diff options
| author | Theo Buehler <tb@openbsd.org> | 2026-03-29 05:08:28 -0600 |
|---|---|---|
| committer | Theo Buehler <tb@openbsd.org> | 2026-03-29 05:08:28 -0600 |
| commit | 2da5e226269d564a16dc8503bbb4b058b9dce984 (patch) | |
| tree | 65b19e089f4d39437428232692e7815305d52303 /ChangeLog | |
| parent | 979d238b181325b2df6689275d7caf1b051b9689 (diff) | |
| download | portable-2da5e226269d564a16dc8503bbb4b058b9dce984.tar.gz portable-2da5e226269d564a16dc8503bbb4b058b9dce984.tar.bz2 portable-2da5e226269d564a16dc8503bbb4b058b9dce984.zip | |
ChangeLog through Dec 31
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 32 |
1 files changed, 30 insertions, 2 deletions
| @@ -34,15 +34,43 @@ LibreSSL Portable Release Notes: | |||
| 34 | - Remove the unused sequence number from X509_REVOKED. | 34 | - Remove the unused sequence number from X509_REVOKED. |
| 35 | - Replace a call to atoi() with strtonum() in nc(1) and replace a | 35 | - Replace a call to atoi() with strtonum() in nc(1) and replace a |
| 36 | misleading use of ntohs() with htons(). | 36 | misleading use of ntohs() with htons(). |
| 37 | - openssl(1) speed now uses HMAC-SHA256 for its hmac benchmark. | ||
| 38 | - Reimplemented only use of ASN1_PRINTABLE_type() in openssl(1) ca. | ||
| 39 | The API will be removed in an upcoming release. | ||
| 40 | - Add curve NID to EC_POINT objects so the library has a clue on which | ||
| 41 | curve a given EC_POINT is supposed to live. | ||
| 42 | - Use curve NID to check for compatibility between group and points | ||
| 43 | in various EC API. This isn't 100% failsafe but good enough for sane | ||
| 44 | uses. | ||
| 45 | - Require SSE in order to use gcm_{gmult,ghash}_4bit_mmx(). | ||
| 46 | On rare i386 machines suporting MMX but not SSE this could result | ||
| 47 | in an illegal instruction. | ||
| 37 | * Compatibility changes | 48 | * Compatibility changes |
| 38 | - Expose X509_VERIFY_PARAM_set_hostflags() as a public symbol. | 49 | - Expose X509_VERIFY_PARAM_set_hostflags() as a public symbol. |
| 39 | - Provide SSL_SESSION_dup(). | 50 | - Provide SSL_SESSION_dup(). |
| 40 | * New features: support for MLKEM768_X25519 keyshare in TLS. | 51 | - BIGNUMs now use the C99 types uint64_t/uint32_t for the word width. |
| 41 | https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ | 52 | Fixes long-standing issues with 32-bit longs on 64-bit Windows. |
| 53 | - Many unused BN_* macros with incomprehensible names were removed: | ||
| 54 | BN_LONG, BN_BITS{,4}, BN_MASK2{,l,h,h1}, BN_TBIT, BN_DEC_CONV, | ||
| 55 | BN_{DEC,HEX}_FMT{1,2}, ... | ||
| 56 | - openssl(1) cms no longer accepts the unsupported -compress and | ||
| 57 | -uncompress switches. | ||
| 58 | - Added PKCS7_NO_DUAL_CONTENT flag/behavior. This is incorrect legacy | ||
| 59 | behavior but some language bindings decided to rely on it in 2025. | ||
| 60 | - Remove STABLE_FLAGS_MALLOC but keep STABLE_NO_MASK because there is | ||
| 61 | still one user... | ||
| 62 | * New features | ||
| 63 | - Support for MLKEM768_X25519 keyshare in TLS. | ||
| 64 | https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ | ||
| 65 | - Added ML-KEM benchmarks to openssl(1) speed. | ||
| 42 | * Bug fixes | 66 | * Bug fixes |
| 43 | - Ensure the group selected by a TLSv1.3 server for a | 67 | - Ensure the group selected by a TLSv1.3 server for a |
| 44 | HelloRetryRequest is not one for which the client has | 68 | HelloRetryRequest is not one for which the client has |
| 45 | already sent a key share. | 69 | already sent a key share. |
| 70 | - Plug memory leak in CMS_EncryptedData_encrypt(). | ||
| 71 | - Plug possible memory leak and double free in nref_nos(). | ||
| 72 | - Removed always zero test results for some no longer available | ||
| 73 | legacy primitives in openssl(1) speed. | ||
| 46 | 74 | ||
| 47 | 4.2.0 - Stable release | 75 | 4.2.0 - Stable release |
| 48 | 76 | ||