diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 23 |
1 files changed, 15 insertions, 8 deletions
| @@ -31,6 +31,8 @@ LibreSSL Portable Release Notes: | |||
| 31 | 4.1.0 - In development | 31 | 4.1.0 - In development |
| 32 | 32 | ||
| 33 | * Portable changes | 33 | * Portable changes |
| 34 | - Added initial experimental support for loongarch64. | ||
| 35 | - Fixed compilation for mips32 and reenable CI. | ||
| 34 | - Fixed CMake builds on FreeBSD. | 36 | - Fixed CMake builds on FreeBSD. |
| 35 | - Fixed the --prefix option for cmake --install. | 37 | - Fixed the --prefix option for cmake --install. |
| 36 | - Fixed tests for MinGW due to missing sh(1). | 38 | - Fixed tests for MinGW due to missing sh(1). |
| @@ -63,6 +65,10 @@ LibreSSL Portable Release Notes: | |||
| 63 | - Replaced BN_bn2hex() reimplementation in openssl(1) ca with | 65 | - Replaced BN_bn2hex() reimplementation in openssl(1) ca with |
| 64 | a poper API call. | 66 | a poper API call. |
| 65 | - Fixed integer overflows due to signed shift in obj_dat.c. | 67 | - Fixed integer overflows due to signed shift in obj_dat.c. |
| 68 | - Fixed a few memory leaks in legacy code. | ||
| 69 | - Improved some X509_VERIFY_PARAM internals and avoid an out of | ||
| 70 | bounds read from public API. | ||
| 71 | - Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API). | ||
| 66 | * Compatibility changes | 72 | * Compatibility changes |
| 67 | - Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto(). | 73 | - Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto(). |
| 68 | It has no effect since LibreSSL doesn't call atexit(). | 74 | It has no effect since LibreSSL doesn't call atexit(). |
| @@ -71,6 +77,9 @@ LibreSSL Portable Release Notes: | |||
| 71 | - EC_METHOD is no longer public and the API exposing it has been | 77 | - EC_METHOD is no longer public and the API exposing it has been |
| 72 | removed. This includes EC_GROUP_new(), EC_GFp_mont_method(), | 78 | removed. This includes EC_GROUP_new(), EC_GFp_mont_method(), |
| 73 | EC_GROUP_method_of() and EC_METHOD_get_field_type(). | 79 | EC_GROUP_method_of() and EC_METHOD_get_field_type(). |
| 80 | - The precomputation stubs for EC_GROUP were removed. | ||
| 81 | - The API setting Jacobian projective coordinates for a point was | ||
| 82 | removed as were EC_POINTs_{mul,make_affine}(). | ||
| 74 | - All elliptic curves over fields with less than 224 bits and a | 83 | - All elliptic curves over fields with less than 224 bits and a |
| 75 | few more were removed from the built-in curves. This includes | 84 | few more were removed from the built-in curves. This includes |
| 76 | all WTLS curves and P-192. | 85 | all WTLS curves and P-192. |
| @@ -79,26 +88,24 @@ LibreSSL Portable Release Notes: | |||
| 79 | - Removed the -C option to generate "C code" from the openssl(1) | 88 | - Removed the -C option to generate "C code" from the openssl(1) |
| 80 | dh, dhparam, dsaparam, ecparam, and x509 subcommands. | 89 | dh, dhparam, dsaparam, ecparam, and x509 subcommands. |
| 81 | - Removed #error in headers when OPENSSL_NO_* is defined. | 90 | - Removed #error in headers when OPENSSL_NO_* is defined. |
| 82 | - EC_METHOD is no longer public and all public API directly using | ||
| 83 | it was removed. This includes EC_GROUP_new(), EC_GFp_mont_method() | ||
| 84 | EC_{GROUP,POINT}_method_of() and EC_METHOD_get_field_type(). | ||
| 85 | - The precomputation stubs for EC_GROUP were removed. | ||
| 86 | - The API setting Jacobian projective coordinates for a point was | ||
| 87 | removed as were EC_POINTs_{mul,make_affine}(). | ||
| 88 | - CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and | 91 | - CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and |
| 89 | CRYPTO_set_mem_ex_functions() was removed. | 92 | CRYPTO_set_mem_ex_functions() was removed. |
| 90 | - X509_NAME_print() and X509_OBJECT_up_ref_count() are no longer public. | 93 | - The tls_session_secret_cb_fn type now matches OpenSSL 1.1. |
| 94 | - Unexport X509_NAME_print() and X509_OBJECT_up_ref_count(). | ||
| 91 | - const corrected UI_OpenSSL() and BN_MONT_CTX_copy(). | 95 | - const corrected UI_OpenSSL() and BN_MONT_CTX_copy(). |
| 92 | - Support OPENSSL_NO_FILENAMES. | 96 | - Support OPENSSL_NO_FILENAMES. |
| 93 | - Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION. | 97 | - Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION. |
| 98 | - Export PKCS12_key_gen_uni() again. | ||
| 94 | * New features | 99 | * New features |
| 95 | - libtls has a new tls_peer_cert_common_name() API call to retrieve | 100 | - libtls has a new tls_peer_cert_common_name() API call to retrieve |
| 96 | the peer's common name without having to inspect the PEM. | 101 | the peer's common name without having to inspect the PEM. |
| 97 | - Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API). | ||
| 98 | * Bug fixes | 102 | * Bug fixes |
| 99 | - Plugged a leak in eckey_compute_pubkey(). | 103 | - Plugged a leak in eckey_compute_pubkey(). |
| 100 | - Again allow the magic values -1, -2 and -3 for the salt length | 104 | - Again allow the magic values -1, -2 and -3 for the salt length |
| 101 | of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface. | 105 | of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface. |
| 106 | * Documentation | ||
| 107 | - The remaining undocumented public EVP API is now documented. | ||
| 108 | Reorganization of existing documentation for clarity and accuracy. | ||
| 102 | * Testing and proactive security | 109 | * Testing and proactive security |
| 103 | - Improved regress coverage of the EC code. | 110 | - Improved regress coverage of the EC code. |
| 104 | 111 | ||