1 files changed, 196 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index c03ff15..1739cfc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,7 @@
 Because this project is maintained both in the OpenBSD tree using CVS and in
 Git, it can be confusing following all of the changes.
-Most of the libssl and libcrypto source code is is here in OpenBSD CVS:
+Most of the libssl and libcrypto source code is here in OpenBSD CVS:
        https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/
@@ -28,12 +28,138 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
-4.0.0 - In development
+4.2.0 - In development
        * Portable changes
-          - Added initial Emscripten support in CMake builds
+        * Internal improvements
+          - Cleaned up code implementing block cipher modes of operation.
+            Includes untangling a horrible #ifdef mess and removing a few
+            instances of undefined behavior.
+          - Removed assembly implementations of AES using bit slicing (BS-AES)
+            and vector permutation (VP-AES).
+          - Integrated AES-NI into the AES API.
+          - Removed OPENSSL_SMALL_FOOTPRINT and OPENSSL_FIPSAPI.
+          - Lots of cleanup and removal of code with undefined behavior in
+            the block cipher modes of operation implementations.
+          - Implemented constant time EC field element operations to allow
+            implementing elliptic curve operations without bignum arithmetic.
+          - Implemented an EC method using homogeneous projective coordinates.
+            This allows exception-free elliptic curve arithmetic in constant
+            time.
+          - Started cleaning up the openssl speed implementation.
+          - The last SIGILL-based CPU capability detection was removed.
+            Instead, capabilities are now detected using a constructor on
+            library load, which improves the incomplete coverage by calls
+            to OPENSSL_init_crypto() on various entry points.
+        * Compatibility changes
+          - Removed the -msie_hack option from the openssl(1) ca subcommand.
+          - Removed parameters of the 239-bit prime curves from X9.62, H.5.2:
+            prime239v1, prime239v2, prime239v3.
+          - Increased default MAC salt length used by PKCS12_set_mac(3) to 16 
+            per recommendation of NIST SP 800-132.
+          - Encrypted PKCS#8 key files now use a default password-based key
+            derivation function that is acceptable in the present millenium.
+          - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
+        * New features
+          - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0".
+        * Bug fixes
+          - Avoid pointer arithmetic on NULL for memory BIOs.
+        * Documentation
+          - Rewrote most of the EC documentation from scratch to be at least
+            somewhat accurate and intelligible.
+        * Testing and proactive security
+          - Added a testing framework that will help deduplicating lots of
+            ad-hoc code in the regression tests.
+4.1.0 - Stable release
+        * Portable changes
+          - Added initial experimental support for loongarch64.
+          - Fixed compilation for mips32 and reenable CI.
+          - Fixed CMake builds on FreeBSD.
+          - Fixed the --prefix option for cmake --install.
+          - Fixed tests for MinGW due to missing sh(1).
+        * Internal improvements
+          - Cleaned up the error implementation.
+          - Many bug fixes and simplifications in the EC ASN.1 code.
+          - Corrected DER encoding for EC keys and parameters.
+          - Polished EC_POINT_{oct2point,point2oct}() internals.
+          - Rewrote the wNAF code for fast ECDSA verification.
+          - Improved the code setting compressed coordinates for EC points.
+          - Reworked CPU capabilities detection for amd64 and aarch64.
+          - New SHA-1, SHA-256 and SHA-512 assembly implementations for amd64.
+            These make use of the SHA-NI instruction if it is available and
+            replace the perl-generated assembly optimized for museum pieces.
+            These are not yet enabled in libressl-portable.
+          - New SHA-256 and SHA-512 assembly implementations for aarch64
+            making use of the ARM Cryptographic Extension (CE). Not yet
+            enabled in libressl-portable.
+          - New simplified, readable MD5 implementation for amd64.
+          - Rewrote BN_bn2binpad() and its lebin siblings.
+          - The BIGNUMs in EC_GROUP and EC_POINT are now heap allocated.
+          - Rewrote TS_ASN1_INTEGER_print_bio().
+          - Improved bit counter handling in MD5.
+          - Simplified and cleaned up the BN_RECP_CTX internals.
+          - Improved SM4 to match other symmetric ciphers more closely.
+          - Rewrote X509_NAME_oneline() and X509_NAME_print() using CBS/CBB.
+          - CRLs are now cached in the issuer cache like certificates.
+          - Replaced combinations of BN_MONT_CTX_new/set with an internal
+            BN_MONT_CTX_create().
+          - Replaced BN_bn2hex() reimplementation in openssl(1) ca with
+            a proper API call.
+          - Fixed integer overflows due to signed shift in obj_dat.c.
+          - Improved some X509_VERIFY_PARAM internals and avoid an out of
+            bounds read from public API.
+          - Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API).
+        * Compatibility changes
+          - Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto().
+            It has no effect since LibreSSL doesn't call atexit().
+          - Elliptic curve parameters are only accepted if they encode a
+            built-in curve.
+          - EC_METHOD is no longer public and the API exposing it has been
+            removed. This includes EC_GROUP_new(), EC_GFp_mont_method(),
+            EC_GROUP_method_of() and EC_METHOD_get_field_type().
+          - The precomputation stubs for EC_GROUP were removed.
+          - The API setting Jacobian projective coordinates for a point was
+            removed as were EC_POINTs_{mul,make_affine}().
+          - All elliptic curves over fields with less than 224 bits and a
+            few more were removed from the built-in curves. This includes
+            all WTLS curves and P-192.
+          - It is no longer necessary to set RSA_FLAG_SIGN_VER to use the
+            sign and verify handlers set with RSA_meth_set_{sign,verify}.
+          - Removed the -C option to generate "C code" from the openssl(1)
+            dh, dhparam, dsaparam, ecparam, and x509 subcommands.
+          - Removed #error in headers when OPENSSL_NO_* is defined.
+          - CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and
+            CRYPTO_set_mem_ex_functions() was removed.
+          - The tls_session_secret_cb_fn type now matches OpenSSL 1.1.
+          - Unexport X509_NAME_print() and X509_OBJECT_up_ref_count().
+          - const corrected UI_OpenSSL() and BN_MONT_CTX_copy().
+          - Support OPENSSL_NO_FILENAMES.
+          - Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
+          - Export PKCS12_key_gen_uni() again.
+        * New features
+          - libtls has a new tls_peer_cert_common_name() API call to retrieve
+            the peer's common name without having to inspect the PEM.
+        * Bug fixes
+          - Plugged a leak in eckey_compute_pubkey().
+          - Again allow the magic values -1, -2 and -3 for the salt length
+            of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface.
+          - Fixed a few memory leaks in legacy code.
+        * Documentation
+          - The remaining undocumented public EVP API is now documented.
+          - Reorganization of existing documentation for clarity and accuracy.
+        * Testing and proactive security
+          - Improved regress coverage of the EC code.
+4.0.0 - Stable release
+        * Portable changes
+          - Added initial Emscripten support in CMake builds.
          - Removed timegm() compatibility layer since all uses were replaced
            with OPENSSL_timegm(). Cleaned up the corresponding test harness.
+          - The mips32 platform is no longer actively supported.
+          - Fixed Windows support for dates beyond 2038.
        * Internal improvements
          - Cleaned up parts of the conf directory. Simplified some logic,
            fixed memory leaks.
@@ -66,29 +192,68 @@ LibreSSL Portable Release Notes:
          - Made most error string tables const.
          - Removed handling for SSLv2 client hello messages.
          - Improvements in the openssl(1) speed app's signal handler.
-          - Added support for TLS PRF in the EVP KDF API.
+          - Cleaned up various X509v3_* extension API.
+          - Unified the X.509v3 extension methods.
+          - Cleaned up cipher handling in SSL_SESSION.
+          - Removed get_cipher from SSL_METHOD.
+          - Rewrote CRYPTO_EX_DATA from scratch. The only intentional change of
+            behavior is that there is now a hard limit on the number of indexes
+            that can be allocated.
+          - Removed bogus connect() call from netcat.
+          - Uses of atoi() and strtol() in libcrypto were replaced with
+            strtonum().
+          - Introduced crypto_arch.h which will contain the architecture
+            dependent code and defines rather than the public opensslconf.h.
+          - OPENSSL_cpu_caps() is now architecture independent.
+          - Reorganized the DES implementation to use fewer files and removed
+            optimizations for ancient processors and compilers.
+        * New features
+          - Added CRLfile option to the cms command of openssl(1) to specify
+            additional CRLs for use during verification.
        * Documentation improvements
          - Removed documentation of no longer existing API.
+          - Unified the description of the obsolete ENGINE parameter that
+            needs to remain in many functions and should always be NULL.
        * Testing and proactive security
          - Switched the remaining tests to new certs.
        * Compatibility changes
+          - Protocol parsing in libtls was changed. The unsupported TLSv1.1
+            and TLSv1.0 protocols are ignored and no longer enable or disable
+            TLSv1.2 in surprising ways.
+          - The dangerous EVP_PKEY*_check(3) family of functions was removed.
+            The openssl(1) pkey and pkeyparam commands no longer support the
+            -check and -pubcheck flags.
          - The one-step hashing functions, MD4(), MD5(), RIPEMD160(), SHA1(),
            all SHA-2, and HMAC() no longer support returning a static buffer.
            Callers must pass in a correctly sized buffer.
+          - Support for Whirlpool was removed. Applications still using this
+            should honor OPENSSL_NO_WHIRLPOOL.
          - Removed workaround for F5 middle boxes.
          - Removed the useless pem2.h, a public header that was added since
-            it was too hard to add a prototype to one file.
+            it was too hard to add a single prototype to one file.
+          - Removed conf_api.h and the public API therein.
+          - Removed ssl2.h, ssl23.h and ui_compat.h.
+          - Numerous conf and attribute functions were removed. Some unused
+            types were removed, others were made opaque.
+          - Removed the deprecated HMAC_Init() function.
+          - Removed OPENSSL_load_builtin_modules().
+          - Removed X509_REQ_{get,set}_extension_nids().
+          - X509_check_trust() and was removed, X509_VAL was made opaque.
          - Only specified versions can be set on certs, CRLs and CSRs.
-          - Prepared X509_REQ_{get,set}_extension_nids() for removal.
          - Removed unused PEM_USER and PEM_CTX types from pem.h.
          - Removed typdefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD, STORE,
            STORE_METHOD, and SSL_AEAD_CTX.
          - i2d_ASN1_OBJECT() now returns -1 on error like most other i2d_*.
-          - SPKAC support was removed from openssl(1)
+          - SPKAC support was removed from openssl(1).
          - Added TLS1-PRF support to the EVP interface.
-          - Cleaned up various X509v3_* extension API.
+          - Support for attributes in EVP_PKEYs was removed.
-          - Unified the X.509v3 extension methods.
+          - The X509at_* API is no longer public.
-          - Removed ssl2.h and ssl23.h.
+          - SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest()
+            were added to libssl.
+          - The completely broken UI_UTIL password API was removed.
+          - The OpenSSL pkcs12 command and PKCS12_create() no longer support
+            setting the Microsoft-specific Local Key Set and Cryptographic
+            Service Provider attributes.
        * Bug fixes
          - Made ASN1_TIME_set_string() and ASN1_TIME_set_string_X509() match
            their documentation. They always set an RFC 5280 conformant time.
@@ -115,6 +280,20 @@ LibreSSL Portable Release Notes:
            ALPN callback.
          - Avoid pushing a spurious error onto the error stack in
            ssl_sigalg_select().
+          - Made fatal alerts fatal in QUIC.
+3.9.2 - Stable release
+        * Bugfixes
+          - OpenBSD 7.5 errata 003. A missing bounds check could lead to a crash
+            due to dereferencing a zero-sized allocation.
+3.9.1 - Stable release
+        * Portable changes
+          - Updated tests with expiring certificates
+          - CET-related build fixes for Windows and macOS targets
+          - update libtls linker script to include libssl and libcrypto again
 3.9.0 - Development release
@@ -193,6 +372,13 @@ LibreSSL Portable Release Notes:
            stack.
          - Made in-place decryption work for EVP_chacha20_poly1305().
+3.8.4 - Stable release
+        * Portable changes
+          - Updated tests with expiring certificates
+          - CET-related build fixes for Windows and macOS targets
+          - update libtls linker script to include libssl and libcrypto again
 3.8.3 - Stable release
        * Portable changes

diff --git a/ChangeLog b/ChangeLog index c03ff15..1739cfc 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,7 +1,7 @@
1	Because this project is maintained both in the OpenBSD tree using CVS and in	1	Because this project is maintained both in the OpenBSD tree using CVS and in
2	Git, it can be confusing following all of the changes.	2	Git, it can be confusing following all of the changes.
3		3
4	Most of the libssl and libcrypto source code is is here in OpenBSD CVS:	4	Most of the libssl and libcrypto source code is here in OpenBSD CVS:
5		5
6	https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/	6	https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/
7		7
@@ -28,12 +28,138 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
31	4.0.0 - In development	31	4.2.0 - In development
32		32
33	* Portable changes	33	* Portable changes
34	- Added initial Emscripten support in CMake builds	34	* Internal improvements
		35	- Cleaned up code implementing block cipher modes of operation.
		36	Includes untangling a horrible #ifdef mess and removing a few
		37	instances of undefined behavior.
		38	- Removed assembly implementations of AES using bit slicing (BS-AES)
		39	and vector permutation (VP-AES).
		40	- Integrated AES-NI into the AES API.
		41	- Removed OPENSSL_SMALL_FOOTPRINT and OPENSSL_FIPSAPI.
		42	- Lots of cleanup and removal of code with undefined behavior in
		43	the block cipher modes of operation implementations.
		44	- Implemented constant time EC field element operations to allow
		45	implementing elliptic curve operations without bignum arithmetic.
		46	- Implemented an EC method using homogeneous projective coordinates.
		47	This allows exception-free elliptic curve arithmetic in constant
		48	time.
		49	- Started cleaning up the openssl speed implementation.
		50	- The last SIGILL-based CPU capability detection was removed.
		51	Instead, capabilities are now detected using a constructor on
		52	library load, which improves the incomplete coverage by calls
		53	to OPENSSL_init_crypto() on various entry points.
		54	* Compatibility changes
		55	- Removed the -msie_hack option from the openssl(1) ca subcommand.
		56	- Removed parameters of the 239-bit prime curves from X9.62, H.5.2:
		57	prime239v1, prime239v2, prime239v3.
		58	- Increased default MAC salt length used by PKCS12_set_mac(3) to 16
		59	per recommendation of NIST SP 800-132.
		60	- Encrypted PKCS#8 key files now use a default password-based key
		61	derivation function that is acceptable in the present millenium.
		62	- Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
		63	* New features
		64	- Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0".
		65	* Bug fixes
		66	- Avoid pointer arithmetic on NULL for memory BIOs.
		67	* Documentation
		68	- Rewrote most of the EC documentation from scratch to be at least
		69	somewhat accurate and intelligible.
		70	* Testing and proactive security
		71	- Added a testing framework that will help deduplicating lots of
		72	ad-hoc code in the regression tests.
		73
		74	4.1.0 - Stable release
		75
		76	* Portable changes
		77	- Added initial experimental support for loongarch64.
		78	- Fixed compilation for mips32 and reenable CI.
		79	- Fixed CMake builds on FreeBSD.
		80	- Fixed the --prefix option for cmake --install.
		81	- Fixed tests for MinGW due to missing sh(1).
		82	* Internal improvements
		83	- Cleaned up the error implementation.
		84	- Many bug fixes and simplifications in the EC ASN.1 code.
		85	- Corrected DER encoding for EC keys and parameters.
		86	- Polished EC_POINT_{oct2point,point2oct}() internals.
		87	- Rewrote the wNAF code for fast ECDSA verification.
		88	- Improved the code setting compressed coordinates for EC points.
		89	- Reworked CPU capabilities detection for amd64 and aarch64.
		90	- New SHA-1, SHA-256 and SHA-512 assembly implementations for amd64.
		91	These make use of the SHA-NI instruction if it is available and
		92	replace the perl-generated assembly optimized for museum pieces.
		93	These are not yet enabled in libressl-portable.
		94	- New SHA-256 and SHA-512 assembly implementations for aarch64
		95	making use of the ARM Cryptographic Extension (CE). Not yet
		96	enabled in libressl-portable.
		97	- New simplified, readable MD5 implementation for amd64.
		98	- Rewrote BN_bn2binpad() and its lebin siblings.
		99	- The BIGNUMs in EC_GROUP and EC_POINT are now heap allocated.
		100	- Rewrote TS_ASN1_INTEGER_print_bio().
		101	- Improved bit counter handling in MD5.
		102	- Simplified and cleaned up the BN_RECP_CTX internals.
		103	- Improved SM4 to match other symmetric ciphers more closely.
		104	- Rewrote X509_NAME_oneline() and X509_NAME_print() using CBS/CBB.
		105	- CRLs are now cached in the issuer cache like certificates.
		106	- Replaced combinations of BN_MONT_CTX_new/set with an internal
		107	BN_MONT_CTX_create().
		108	- Replaced BN_bn2hex() reimplementation in openssl(1) ca with
		109	a proper API call.
		110	- Fixed integer overflows due to signed shift in obj_dat.c.
		111	- Improved some X509_VERIFY_PARAM internals and avoid an out of
		112	bounds read from public API.
		113	- Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API).
		114	* Compatibility changes
		115	- Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto().
		116	It has no effect since LibreSSL doesn't call atexit().
		117	- Elliptic curve parameters are only accepted if they encode a
		118	built-in curve.
		119	- EC_METHOD is no longer public and the API exposing it has been
		120	removed. This includes EC_GROUP_new(), EC_GFp_mont_method(),
		121	EC_GROUP_method_of() and EC_METHOD_get_field_type().
		122	- The precomputation stubs for EC_GROUP were removed.
		123	- The API setting Jacobian projective coordinates for a point was
		124	removed as were EC_POINTs_{mul,make_affine}().
		125	- All elliptic curves over fields with less than 224 bits and a
		126	few more were removed from the built-in curves. This includes
		127	all WTLS curves and P-192.
		128	- It is no longer necessary to set RSA_FLAG_SIGN_VER to use the
		129	sign and verify handlers set with RSA_meth_set_{sign,verify}.
		130	- Removed the -C option to generate "C code" from the openssl(1)
		131	dh, dhparam, dsaparam, ecparam, and x509 subcommands.
		132	- Removed #error in headers when OPENSSL_NO_* is defined.
		133	- CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and
		134	CRYPTO_set_mem_ex_functions() was removed.
		135	- The tls_session_secret_cb_fn type now matches OpenSSL 1.1.
		136	- Unexport X509_NAME_print() and X509_OBJECT_up_ref_count().
		137	- const corrected UI_OpenSSL() and BN_MONT_CTX_copy().
		138	- Support OPENSSL_NO_FILENAMES.
		139	- Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
		140	- Export PKCS12_key_gen_uni() again.
		141	* New features
		142	- libtls has a new tls_peer_cert_common_name() API call to retrieve
		143	the peer's common name without having to inspect the PEM.
		144	* Bug fixes
		145	- Plugged a leak in eckey_compute_pubkey().
		146	- Again allow the magic values -1, -2 and -3 for the salt length
		147	of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface.
		148	- Fixed a few memory leaks in legacy code.
		149	* Documentation
		150	- The remaining undocumented public EVP API is now documented.
		151	- Reorganization of existing documentation for clarity and accuracy.
		152	* Testing and proactive security
		153	- Improved regress coverage of the EC code.
		154
		155	4.0.0 - Stable release
		156
		157	* Portable changes
		158	- Added initial Emscripten support in CMake builds.
35	- Removed timegm() compatibility layer since all uses were replaced	159	- Removed timegm() compatibility layer since all uses were replaced
36	with OPENSSL_timegm(). Cleaned up the corresponding test harness.	160	with OPENSSL_timegm(). Cleaned up the corresponding test harness.
		161	- The mips32 platform is no longer actively supported.
		162	- Fixed Windows support for dates beyond 2038.
37	* Internal improvements	163	* Internal improvements
38	- Cleaned up parts of the conf directory. Simplified some logic,	164	- Cleaned up parts of the conf directory. Simplified some logic,
39	fixed memory leaks.	165	fixed memory leaks.
@@ -66,29 +192,68 @@ LibreSSL Portable Release Notes:
66	- Made most error string tables const.	192	- Made most error string tables const.
67	- Removed handling for SSLv2 client hello messages.	193	- Removed handling for SSLv2 client hello messages.
68	- Improvements in the openssl(1) speed app's signal handler.	194	- Improvements in the openssl(1) speed app's signal handler.
69	- Added support for TLS PRF in the EVP KDF API.	195	- Cleaned up various X509v3_* extension API.
		196	- Unified the X.509v3 extension methods.
		197	- Cleaned up cipher handling in SSL_SESSION.
		198	- Removed get_cipher from SSL_METHOD.
		199	- Rewrote CRYPTO_EX_DATA from scratch. The only intentional change of
		200	behavior is that there is now a hard limit on the number of indexes
		201	that can be allocated.
		202	- Removed bogus connect() call from netcat.
		203	- Uses of atoi() and strtol() in libcrypto were replaced with
		204	strtonum().
		205	- Introduced crypto_arch.h which will contain the architecture
		206	dependent code and defines rather than the public opensslconf.h.
		207	- OPENSSL_cpu_caps() is now architecture independent.
		208	- Reorganized the DES implementation to use fewer files and removed
		209	optimizations for ancient processors and compilers.
		210	* New features
		211	- Added CRLfile option to the cms command of openssl(1) to specify
		212	additional CRLs for use during verification.
70	* Documentation improvements	213	* Documentation improvements
71	- Removed documentation of no longer existing API.	214	- Removed documentation of no longer existing API.
		215	- Unified the description of the obsolete ENGINE parameter that
		216	needs to remain in many functions and should always be NULL.
72	* Testing and proactive security	217	* Testing and proactive security
73	- Switched the remaining tests to new certs.	218	- Switched the remaining tests to new certs.
74	* Compatibility changes	219	* Compatibility changes
		220	- Protocol parsing in libtls was changed. The unsupported TLSv1.1
		221	and TLSv1.0 protocols are ignored and no longer enable or disable
		222	TLSv1.2 in surprising ways.
		223	- The dangerous EVP_PKEY*_check(3) family of functions was removed.
		224	The openssl(1) pkey and pkeyparam commands no longer support the
		225	-check and -pubcheck flags.
75	- The one-step hashing functions, MD4(), MD5(), RIPEMD160(), SHA1(),	226	- The one-step hashing functions, MD4(), MD5(), RIPEMD160(), SHA1(),
76	all SHA-2, and HMAC() no longer support returning a static buffer.	227	all SHA-2, and HMAC() no longer support returning a static buffer.
77	Callers must pass in a correctly sized buffer.	228	Callers must pass in a correctly sized buffer.
		229	- Support for Whirlpool was removed. Applications still using this
		230	should honor OPENSSL_NO_WHIRLPOOL.
78	- Removed workaround for F5 middle boxes.	231	- Removed workaround for F5 middle boxes.
79	- Removed the useless pem2.h, a public header that was added since	232	- Removed the useless pem2.h, a public header that was added since
80	it was too hard to add a prototype to one file.	233	it was too hard to add a single prototype to one file.
		234	- Removed conf_api.h and the public API therein.
		235	- Removed ssl2.h, ssl23.h and ui_compat.h.
		236	- Numerous conf and attribute functions were removed. Some unused
		237	types were removed, others were made opaque.
		238	- Removed the deprecated HMAC_Init() function.
		239	- Removed OPENSSL_load_builtin_modules().
		240	- Removed X509_REQ_{get,set}_extension_nids().
		241	- X509_check_trust() and was removed, X509_VAL was made opaque.
81	- Only specified versions can be set on certs, CRLs and CSRs.	242	- Only specified versions can be set on certs, CRLs and CSRs.
82	- Prepared X509_REQ_{get,set}_extension_nids() for removal.
83	- Removed unused PEM_USER and PEM_CTX types from pem.h.	243	- Removed unused PEM_USER and PEM_CTX types from pem.h.
84	- Removed typdefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD, STORE,	244	- Removed typdefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD, STORE,
85	STORE_METHOD, and SSL_AEAD_CTX.	245	STORE_METHOD, and SSL_AEAD_CTX.
86	- i2d_ASN1_OBJECT() now returns -1 on error like most other i2d_*.	246	- i2d_ASN1_OBJECT() now returns -1 on error like most other i2d_*.
87	- SPKAC support was removed from openssl(1)	247	- SPKAC support was removed from openssl(1).
88	- Added TLS1-PRF support to the EVP interface.	248	- Added TLS1-PRF support to the EVP interface.
89	- Cleaned up various X509v3_* extension API.	249	- Support for attributes in EVP_PKEYs was removed.
90	- Unified the X.509v3 extension methods.	250	- The X509at_* API is no longer public.
91	- Removed ssl2.h and ssl23.h.	251	- SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest()
		252	were added to libssl.
		253	- The completely broken UI_UTIL password API was removed.
		254	- The OpenSSL pkcs12 command and PKCS12_create() no longer support
		255	setting the Microsoft-specific Local Key Set and Cryptographic
		256	Service Provider attributes.
92	* Bug fixes	257	* Bug fixes
93	- Made ASN1_TIME_set_string() and ASN1_TIME_set_string_X509() match	258	- Made ASN1_TIME_set_string() and ASN1_TIME_set_string_X509() match
94	their documentation. They always set an RFC 5280 conformant time.	259	their documentation. They always set an RFC 5280 conformant time.
@@ -115,6 +280,20 @@ LibreSSL Portable Release Notes:
115	ALPN callback.	280	ALPN callback.
116	- Avoid pushing a spurious error onto the error stack in	281	- Avoid pushing a spurious error onto the error stack in
117	ssl_sigalg_select().	282	ssl_sigalg_select().
		283	- Made fatal alerts fatal in QUIC.
		284
		285	3.9.2 - Stable release
		286
		287	* Bugfixes
		288	- OpenBSD 7.5 errata 003. A missing bounds check could lead to a crash
		289	due to dereferencing a zero-sized allocation.
		290
		291	3.9.1 - Stable release
		292
		293	* Portable changes
		294	- Updated tests with expiring certificates
		295	- CET-related build fixes for Windows and macOS targets
		296	- update libtls linker script to include libssl and libcrypto again
118		297
119	3.9.0 - Development release	298	3.9.0 - Development release
120		299
@@ -193,6 +372,13 @@ LibreSSL Portable Release Notes:
193	stack.	372	stack.
194	- Made in-place decryption work for EVP_chacha20_poly1305().	373	- Made in-place decryption work for EVP_chacha20_poly1305().
195		374
		375	3.8.4 - Stable release
		376
		377	* Portable changes
		378	- Updated tests with expiring certificates
		379	- CET-related build fixes for Windows and macOS targets
		380	- update libtls linker script to include libssl and libcrypto again
		381
196	3.8.3 - Stable release	382	3.8.3 - Stable release
197		383
198	* Portable changes	384	* Portable changes