diff options
| -rw-r--r-- | ChangeLog | 18 |
1 files changed, 18 insertions, 0 deletions
| @@ -51,6 +51,12 @@ LibreSSL Portable Release Notes: | |||
| 51 | Instead, capabilities are now detected using a constructor on | 51 | Instead, capabilities are now detected using a constructor on |
| 52 | library load, which improves the incomplete coverage by calls | 52 | library load, which improves the incomplete coverage by calls |
| 53 | to OPENSSL_init_crypto() on various entry points. | 53 | to OPENSSL_init_crypto() on various entry points. |
| 54 | - Rework and simplify AES handling in EVP. In particular, AES-NI | ||
| 55 | is now handled in the AES internal code and no longer requires | ||
| 56 | the use of EVP. | ||
| 57 | - Added a public API for ML-KEM. This is not yet documented in a | ||
| 58 | manpage and may not be in its final form. This will be used to | ||
| 59 | support X25519MLKEM768 in libssl. | ||
| 54 | * Compatibility changes | 60 | * Compatibility changes |
| 55 | - Removed the -msie_hack option from the openssl(1) ca subcommand. | 61 | - Removed the -msie_hack option from the openssl(1) ca subcommand. |
| 56 | - Removed parameters of the 239-bit prime curves from X9.62, H.5.2: | 62 | - Removed parameters of the 239-bit prime curves from X9.62, H.5.2: |
| @@ -59,17 +65,29 @@ LibreSSL Portable Release Notes: | |||
| 59 | per recommendation of NIST SP 800-132. | 65 | per recommendation of NIST SP 800-132. |
| 60 | - Encrypted PKCS#8 key files now use a default password-based key | 66 | - Encrypted PKCS#8 key files now use a default password-based key |
| 61 | derivation function that is acceptable in the present millenium. | 67 | derivation function that is acceptable in the present millenium. |
| 68 | - const corrected EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}(). | ||
| 69 | - X509_CRL_verify() now checks that the AlgorithmIdentifiers in the | ||
| 70 | signature and the tbsCertList are identical. | ||
| 62 | - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain. | 71 | - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain. |
| 72 | - Removed BIO_s_log(), X509_PKEY_{new,free}(), PEM_X509_INFO_read() | ||
| 73 | and PEM_X509_INFO_write_bio(). | ||
| 74 | - Re-expose the ASN.1 Boolean template items. | ||
| 75 | - opensslconf.h is now machine-independent. | ||
| 63 | * New features | 76 | * New features |
| 64 | - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0". | 77 | - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0". |
| 65 | * Bug fixes | 78 | * Bug fixes |
| 66 | - Avoid pointer arithmetic on NULL for memory BIOs. | 79 | - Avoid pointer arithmetic on NULL for memory BIOs. |
| 80 | - Fix leaks and use-after-frees in PKCS7 attribute handling. | ||
| 67 | * Documentation | 81 | * Documentation |
| 68 | - Rewrote most of the EC documentation from scratch to be at least | 82 | - Rewrote most of the EC documentation from scratch to be at least |
| 69 | somewhat accurate and intelligible. | 83 | somewhat accurate and intelligible. |
| 84 | - Updated documentation for SMIME_{read,write}* to match reality. | ||
| 70 | * Testing and proactive security | 85 | * Testing and proactive security |
| 71 | - Added a testing framework that will help deduplicating lots of | 86 | - Added a testing framework that will help deduplicating lots of |
| 72 | ad-hoc code in the regression tests. | 87 | ad-hoc code in the regression tests. |
| 88 | - Converted the Wycheproof testing framework to use testvectors_v1. | ||
| 89 | This in combination with a few new tests significantly increases | ||
| 90 | regress coverage. | ||
| 73 | 91 | ||
| 74 | 4.1.0 - Stable release | 92 | 4.1.0 - Stable release |
| 75 | 93 | ||