/sfackler/rust-openssl/pull/1942)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54
### [`v0.10.53`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.53)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53)
#### What's Changed
- Check for OPENSSL_NO_RC4 when using EVP_rc4 by [@oskirby](https://togithub.com/oskirby) in [https://github.com/sfackler/rust-openssl/pull/1910](https://togithub.com/sfackler/rust-openssl/pull/1910)
- Fix link errors for X509\_get0\_authority_xxx methods on Ubuntu/bionic by [@oskirby](https://togithub.com/oskirby) in [https://github.com/sfackler/rust-openssl/pull/1909](https://togithub.com/sfackler/rust-openssl/pull/1909)
- add X509::pathlen by [@zh-jq-b](https://togithub.com/zh-jq-b) in [https://github.com/sfackler/rust-openssl/pull/1916](https://togithub.com/sfackler/rust-openssl/pull/1916)
- Add bindings to SSL_bytes_to_cipher_list by [@RoastVeg](https://togithub.com/RoastVeg) in [https://github.com/sfackler/rust-openssl/pull/1921](https://togithub.com/sfackler/rust-openssl/pull/1921)
- Add boringssl hkdf derivation by [@AndrewScull](https://togithub.com/AndrewScull) in [https://github.com/sfackler/rust-openssl/pull/1926](https://togithub.com/sfackler/rust-openssl/pull/1926)
- add other name support by [@huettner94](https://togithub.com/huettner94) in [https://github.com/sfackler/rust-openssl/pull/1915](https://togithub.com/sfackler/rust-openssl/pull/1915)
- LibreSSL 3.8.0 by [@vishwin](https://togithub.com/vishwin) in [https://github.com/sfackler/rust-openssl/pull/1935](https://togithub.com/sfackler/rust-openssl/pull/1935)
- add Dsa with some helper functions by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1937](https://togithub.com/sfackler/rust-openssl/pull/1937)
- reimplement Dsa::generate in terms of generate_params/generate_key by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1938](https://togithub.com/sfackler/rust-openssl/pull/1938)
- Added DER serialization for `DSAPrivateKey` by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1939](https://togithub.com/sfackler/rust-openssl/pull/1939)
- version bump 0.9.88 and 0.10.53 by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1940](https://togithub.com/sfackler/rust-openssl/pull/1940)
#### New Contributors
- [@oskirby](https://togithub.com/oskirby) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1910](https://togithub.com/sfackler/rust-openssl/pull/1910)
- [@zh-jq-b](https://togithub.com/zh-jq-b) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1916](https://togithub.com/sfackler/rust-openssl/pull/1916)
- [@RoastVeg](https://togithub.com/RoastVeg) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1921](https://togithub.com/sfackler/rust-openssl/pull/1921)
- [@huettner94](https://togithub.com/huettner94) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1915](https://togithub.com/sfackler/rust-openssl/pull/1915)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53
### [`v0.10.52`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.52)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.51...openssl-v0.10.52)
#### What's Changed
- Expose BigNum::to_vec_padded on libressl and boringssl by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1895](https://togithub.com/sfackler/rust-openssl/pull/1895)
- add support for DH check key by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1896](https://togithub.com/sfackler/rust-openssl/pull/1896)
- add poly1305 EVP_PKEY type by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1897](https://togithub.com/sfackler/rust-openssl/pull/1897)
- Don't restrict the Signer lifetime by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1898](https://togithub.com/sfackler/rust-openssl/pull/1898)
- add low level cmac bindings by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1899](https://togithub.com/sfackler/rust-openssl/pull/1899)
- Expose pbkdf2\_hmac and scrypt on BoringSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1900](https://togithub.com/sfackler/rust-openssl/pull/1900)
- binding to get fips status for ossl300 by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1901](https://togithub.com/sfackler/rust-openssl/pull/1901)
- add more x509 extension helper functions by [@zh-jq](https://togithub.com/zh-jq) in [https://github.com/sfackler/rust-openssl/pull/1887](https://togithub.com/sfackler/rust-openssl/pull/1887)
- changelog and version bumps for openssl and openssl-sys by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1905](https://togithub.com/sfackler/rust-openssl/pull/1905)
#### New Contributors
- [@zh-jq](https://togithub.com/zh-jq) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1887](https://togithub.com/sfackler/rust-openssl/pull/1887)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.51...openssl-v0.10.52
### [`v0.10.51`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.51)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.50...openssl-v0.10.51)
#### What's Changed
- update documentation to reflect libressl support by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1876](https://togithub.com/sfackler/rust-openssl/pull/1876)
- Add issuer_name and reason_code to X509RevokedRef by [@Skepfyr](https://togithub.com/Skepfyr) in [https://github.com/sfackler/rust-openssl/pull/1847](https://togithub.com/sfackler/rust-openssl/pull/1847)
- Preparing openssl-sys for PKCS7 and X509 extensions by [@bkstein](https://togithub.com/bkstein) in [https://github.com/sfackler/rust-openssl/pull/1789](https://togithub.com/sfackler/rust-openssl/pull/1789)
- Fixes [#1884](https://togithub.com/sfackler/rust-openssl/issues/1884) -- don't leave an error on the stack in public_eq by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1885](https://togithub.com/sfackler/rust-openssl/pull/1885)
- Fixes [#1882](https://togithub.com/sfackler/rust-openssl/issues/1882) -- added APIs for setting public keys on Dh by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1883](https://togithub.com/sfackler/rust-openssl/pull/1883)
- DTLS1 and DTLS1\_2 SslVersion for set_min_proto_version() by [@algesten](https://togithub.com/algesten) in [https://github.com/sfackler/rust-openssl/pull/1886](https://togithub.com/sfackler/rust-openssl/pull/1886)
- Remove size_t-is-usize argument to bindgen by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1888](https://togithub.com/sfackler/rust-openssl/pull/1888)
- Documentation typo for X509Crl by [@remigranotier](https://togithub.com/remigranotier) in [https://github.com/sfackler/rust-openssl/pull/1891](https://togithub.com/sfackler/rust-openssl/pull/1891)
- \[Documentation] fixed X509Crl and X509Revoked description in doc by [@remigranotier](https://togithub.com/remigranotier) in [https://github.com/sfackler/rust-openssl/pull/1892](https://togithub.com/sfackler/rust-openssl/pull/1892)
- add asn1octetstring creation support by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1893](https://togithub.com/sfackler/rust-openssl/pull/1893)
- Introduce X509Extension::new_from_der and deprecate the bad APIs by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1880](https://togithub.com/sfackler/rust-openssl/pull/1880)
- Release openssl v0.10.51 and openssl-sys v0.9.86 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1894](https://togithub.com/sfackler/rust-openssl/pull/1894)
#### New Contributors
- [@algesten](https://togithub.com/algesten) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1886](https://togithub.com/sfackler/rust-openssl/pull/1886)
- [@remigranotier](https://togithub.com/remigranotier) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1891](https://togithub.com/sfackler/rust-openssl/pull/1891)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.50...openssl-v0.10.51
### [`v0.10.50`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.50): openssl v0.10.50
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.49...openssl-v0.10.50)
### [`v0.10.49`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.49): openssl v0.10.49
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.49)
### [`v0.10.48`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.48): openssl v0.10.48
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48)
#### What's Changed
- Fix LibreSSL version checking in openssl/ by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1851](https://togithub.com/sfackler/rust-openssl/pull/1851)
- Skip a test that hangs on OpenSSL 3.1.0 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1850](https://togithub.com/sfackler/rust-openssl/pull/1850)
- Improve reliability of some tests by [@smoelius](https://togithub.com/smoelius) in [https://github.com/sfackler/rust-openssl/pull/1852](https://togithub.com/sfackler/rust-openssl/pull/1852)
- Fix a series of security issues by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854)
- Release openssl v0.10.48 and openssl-sys v0.9.83 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1855](https://togithub.com/sfackler/rust-openssl/pull/1855)
#### New Contributors
- [@smoelius](https://togithub.com/smoelius) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1852](https://togithub.com/sfackler/rust-openssl/pull/1852)
**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48
### [`v0.10.47`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.47): openssl v0.10.47
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.46...openssl-v0.10.47)
### [`v0.10.46`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.46): openssl v0.10.46
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.46)
### [`v0.10.45`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.45): openssl v0.10.45
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.44...openssl-v0.10.45)
### [`v0.10.44`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.44): openssl v0.10.44
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.43...openssl-v0.10.44)
### [`v0.10.43`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.43): openssl v0.10.43
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.42...openssl-v0.10.43)
### [`v0.10.42`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.42): openssl v0.10.42
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.42)
### [`v0.10.41`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.41): openssl v0.10.41
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.40...openssl-v0.10.41)
### [`v0.10.40`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.40): openssl v0.10.40
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.39...openssl-v0.10.40)
### [`v0.10.39`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.39): openssl v0.10.39
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.38...openssl-v0.10.39)
### [`v0.10.38`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.38): openssl v0.10.38
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.37...openssl-v0.10.38)
### [`v0.10.37`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.37): openssl v0.10.37
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.37)
### [`v0.10.36`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.36): openssl v0.10.36
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.35...openssl-v0.10.36)
### [`v0.10.35`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.35): openssl v0.10.35
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.34...openssl-v0.10.35)
### [`v0.10.34`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.34): openssl v0.10.34
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.33...openssl-v0.10.34)
### [`v0.10.33`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.33): openssl v0.10.33
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.32...openssl-v0.10.33)
### [`v0.10.32`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.32): openssl v0.10.32
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.31...openssl-v0.10.32)
### [`v0.10.31`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.31): openssl v0.10.31
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.30...openssl-v0.10.31)
### [`v0.10.30`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.30): openssl v0.10.30
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.29...openssl-v0.10.30)
### [`v0.10.29`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.29): openssl v0.10.29
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.28...openssl-v0.10.29)
### [`v0.10.28`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.28): openssl v0.10.28
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.27...openssl-v0.10.28)
### [`v0.10.27`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.27): openssl v0.10.27
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.26...openssl-v0.10.27)
### [`v0.10.26`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.26): openssl v0.10.26
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.25...openssl-v0.10.26)
### [`v0.10.25`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.25): openssl v0.10.25
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.24...openssl-v0.10.25)
### [`v0.10.24`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.24): openssl v0.10.24
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.23...openssl-v0.10.24)
### [`v0.10.23`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.23): openssl v0.10.23
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23)
### [`v0.10.22`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.22): openssl v0.10.22
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22)
### [`v0.10.21`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.21): openssl v0.10.21
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21)
### [`v0.10.20`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.20): openssl v0.10.20
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20)
### [`v0.10.19`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.19): openssl v0.10.19
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19)
### [`v0.10.18`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.18): openssl v0.10.18
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18)
### [`v0.10.17`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.17): openssl v0.10.17
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17)
### [`v0.10.16`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.16): openssl v0.10.16
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16)
### [`v0.10.15`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.15): openssl v0.10.15
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15)
### [`v0.10.14`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.14): openssl v0.10.14
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14)
### [`v0.10.13`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.13): openssl v0.10.13
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13)
### [`v0.10.12`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.12): openssl v0.10.12
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12)
### [`v0.10.11`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.11): openssl v0.10.11
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11)
### [`v0.10.10`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.10): openssl v0.10.10
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10)
### [`v0.10.9`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.9): openssl v0.10.9
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9)
### [`v0.10.8`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.8): openssl v0.10.8
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8)
### [`v0.10.7`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.7): openssl v0.10.7
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7)
### [`v0.10.6`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.6): openssl v0.10.6
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6)
### [`v0.10.5`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.5): openssl v0.10.5
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5)
### [`v0.10.4`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.4): openssl v0.10.4
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4)
### [`v0.10.3`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.3): openssl v0.10.3
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3)
### [`v0.10.2`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.2): openssl v0.10.2
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2)
### [`v0.10.1`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.1): openssl v0.10.1
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1)
Configuration
š Schedule: Branch creation - At any time (no schedule defined), Automerge - "after 8pm,before 6am" in timezone America/Denver.
š¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
ā» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
š Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.10->0.10.640.10->0.10.64opensslSubjectAlternativeNameandExtendedKeyUsage::otherallow arbitrary file readGHSA-9qwg-crg9-m2vc / RUSTSEC-2023-0023
More information
#### Details `SubjectAlternativeName` and `ExtendedKeyUsage` arguments were parsed using the OpenSSL function `X509V3_EXT_nconf`. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin (Google) for reporting this issue. #### Severity High #### References - [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854) - [https://github.com/sfackler/rust-openssl](https://togithub.com/sfackler/rust-openssl) - [https://rustsec.org/advisories/RUSTSEC-2023-0023.html](https://rustsec.org/advisories/RUSTSEC-2023-0023.html) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-9qwg-crg9-m2vc) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).opensslX509NameBuilder::buildreturned object is not thread safeGHSA-3gxf-9r58-2ghg / RUSTSEC-2023-0022
More information
#### Details OpenSSL has a `modified` bit that it can set on on `X509_NAME` objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin (Google) for reporting this issue. #### Severity Moderate #### References - [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854) - [https://rustsec.org/advisories/RUSTSEC-2023-0022.html](https://rustsec.org/advisories/RUSTSEC-2023-0022.html) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-3gxf-9r58-2ghg) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).opensslX509Extension::newandX509Extension::new_nidnull pointer dereferenceGHSA-6hcf-g6gr-hhcr / RUSTSEC-2023-0024
More information
#### Details These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin (Google) for reporting this issue. #### Severity Unknown #### References - [https://crates.io/crates/openssl](https://crates.io/crates/openssl) - [https://rustsec.org/advisories/RUSTSEC-2023-0024.html](https://rustsec.org/advisories/RUSTSEC-2023-0024.html) - [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854) This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0024) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).opensslX509Extension::newandX509Extension::new_nidnull pointer dereferenceGHSA-6hcf-g6gr-hhcr / RUSTSEC-2023-0024
More information
#### Details These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin (Google) for reporting this issue. #### Severity High #### References - [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854) - [https://github.com/sfackler/rust-openssl](https://togithub.com/sfackler/rust-openssl) - [https://rustsec.org/advisories/RUSTSEC-2023-0024.html](https://rustsec.org/advisories/RUSTSEC-2023-0024.html) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-6hcf-g6gr-hhcr) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).opensslSubjectAlternativeNameandExtendedKeyUsage::otherallow arbitrary file readGHSA-9qwg-crg9-m2vc / RUSTSEC-2023-0023
More information
#### Details `SubjectAlternativeName` and `ExtendedKeyUsage` arguments were parsed using the OpenSSL function `X509V3_EXT_nconf`. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin (Google) for reporting this issue. #### Severity Unknown #### References - [https://crates.io/crates/openssl](https://crates.io/crates/openssl) - [https://rustsec.org/advisories/RUSTSEC-2023-0023.html](https://rustsec.org/advisories/RUSTSEC-2023-0023.html) - [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854) This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0023) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).opensslX509NameBuilder::buildreturned object is not thread safeGHSA-3gxf-9r58-2ghg / RUSTSEC-2023-0022
More information
#### Details OpenSSL has a `modified` bit that it can set on on `X509_NAME` objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin (Google) for reporting this issue. #### Severity Unknown #### References - [https://crates.io/crates/openssl](https://crates.io/crates/openssl) - [https://rustsec.org/advisories/RUSTSEC-2023-0022.html](https://rustsec.org/advisories/RUSTSEC-2023-0022.html) - [https://github.com/sfackler/rust-openssl/pull/1854](https://togithub.com/sfackler/rust-openssl/pull/1854) This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0022) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).opensslX509VerifyParamRef::set_hostbuffer over-readGHSA-xcf7-rvmh-g6q4 / RUSTSEC-2023-0044
More information
#### Details When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte. #### Severity Moderate #### References - [https://github.com/sfackler/rust-openssl/issues/1965](https://togithub.com/sfackler/rust-openssl/issues/1965) - [https://github.com/sfackler/rust-openssl/pull/1968](https://togithub.com/sfackler/rust-openssl/pull/1968) - [https://github.com/sfackler/rust-openssl](https://togithub.com/sfackler/rust-openssl) - [https://rustsec.org/advisories/RUSTSEC-2023-0044.html](https://rustsec.org/advisories/RUSTSEC-2023-0044.html) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-xcf7-rvmh-g6q4) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).opensslX509VerifyParamRef::set_hostbuffer over-readGHSA-xcf7-rvmh-g6q4 / RUSTSEC-2023-0044
More information
#### Details When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte. #### Severity Unknown #### References - [https://crates.io/crates/openssl](https://crates.io/crates/openssl) - [https://rustsec.org/advisories/RUSTSEC-2023-0044.html](https://rustsec.org/advisories/RUSTSEC-2023-0044.html) - [https://github.com/sfackler/rust-openssl/issues/1965](https://togithub.com/sfackler/rust-openssl/issues/1965) This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0044) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).opensslX509StoreRef::objectsis unsoundGHSA-xphf-cx8h-7q9g / RUSTSEC-2023-0072
More information
#### Details This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound. Use of this function should be replaced with `X509StoreRef::all_certificates`. #### Severity Unknown #### References - [https://crates.io/crates/openssl](https://crates.io/crates/openssl) - [https://rustsec.org/advisories/RUSTSEC-2023-0072.html](https://rustsec.org/advisories/RUSTSEC-2023-0072.html) - [https://github.com/sfackler/rust-openssl/issues/2096](https://togithub.com/sfackler/rust-openssl/issues/2096) This data is provided by [OSV](https://osv.dev/vulnerability/RUSTSEC-2023-0072) and the [Rust Advisory Database](https://togithub.com/RustSec/advisory-db) ([CC0 1.0](https://togithub.com/rustsec/advisory-db/blob/main/LICENSE.txt)).Release Notes
sfackler/rust-openssl (openssl)
### [`v0.10.64`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.64) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64) #### What's Changed - Make \_STACK opaque for LibreSSL >= 3.9.0 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2153](https://togithub.com/sfackler/rust-openssl/pull/2153) - enable x509 verify and groups list for boringssl by [@zh-jq](https://togithub.com/zh-jq) in [https://github.com/sfackler/rust-openssl/pull/2155](https://togithub.com/sfackler/rust-openssl/pull/2155) - Cleanup some not-required Path::new invocations by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2158](https://togithub.com/sfackler/rust-openssl/pull/2158) - fixed a clippy (nightly) warning by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2161](https://togithub.com/sfackler/rust-openssl/pull/2161) - Bump actions versions by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2162](https://togithub.com/sfackler/rust-openssl/pull/2162) - Add support for setting the nonce type and digest on a PKEY_CTX by [@facutuesca](https://togithub.com/facutuesca) in [https://github.com/sfackler/rust-openssl/pull/2144](https://togithub.com/sfackler/rust-openssl/pull/2144) - rebuild openssl-sys if the underlying openssl has changed by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/2157](https://togithub.com/sfackler/rust-openssl/pull/2157) - Added binding for EVP_default_properties_enable_fips by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2168](https://togithub.com/sfackler/rust-openssl/pull/2168) - LibreSSL 3.9: fix CRYPTO_malloc/free signatures by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2170](https://togithub.com/sfackler/rust-openssl/pull/2170) - Expose alias on X509 structs by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2167](https://togithub.com/sfackler/rust-openssl/pull/2167) - bump openssl and openssl-sys + changelogs by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/2175](https://togithub.com/sfackler/rust-openssl/pull/2175) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64 ### [`v0.10.63`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.63) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63) #### What's Changed - Allow passing a passphrase callback when loading a public key by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2135](https://togithub.com/sfackler/rust-openssl/pull/2135) - Expose several additional ciphers for symmetry with symm by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2140](https://togithub.com/sfackler/rust-openssl/pull/2140) - brew: add openssl@3.0 (for 3.0.x LTS releases) by [@chenrui333](https://togithub.com/chenrui333) in [https://github.com/sfackler/rust-openssl/pull/2141](https://togithub.com/sfackler/rust-openssl/pull/2141) - Add PKey::from_dhx by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2142](https://togithub.com/sfackler/rust-openssl/pull/2142) - Make X509\_PURPOSE opaque for LibreSSL >= 3.9.0 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2145](https://togithub.com/sfackler/rust-openssl/pull/2145) - PEM parsing: check last error instead of first by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2148](https://togithub.com/sfackler/rust-openssl/pull/2148) - Expose brainpool NIDs on libressl by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2150](https://togithub.com/sfackler/rust-openssl/pull/2150) - Add two methods to the PKCS7 API by [@facutuesca](https://togithub.com/facutuesca) in [https://github.com/sfackler/rust-openssl/pull/2111](https://togithub.com/sfackler/rust-openssl/pull/2111) - add more boringssl methods by [@zh-jq](https://togithub.com/zh-jq) in [https://github.com/sfackler/rust-openssl/pull/2138](https://togithub.com/sfackler/rust-openssl/pull/2138) - Release openssl v0.10.63 and openssl-sys v0.9.99 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2152](https://togithub.com/sfackler/rust-openssl/pull/2152) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63 ### [`v0.10.62`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.62) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62) #### What's Changed - fixes [#2119](https://togithub.com/sfackler/rust-openssl/issues/2119) -- use ErrorStack abstraction in X.509 error handling by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2120](https://togithub.com/sfackler/rust-openssl/pull/2120) - Fix building with latest BoringSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2121](https://togithub.com/sfackler/rust-openssl/pull/2121) - Fix tests on macOS by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2123](https://togithub.com/sfackler/rust-openssl/pull/2123) - Upcoming API changes in LibreSSL 3.9 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2124](https://togithub.com/sfackler/rust-openssl/pull/2124) - Add `rand_priv_bytes` by [@overvenus](https://togithub.com/overvenus) in [https://github.com/sfackler/rust-openssl/pull/2126](https://togithub.com/sfackler/rust-openssl/pull/2126) - Add nid constant for curve brainpoolP320r1 by [@nicklaswj](https://togithub.com/nicklaswj) in [https://github.com/sfackler/rust-openssl/pull/2129](https://togithub.com/sfackler/rust-openssl/pull/2129) - Release openssl v0.10.62 and openssl-sys v0.9.98 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2133](https://togithub.com/sfackler/rust-openssl/pull/2133) #### New Contributors - [@overvenus](https://togithub.com/overvenus) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2126](https://togithub.com/sfackler/rust-openssl/pull/2126) - [@nicklaswj](https://togithub.com/nicklaswj) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2129](https://togithub.com/sfackler/rust-openssl/pull/2129) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62 ### [`v0.10.61`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.61): openssl v0.10.61 [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.60...openssl-v0.10.61) ### [`v0.10.60`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.60) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60) #### What's Changed - Correct off-by-one in minimum output buffer size computation by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2088](https://togithub.com/sfackler/rust-openssl/pull/2088) - Expose a few more (bad) ciphers in cipher::Cipher by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2084](https://togithub.com/sfackler/rust-openssl/pull/2084) - add temp key bindings by [@jmayclin](https://togithub.com/jmayclin) in [https://github.com/sfackler/rust-openssl/pull/2076](https://togithub.com/sfackler/rust-openssl/pull/2076) - Expose ChaCha20 on LibreSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2093](https://togithub.com/sfackler/rust-openssl/pull/2093) - Revert "Correct off-by-one in minimum output buffer size computation" by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2090](https://togithub.com/sfackler/rust-openssl/pull/2090) - Added `update_unchecked` to `symm::Crypter` by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2100](https://togithub.com/sfackler/rust-openssl/pull/2100) - fixes [#2096](https://togithub.com/sfackler/rust-openssl/issues/2096) -- deprecate `X509StoreRef::objects`, it is unsound by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2099](https://togithub.com/sfackler/rust-openssl/pull/2099) - Don't leak when overwriting ex data by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2102](https://togithub.com/sfackler/rust-openssl/pull/2102) - Release openssl v0.10.60 and openssl-sys v0.9.96 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2104](https://togithub.com/sfackler/rust-openssl/pull/2104) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60 ### [`v0.10.59`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.59) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59) #### What's Changed - Add binding to NID of Chacha20-Poly1305 cipher by [@Arnavion](https://togithub.com/Arnavion) in [https://github.com/sfackler/rust-openssl/pull/2081](https://togithub.com/sfackler/rust-openssl/pull/2081) - Fixed cfg for RSA_PSS by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2079](https://togithub.com/sfackler/rust-openssl/pull/2079) - fixes [#2050](https://togithub.com/sfackler/rust-openssl/issues/2050) -- build and test on libressl 3.8.2 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2082](https://togithub.com/sfackler/rust-openssl/pull/2082) - Release openssl v0.10.59 and openssl-sys v0.9.95 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2083](https://togithub.com/sfackler/rust-openssl/pull/2083) #### New Contributors - [@Arnavion](https://togithub.com/Arnavion) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2081](https://togithub.com/sfackler/rust-openssl/pull/2081) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59 ### [`v0.10.58`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.58) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58) #### What's Changed - LibreSSL 3.8.1 support by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2035](https://togithub.com/sfackler/rust-openssl/pull/2035) - Update vendored version to openssl 3 by [@amousset](https://togithub.com/amousset) in [https://github.com/sfackler/rust-openssl/pull/1925](https://togithub.com/sfackler/rust-openssl/pull/1925) - Test against 3.2.0-alpha1 by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2037](https://togithub.com/sfackler/rust-openssl/pull/2037) - Removed reference to non-existent method by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2039](https://togithub.com/sfackler/rust-openssl/pull/2039) - Bump CI to 1.1.1w by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2040](https://togithub.com/sfackler/rust-openssl/pull/2040) - \[openssl-sys] Add X509\_check\_{host,email,ip,ip_asc} fns by [@jgallagher](https://togithub.com/jgallagher) in [https://github.com/sfackler/rust-openssl/pull/2042](https://togithub.com/sfackler/rust-openssl/pull/2042) - Expose CBC mode for several more (bad) ciphers by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2045](https://togithub.com/sfackler/rust-openssl/pull/2045) - Expose two additional Pkey IDs by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2046](https://togithub.com/sfackler/rust-openssl/pull/2046) - Add support for CRL extensions and the Authority Information Access eā¦ by [@AdmiralGT](https://togithub.com/AdmiralGT) in [https://github.com/sfackler/rust-openssl/pull/2003](https://togithub.com/sfackler/rust-openssl/pull/2003) - Fix clippy warnings produced by newer Rust by [@wiktor-k](https://togithub.com/wiktor-k) in [https://github.com/sfackler/rust-openssl/pull/2052](https://togithub.com/sfackler/rust-openssl/pull/2052) - Use osslconf on BoringSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2056](https://togithub.com/sfackler/rust-openssl/pull/2056) - Make X509\_ALGOR opaque for LibreSSL by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2060](https://togithub.com/sfackler/rust-openssl/pull/2060) - Don't ignore ECDSA tests without GF2m support by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2061](https://togithub.com/sfackler/rust-openssl/pull/2061) - Clarify 'possible LibreSSL bug' by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2062](https://togithub.com/sfackler/rust-openssl/pull/2062) - Enable BN_mod_sqrt() for upcoming LibreSSL 3.8.2 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2063](https://togithub.com/sfackler/rust-openssl/pull/2063) - Enable SHA-3 for LibreSSL 3.8.0 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2064](https://togithub.com/sfackler/rust-openssl/pull/2064) - Remove DH_generate_parameters for LibreSSL 3.8.2 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2065](https://togithub.com/sfackler/rust-openssl/pull/2065) - Use EVP_MD_CTX\_{new,free}() in LibreSSL 3.8.2 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2067](https://togithub.com/sfackler/rust-openssl/pull/2067) - Enable HKDF support for LibreSSL >= 3.6.0 by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2066](https://togithub.com/sfackler/rust-openssl/pull/2066) - Two build script fixes for LibreSSL by [@botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2068](https://togithub.com/sfackler/rust-openssl/pull/2068) - Respect OPENSSL_NO_OCB on AES functions by [@GuyLewin](https://togithub.com/GuyLewin) in [https://github.com/sfackler/rust-openssl/pull/2070](https://togithub.com/sfackler/rust-openssl/pull/2070) - Support OPENSSL_NO_SCRYPT by [@GuyLewin](https://togithub.com/GuyLewin) in [https://github.com/sfackler/rust-openssl/pull/2071](https://togithub.com/sfackler/rust-openssl/pull/2071) - Bump 3.2.0 beta by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2073](https://togithub.com/sfackler/rust-openssl/pull/2073) - add security level bindings by [@jmayclin](https://togithub.com/jmayclin) in [https://github.com/sfackler/rust-openssl/pull/2074](https://togithub.com/sfackler/rust-openssl/pull/2074) - Release openssl v0.10.58 and openssl-sys v0.9.94 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2078](https://togithub.com/sfackler/rust-openssl/pull/2078) #### New Contributors - [@amousset](https://togithub.com/amousset) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1925](https://togithub.com/sfackler/rust-openssl/pull/1925) - [@jgallagher](https://togithub.com/jgallagher) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2042](https://togithub.com/sfackler/rust-openssl/pull/2042) - [@AdmiralGT](https://togithub.com/AdmiralGT) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2003](https://togithub.com/sfackler/rust-openssl/pull/2003) - [@botovq](https://togithub.com/botovq) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2060](https://togithub.com/sfackler/rust-openssl/pull/2060) - [@GuyLewin](https://togithub.com/GuyLewin) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2070](https://togithub.com/sfackler/rust-openssl/pull/2070) - [@jmayclin](https://togithub.com/jmayclin) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2074](https://togithub.com/sfackler/rust-openssl/pull/2074) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58 ### [`v0.10.57`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.57) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.56...openssl-v0.10.57) #### What's Changed - Expose chacha20\_poly1305 on LibreSSL by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2011](https://togithub.com/sfackler/rust-openssl/pull/2011) - Add openssl::cipher_ctx::CipherCtx::clone by [@johntyner](https://togithub.com/johntyner) in [https://github.com/sfackler/rust-openssl/pull/2017](https://togithub.com/sfackler/rust-openssl/pull/2017) - Add X509VerifyParam::set_email by [@dhouck](https://togithub.com/dhouck) in [https://github.com/sfackler/rust-openssl/pull/2018](https://togithub.com/sfackler/rust-openssl/pull/2018) - Add perl-FindBin dep for fedora by [@JadedBlueEyes](https://togithub.com/JadedBlueEyes) in [https://github.com/sfackler/rust-openssl/pull/2023](https://togithub.com/sfackler/rust-openssl/pull/2023) - Update to bitflags 2.2.1. by [@qwandor](https://togithub.com/qwandor) in [https://github.com/sfackler/rust-openssl/pull/1906](https://togithub.com/sfackler/rust-openssl/pull/1906) - Release openssl v0.10.57 and openssl-sys v0.9.92 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2025](https://togithub.com/sfackler/rust-openssl/pull/2025) #### New Contributors - [@johntyner](https://togithub.com/johntyner) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2017](https://togithub.com/sfackler/rust-openssl/pull/2017) - [@dhouck](https://togithub.com/dhouck) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2018](https://togithub.com/sfackler/rust-openssl/pull/2018) - [@JadedBlueEyes](https://togithub.com/JadedBlueEyes) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2023](https://togithub.com/sfackler/rust-openssl/pull/2023) - [@qwandor](https://togithub.com/qwandor) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1906](https://togithub.com/sfackler/rust-openssl/pull/1906) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.56...openssl-v0.10.57 ### [`v0.10.56`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.56): openssl v0.10.56 [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.55...openssl-v0.10.56) ### [`v0.10.55`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.55) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55) #### What's Changed - Fix warnings from BoringSSL on Rust 1.70 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1948](https://togithub.com/sfackler/rust-openssl/pull/1948) - Honor OPENSSL_NO_OCB if OpenSSL was built this way by [@davidben](https://togithub.com/davidben) in [https://github.com/sfackler/rust-openssl/pull/1952](https://togithub.com/sfackler/rust-openssl/pull/1952) - Fix some deprecated patterns when using BoringSSL by [@davidben](https://togithub.com/davidben) in [https://github.com/sfackler/rust-openssl/pull/1945](https://togithub.com/sfackler/rust-openssl/pull/1945) - add get_asn1\_flag to EcGroupRef by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1947](https://togithub.com/sfackler/rust-openssl/pull/1947) - Fixed type mutability on asn1\_flag by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1954](https://togithub.com/sfackler/rust-openssl/pull/1954) - allow affine_coordinates on boring and libre by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1955](https://togithub.com/sfackler/rust-openssl/pull/1955) - add support for EVP_PKEY_derive_set_peer_ex in OpenSSL 3 by [@reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/1956](https://togithub.com/sfackler/rust-openssl/pull/1956) - Use type-safe wrappers instead of EVP_PKEY_assign by [@davidben](https://togithub.com/davidben) in [https://github.com/sfackler/rust-openssl/pull/1959](https://togithub.com/sfackler/rust-openssl/pull/1959) - add Nid::SM2 and pkey Id::SM2 by [@zh-jq](https://togithub.com/zh-jq) in [https://github.com/sfackler/rust-openssl/pull/1962](https://togithub.com/sfackler/rust-openssl/pull/1962) - Fix handling of empty host strings by [@sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/1968](https://togithub.com/sfackler/rust-openssl/pull/1968) - Remove old codes that belows supported Rust version. by [@tesuji](https://togithub.com/tesuji) in [https://github.com/sfackler/rust-openssl/pull/1966](https://togithub.com/sfackler/rust-openssl/pull/1966) - Release openssl v0.10.55 and openssl-sys v0.9.89 by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1970](https://togithub.com/sfackler/rust-openssl/pull/1970) #### New Contributors - [@davidben](https://togithub.com/davidben) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1952](https://togithub.com/sfackler/rust-openssl/pull/1952) - [@tesuji](https://togithub.com/tesuji) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1966](https://togithub.com/sfackler/rust-openssl/pull/1966) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55 ### [`v0.10.54`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.54) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54) #### What's Changed - Remove converting [PKCS#8](https://togithub.com/PKCS/rust-openssl/issues/8) passphrase to CString by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1941](https://togithub.com/sfackler/rust-openssl/pull/1941) - Version bump for openssl v0.10.54 release by [@alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/1942](https://togithub.com/sfackler/rust-openssl/pull/1942) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54 ### [`v0.10.53`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.53) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53) #### What's Changed - Check for OPENSSL_NO_RC4 when using EVP_rc4 by [@oskirby](https://togithub.com/oskirby) in [https://github.com/sfackler/rust-openssl/pull/1910](https://togithub.com/sfackler/rust-openssl/pull/1910) - Fix link errors for X509\_get0\_authority_xxx methods on Ubuntu/bionic by [@oskirby](https://togithub.com/oskirby) in [https://github.com/sfackler/rust-openssl/pull/1909](https://togithub.com/sfackler/rust-openssl/pull/1909) - add X509::pathlen by [@zh-jq-b](https://togithub.com/zh-jq-b) in [https://github.com/sfackler/rust-openssl/pull/1916](https://togithub.com/sfackler/rust-openssl/pull/1916) - Add bindings to SSL_bytes_to_cipher_list by [@RoastVeg](https://togithub.com/RoastVeg) in [https://github.com/sfackler/rust-openssl/pull/1921](https://togithub.com/sfackler/rust-openssl/pull/1921) - Add boringssl hkdf derivation by [@AndrewScull](https://togithub.com/AndrewScull) in [https://github.com/sfackler/rust-openssl/pull/1926](https://togithub.com/sfackler/rust-openssl/pull/1926) - add other name support by [@huettner94](https://togithub.com/huettner94) in [https://github.com/sfackler/rust-openssl/pull/1915](https://togithub.com/sfackler/rust-openssl/pull/1915) - LibreSSL 3.8.0 by [@vishwin](https://togithub.com/vishwin) in [https://github.com/sfackler/rust-openssl/pull/1935](https://togithub.com/sfackler/rust-openssl/pull/1935) - add DsaConfiguration
š Schedule: Branch creation - At any time (no schedule defined), Automerge - "after 8pm,before 6am" in timezone America/Denver.
š¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
ā» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
š Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.