diff options
| author | Theo Buehler <tb@openbsd.org> | 2025-04-11 17:58:21 +0200 |
|---|---|---|
| committer | Theo Buehler <tb@openbsd.org> | 2025-04-11 17:58:21 +0200 |
| commit | f625098f8b64b917b239afd72d1317139bef1e3b (patch) | |
| tree | 5f9a3b96047d7f0976bd1705b20ad375c5331713 | |
| parent | 16db162e6c571138f0bb2f87bf225ba46baef1bb (diff) | |
| download | portable-f625098f8b64b917b239afd72d1317139bef1e3b.tar.gz portable-f625098f8b64b917b239afd72d1317139bef1e3b.tar.bz2 portable-f625098f8b64b917b239afd72d1317139bef1e3b.zip | |
Tweak Changelog
| -rw-r--r-- | ChangeLog | 21 |
1 files changed, 13 insertions, 8 deletions
| @@ -63,6 +63,10 @@ LibreSSL Portable Release Notes: | |||
| 63 | - Replaced BN_bn2hex() reimplementation in openssl(1) ca with | 63 | - Replaced BN_bn2hex() reimplementation in openssl(1) ca with |
| 64 | a poper API call. | 64 | a poper API call. |
| 65 | - Fixed integer overflows due to signed shift in obj_dat.c. | 65 | - Fixed integer overflows due to signed shift in obj_dat.c. |
| 66 | - Fixed a few memory leaks in legacy code. | ||
| 67 | - Improved some X509_VERIFY_PARAM internals and avoid an out of | ||
| 68 | bounds read from public API. | ||
| 69 | - Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API). | ||
| 66 | * Compatibility changes | 70 | * Compatibility changes |
| 67 | - Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto(). | 71 | - Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto(). |
| 68 | It has no effect since LibreSSL doesn't call atexit(). | 72 | It has no effect since LibreSSL doesn't call atexit(). |
| @@ -71,6 +75,9 @@ LibreSSL Portable Release Notes: | |||
| 71 | - EC_METHOD is no longer public and the API exposing it has been | 75 | - EC_METHOD is no longer public and the API exposing it has been |
| 72 | removed. This includes EC_GROUP_new(), EC_GFp_mont_method(), | 76 | removed. This includes EC_GROUP_new(), EC_GFp_mont_method(), |
| 73 | EC_GROUP_method_of() and EC_METHOD_get_field_type(). | 77 | EC_GROUP_method_of() and EC_METHOD_get_field_type(). |
| 78 | - The precomputation stubs for EC_GROUP were removed. | ||
| 79 | - The API setting Jacobian projective coordinates for a point was | ||
| 80 | removed as were EC_POINTs_{mul,make_affine}(). | ||
| 74 | - All elliptic curves over fields with less than 224 bits and a | 81 | - All elliptic curves over fields with less than 224 bits and a |
| 75 | few more were removed from the built-in curves. This includes | 82 | few more were removed from the built-in curves. This includes |
| 76 | all WTLS curves and P-192. | 83 | all WTLS curves and P-192. |
| @@ -79,26 +86,24 @@ LibreSSL Portable Release Notes: | |||
| 79 | - Removed the -C option to generate "C code" from the openssl(1) | 86 | - Removed the -C option to generate "C code" from the openssl(1) |
| 80 | dh, dhparam, dsaparam, ecparam, and x509 subcommands. | 87 | dh, dhparam, dsaparam, ecparam, and x509 subcommands. |
| 81 | - Removed #error in headers when OPENSSL_NO_* is defined. | 88 | - Removed #error in headers when OPENSSL_NO_* is defined. |
| 82 | - EC_METHOD is no longer public and all public API directly using | ||
| 83 | it was removed. This includes EC_GROUP_new(), EC_GFp_mont_method() | ||
| 84 | EC_{GROUP,POINT}_method_of() and EC_METHOD_get_field_type(). | ||
| 85 | - The precomputation stubs for EC_GROUP were removed. | ||
| 86 | - The API setting Jacobian projective coordinates for a point was | ||
| 87 | removed as were EC_POINTs_{mul,make_affine}(). | ||
| 88 | - CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and | 89 | - CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and |
| 89 | CRYPTO_set_mem_ex_functions() was removed. | 90 | CRYPTO_set_mem_ex_functions() was removed. |
| 90 | - X509_NAME_print() and X509_OBJECT_up_ref_count() are no longer public. | 91 | - The tls_session_secret_cb_fn type now matches OpenSSL 1.1. |
| 92 | - Unexport X509_NAME_print() and X509_OBJECT_up_ref_count(). | ||
| 91 | - const corrected UI_OpenSSL() and BN_MONT_CTX_copy(). | 93 | - const corrected UI_OpenSSL() and BN_MONT_CTX_copy(). |
| 92 | - Support OPENSSL_NO_FILENAMES. | 94 | - Support OPENSSL_NO_FILENAMES. |
| 93 | - Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION. | 95 | - Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION. |
| 96 | - Export PKCS12_key_gen_uni() again. | ||
| 94 | * New features | 97 | * New features |
| 95 | - libtls has a new tls_peer_cert_common_name() API call to retrieve | 98 | - libtls has a new tls_peer_cert_common_name() API call to retrieve |
| 96 | the peer's common name without having to inspect the PEM. | 99 | the peer's common name without having to inspect the PEM. |
| 97 | - Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API). | ||
| 98 | * Bug fixes | 100 | * Bug fixes |
| 99 | - Plugged a leak in eckey_compute_pubkey(). | 101 | - Plugged a leak in eckey_compute_pubkey(). |
| 100 | - Again allow the magic values -1, -2 and -3 for the salt length | 102 | - Again allow the magic values -1, -2 and -3 for the salt length |
| 101 | of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface. | 103 | of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface. |
| 104 | * Documentation | ||
| 105 | - The remaining undocumented public EVP API is now documented. | ||
| 106 | Reorganization of existing documentation for clarity and accuracy. | ||
| 102 | * Testing and proactive security | 107 | * Testing and proactive security |
| 103 | - Improved regress coverage of the EC code. | 108 | - Improved regress coverage of the EC code. |
| 104 | 109 | ||