aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@openbsd.org>2025-09-28 02:10:29 -0600
committerTheo Buehler <tb@openbsd.org>2025-09-28 02:20:27 -0600
commit6702db69c4d1dfd37cf7cd3fa5df8b56c63b06d0 (patch)
treeccf3bb0c1fdcd3c4e1c5fc8a8d55fba7342c8e21
parent607ae1b8056635de55a2e5ee229fdfec8ba384d9 (diff)
downloadportable-6702db69c4d1dfd37cf7cd3fa5df8b56c63b06d0.tar.gz
portable-6702db69c4d1dfd37cf7cd3fa5df8b56c63b06d0.tar.bz2
portable-6702db69c4d1dfd37cf7cd3fa5df8b56c63b06d0.zip
Update ChangeLog
Diffstat
-rw-r--r--ChangeLog18
1 files changed, 18 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 1739cfc..dd73de8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -51,6 +51,12 @@ LibreSSL Portable Release Notes:
51 Instead, capabilities are now detected using a constructor on 51 Instead, capabilities are now detected using a constructor on
52 library load, which improves the incomplete coverage by calls 52 library load, which improves the incomplete coverage by calls
53 to OPENSSL_init_crypto() on various entry points. 53 to OPENSSL_init_crypto() on various entry points.
54 - Rework and simplify AES handling in EVP. In particular, AES-NI
55 is now handled in the AES internal code and no longer requires
56 the use of EVP.
57 - Added a public API for ML-KEM. This is not yet documented in a
58 manpage and may not be in its final form. This will be used to
59 support X25519MLKEM768 in libssl.
54 * Compatibility changes 60 * Compatibility changes
55 - Removed the -msie_hack option from the openssl(1) ca subcommand. 61 - Removed the -msie_hack option from the openssl(1) ca subcommand.
56 - Removed parameters of the 239-bit prime curves from X9.62, H.5.2: 62 - Removed parameters of the 239-bit prime curves from X9.62, H.5.2:
@@ -59,17 +65,29 @@ LibreSSL Portable Release Notes:
59 per recommendation of NIST SP 800-132. 65 per recommendation of NIST SP 800-132.
60 - Encrypted PKCS#8 key files now use a default password-based key 66 - Encrypted PKCS#8 key files now use a default password-based key
61 derivation function that is acceptable in the present millenium. 67 derivation function that is acceptable in the present millenium.
68 - const corrected EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}().
69 - X509_CRL_verify() now checks that the AlgorithmIdentifiers in the
70 signature and the tbsCertList are identical.
62 - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain. 71 - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
72 - Removed BIO_s_log(), X509_PKEY_{new,free}(), PEM_X509_INFO_read()
73 and PEM_X509_INFO_write_bio().
74 - Re-expose the ASN.1 Boolean template items.
75 - opensslconf.h is now machine-independent.
63 * New features 76 * New features
64 - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0". 77 - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0".
65 * Bug fixes 78 * Bug fixes
66 - Avoid pointer arithmetic on NULL for memory BIOs. 79 - Avoid pointer arithmetic on NULL for memory BIOs.
80 - Fix leaks and use-after-frees in PKCS7 attribute handling.
67 * Documentation 81 * Documentation
68 - Rewrote most of the EC documentation from scratch to be at least 82 - Rewrote most of the EC documentation from scratch to be at least
69 somewhat accurate and intelligible. 83 somewhat accurate and intelligible.
84 - Updated documentation for SMIME_{read,write}* to match reality.
70 * Testing and proactive security 85 * Testing and proactive security
71 - Added a testing framework that will help deduplicating lots of 86 - Added a testing framework that will help deduplicating lots of
72 ad-hoc code in the regression tests. 87 ad-hoc code in the regression tests.
88 - Converted the Wycheproof testing framework to use testvectors_v1.
89 This in combination with a few new tests significantly increases
90 regress coverage.
73 91
744.1.0 - Stable release 924.1.0 - Stable release
75 93
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-23 17:57:15 +0000