1 files changed, 45 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index a5bf928..1739cfc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,7 +28,50 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
-4.1.0 - In development
+4.2.0 - In development
+        * Portable changes
+        * Internal improvements
+          - Cleaned up code implementing block cipher modes of operation.
+            Includes untangling a horrible #ifdef mess and removing a few
+            instances of undefined behavior.
+          - Removed assembly implementations of AES using bit slicing (BS-AES)
+            and vector permutation (VP-AES).
+          - Integrated AES-NI into the AES API.
+          - Removed OPENSSL_SMALL_FOOTPRINT and OPENSSL_FIPSAPI.
+          - Lots of cleanup and removal of code with undefined behavior in
+            the block cipher modes of operation implementations.
+          - Implemented constant time EC field element operations to allow
+            implementing elliptic curve operations without bignum arithmetic.
+          - Implemented an EC method using homogeneous projective coordinates.
+            This allows exception-free elliptic curve arithmetic in constant
+            time.
+          - Started cleaning up the openssl speed implementation.
+          - The last SIGILL-based CPU capability detection was removed.
+            Instead, capabilities are now detected using a constructor on
+            library load, which improves the incomplete coverage by calls
+            to OPENSSL_init_crypto() on various entry points.
+        * Compatibility changes
+          - Removed the -msie_hack option from the openssl(1) ca subcommand.
+          - Removed parameters of the 239-bit prime curves from X9.62, H.5.2:
+            prime239v1, prime239v2, prime239v3.
+          - Increased default MAC salt length used by PKCS12_set_mac(3) to 16 
+            per recommendation of NIST SP 800-132.
+          - Encrypted PKCS#8 key files now use a default password-based key
+            derivation function that is acceptable in the present millenium.
+          - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
+        * New features
+          - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0".
+        * Bug fixes
+          - Avoid pointer arithmetic on NULL for memory BIOs.
+        * Documentation
+          - Rewrote most of the EC documentation from scratch to be at least
+            somewhat accurate and intelligible.
+        * Testing and proactive security
+          - Added a testing framework that will help deduplicating lots of
+            ad-hoc code in the regression tests.
+4.1.0 - Stable release
        * Portable changes
          - Added initial experimental support for loongarch64.
@@ -63,7 +106,7 @@ LibreSSL Portable Release Notes:
          - Replaced combinations of BN_MONT_CTX_new/set with an internal
            BN_MONT_CTX_create().
          - Replaced BN_bn2hex() reimplementation in openssl(1) ca with
-            a poper API call.
+            a proper API call.
          - Fixed integer overflows due to signed shift in obj_dat.c.
          - Improved some X509_VERIFY_PARAM internals and avoid an out of
            bounds read from public API.

diff --git a/ChangeLog b/ChangeLog index a5bf928..1739cfc 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,7 +28,50 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
31	4.1.0 - In development	31	4.2.0 - In development
		32
		33	* Portable changes
		34	* Internal improvements
		35	- Cleaned up code implementing block cipher modes of operation.
		36	Includes untangling a horrible #ifdef mess and removing a few
		37	instances of undefined behavior.
		38	- Removed assembly implementations of AES using bit slicing (BS-AES)
		39	and vector permutation (VP-AES).
		40	- Integrated AES-NI into the AES API.
		41	- Removed OPENSSL_SMALL_FOOTPRINT and OPENSSL_FIPSAPI.
		42	- Lots of cleanup and removal of code with undefined behavior in
		43	the block cipher modes of operation implementations.
		44	- Implemented constant time EC field element operations to allow
		45	implementing elliptic curve operations without bignum arithmetic.
		46	- Implemented an EC method using homogeneous projective coordinates.
		47	This allows exception-free elliptic curve arithmetic in constant
		48	time.
		49	- Started cleaning up the openssl speed implementation.
		50	- The last SIGILL-based CPU capability detection was removed.
		51	Instead, capabilities are now detected using a constructor on
		52	library load, which improves the incomplete coverage by calls
		53	to OPENSSL_init_crypto() on various entry points.
		54	* Compatibility changes
		55	- Removed the -msie_hack option from the openssl(1) ca subcommand.
		56	- Removed parameters of the 239-bit prime curves from X9.62, H.5.2:
		57	prime239v1, prime239v2, prime239v3.
		58	- Increased default MAC salt length used by PKCS12_set_mac(3) to 16
		59	per recommendation of NIST SP 800-132.
		60	- Encrypted PKCS#8 key files now use a default password-based key
		61	derivation function that is acceptable in the present millenium.
		62	- Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
		63	* New features
		64	- Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0".
		65	* Bug fixes
		66	- Avoid pointer arithmetic on NULL for memory BIOs.
		67	* Documentation
		68	- Rewrote most of the EC documentation from scratch to be at least
		69	somewhat accurate and intelligible.
		70	* Testing and proactive security
		71	- Added a testing framework that will help deduplicating lots of
		72	ad-hoc code in the regression tests.
		73
		74	4.1.0 - Stable release
32		75
33	* Portable changes	76	* Portable changes
34	- Added initial experimental support for loongarch64.	77	- Added initial experimental support for loongarch64.
@@ -63,7 +106,7 @@ LibreSSL Portable Release Notes:
63	- Replaced combinations of BN_MONT_CTX_new/set with an internal	106	- Replaced combinations of BN_MONT_CTX_new/set with an internal
64	BN_MONT_CTX_create().	107	BN_MONT_CTX_create().
65	- Replaced BN_bn2hex() reimplementation in openssl(1) ca with	108	- Replaced BN_bn2hex() reimplementation in openssl(1) ca with
66	a poper API call.	109	a proper API call.
67	- Fixed integer overflows due to signed shift in obj_dat.c.	110	- Fixed integer overflows due to signed shift in obj_dat.c.
68	- Improved some X509_VERIFY_PARAM internals and avoid an out of	111	- Improved some X509_VERIFY_PARAM internals and avoid an out of
69	bounds read from public API.	112	bounds read from public API.