1 files changed, 64 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index eccb261..1739cfc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,9 +28,54 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
-4.1.0 - In development
+4.2.0 - In development
        * Portable changes
+        * Internal improvements
+          - Cleaned up code implementing block cipher modes of operation.
+            Includes untangling a horrible #ifdef mess and removing a few
+            instances of undefined behavior.
+          - Removed assembly implementations of AES using bit slicing (BS-AES)
+            and vector permutation (VP-AES).
+          - Integrated AES-NI into the AES API.
+          - Removed OPENSSL_SMALL_FOOTPRINT and OPENSSL_FIPSAPI.
+          - Lots of cleanup and removal of code with undefined behavior in
+            the block cipher modes of operation implementations.
+          - Implemented constant time EC field element operations to allow
+            implementing elliptic curve operations without bignum arithmetic.
+          - Implemented an EC method using homogeneous projective coordinates.
+            This allows exception-free elliptic curve arithmetic in constant
+            time.
+          - Started cleaning up the openssl speed implementation.
+          - The last SIGILL-based CPU capability detection was removed.
+            Instead, capabilities are now detected using a constructor on
+            library load, which improves the incomplete coverage by calls
+            to OPENSSL_init_crypto() on various entry points.
+        * Compatibility changes
+          - Removed the -msie_hack option from the openssl(1) ca subcommand.
+          - Removed parameters of the 239-bit prime curves from X9.62, H.5.2:
+            prime239v1, prime239v2, prime239v3.
+          - Increased default MAC salt length used by PKCS12_set_mac(3) to 16 
+            per recommendation of NIST SP 800-132.
+          - Encrypted PKCS#8 key files now use a default password-based key
+            derivation function that is acceptable in the present millenium.
+          - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
+        * New features
+          - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0".
+        * Bug fixes
+          - Avoid pointer arithmetic on NULL for memory BIOs.
+        * Documentation
+          - Rewrote most of the EC documentation from scratch to be at least
+            somewhat accurate and intelligible.
+        * Testing and proactive security
+          - Added a testing framework that will help deduplicating lots of
+            ad-hoc code in the regression tests.
+4.1.0 - Stable release
+        * Portable changes
+          - Added initial experimental support for loongarch64.
+          - Fixed compilation for mips32 and reenable CI.
          - Fixed CMake builds on FreeBSD.
          - Fixed the --prefix option for cmake --install.
          - Fixed tests for MinGW due to missing sh(1).
@@ -46,8 +91,9 @@ LibreSSL Portable Release Notes:
            These make use of the SHA-NI instruction if it is available and
            replace the perl-generated assembly optimized for museum pieces.
            These are not yet enabled in libressl-portable.
-          - New SHA-256 assembly implementation for aarch64 making use of the
+          - New SHA-256 and SHA-512 assembly implementations for aarch64
-            ARM Cryptographic Extension (CE). Not yet enabled in portable.
+            making use of the ARM Cryptographic Extension (CE). Not yet
+            enabled in libressl-portable.
          - New simplified, readable MD5 implementation for amd64.
          - Rewrote BN_bn2binpad() and its lebin siblings.
          - The BIGNUMs in EC_GROUP and EC_POINT are now heap allocated.
@@ -60,8 +106,11 @@ LibreSSL Portable Release Notes:
          - Replaced combinations of BN_MONT_CTX_new/set with an internal
            BN_MONT_CTX_create().
          - Replaced BN_bn2hex() reimplementation in openssl(1) ca with
-            a poper API call.
+            a proper API call.
          - Fixed integer overflows due to signed shift in obj_dat.c.
+          - Improved some X509_VERIFY_PARAM internals and avoid an out of
+            bounds read from public API.
+          - Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API).
        * Compatibility changes
          - Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto().
            It has no effect since LibreSSL doesn't call atexit().
@@ -70,6 +119,9 @@ LibreSSL Portable Release Notes:
          - EC_METHOD is no longer public and the API exposing it has been
            removed. This includes EC_GROUP_new(), EC_GFp_mont_method(),
            EC_GROUP_method_of() and EC_METHOD_get_field_type().
+          - The precomputation stubs for EC_GROUP were removed.
+          - The API setting Jacobian projective coordinates for a point was
+            removed as were EC_POINTs_{mul,make_affine}().
          - All elliptic curves over fields with less than 224 bits and a
            few more were removed from the built-in curves. This includes
            all WTLS curves and P-192.
@@ -78,25 +130,25 @@ LibreSSL Portable Release Notes:
          - Removed the -C option to generate "C code" from the openssl(1)
            dh, dhparam, dsaparam, ecparam, and x509 subcommands.
          - Removed #error in headers when OPENSSL_NO_* is defined.
-          - EC_METHOD is no longer public and all public API directly using
-            it was removed. This includes EC_GROUP_new(), EC_GFp_mont_method()
-            EC_{GROUP,POINT}_method_of() and EC_METHOD_get_field_type().
-          - The precomputation stubs for EC_GROUP were removed.
-          - The API setting Jacobian projective coordinates for a point was
-            removed as were EC_POINTs_{mul,make_affine}().
          - CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and
            CRYPTO_set_mem_ex_functions() was removed.
-          - X509_NAME_print() and X509_OBJECT_up_ref_count() are no longer public.
+          - The tls_session_secret_cb_fn type now matches OpenSSL 1.1.
+          - Unexport X509_NAME_print() and X509_OBJECT_up_ref_count().
          - const corrected UI_OpenSSL() and BN_MONT_CTX_copy().
          - Support OPENSSL_NO_FILENAMES.
+          - Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
+          - Export PKCS12_key_gen_uni() again.
        * New features
          - libtls has a new tls_peer_cert_common_name() API call to retrieve
            the peer's common name without having to inspect the PEM.
-          - Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API).
        * Bug fixes
          - Plugged a leak in eckey_compute_pubkey().
          - Again allow the magic values -1, -2 and -3 for the salt length
            of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface.
+          - Fixed a few memory leaks in legacy code.
+        * Documentation
+          - The remaining undocumented public EVP API is now documented.
+          - Reorganization of existing documentation for clarity and accuracy.
        * Testing and proactive security
          - Improved regress coverage of the EC code.

diff --git a/ChangeLog b/ChangeLog index eccb261..1739cfc 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,9 +28,54 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
31	4.1.0 - In development	31	4.2.0 - In development
32		32
33	* Portable changes	33	* Portable changes
		34	* Internal improvements
		35	- Cleaned up code implementing block cipher modes of operation.
		36	Includes untangling a horrible #ifdef mess and removing a few
		37	instances of undefined behavior.
		38	- Removed assembly implementations of AES using bit slicing (BS-AES)
		39	and vector permutation (VP-AES).
		40	- Integrated AES-NI into the AES API.
		41	- Removed OPENSSL_SMALL_FOOTPRINT and OPENSSL_FIPSAPI.
		42	- Lots of cleanup and removal of code with undefined behavior in
		43	the block cipher modes of operation implementations.
		44	- Implemented constant time EC field element operations to allow
		45	implementing elliptic curve operations without bignum arithmetic.
		46	- Implemented an EC method using homogeneous projective coordinates.
		47	This allows exception-free elliptic curve arithmetic in constant
		48	time.
		49	- Started cleaning up the openssl speed implementation.
		50	- The last SIGILL-based CPU capability detection was removed.
		51	Instead, capabilities are now detected using a constructor on
		52	library load, which improves the incomplete coverage by calls
		53	to OPENSSL_init_crypto() on various entry points.
		54	* Compatibility changes
		55	- Removed the -msie_hack option from the openssl(1) ca subcommand.
		56	- Removed parameters of the 239-bit prime curves from X9.62, H.5.2:
		57	prime239v1, prime239v2, prime239v3.
		58	- Increased default MAC salt length used by PKCS12_set_mac(3) to 16
		59	per recommendation of NIST SP 800-132.
		60	- Encrypted PKCS#8 key files now use a default password-based key
		61	derivation function that is acceptable in the present millenium.
		62	- Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
		63	* New features
		64	- Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0".
		65	* Bug fixes
		66	- Avoid pointer arithmetic on NULL for memory BIOs.
		67	* Documentation
		68	- Rewrote most of the EC documentation from scratch to be at least
		69	somewhat accurate and intelligible.
		70	* Testing and proactive security
		71	- Added a testing framework that will help deduplicating lots of
		72	ad-hoc code in the regression tests.
		73
		74	4.1.0 - Stable release
		75
		76	* Portable changes
		77	- Added initial experimental support for loongarch64.
		78	- Fixed compilation for mips32 and reenable CI.
34	- Fixed CMake builds on FreeBSD.	79	- Fixed CMake builds on FreeBSD.
35	- Fixed the --prefix option for cmake --install.	80	- Fixed the --prefix option for cmake --install.
36	- Fixed tests for MinGW due to missing sh(1).	81	- Fixed tests for MinGW due to missing sh(1).
@@ -46,8 +91,9 @@ LibreSSL Portable Release Notes:
46	These make use of the SHA-NI instruction if it is available and	91	These make use of the SHA-NI instruction if it is available and
47	replace the perl-generated assembly optimized for museum pieces.	92	replace the perl-generated assembly optimized for museum pieces.
48	These are not yet enabled in libressl-portable.	93	These are not yet enabled in libressl-portable.
49	- New SHA-256 assembly implementation for aarch64 making use of the	94	- New SHA-256 and SHA-512 assembly implementations for aarch64
50	ARM Cryptographic Extension (CE). Not yet enabled in portable.	95	making use of the ARM Cryptographic Extension (CE). Not yet
		96	enabled in libressl-portable.
51	- New simplified, readable MD5 implementation for amd64.	97	- New simplified, readable MD5 implementation for amd64.
52	- Rewrote BN_bn2binpad() and its lebin siblings.	98	- Rewrote BN_bn2binpad() and its lebin siblings.
53	- The BIGNUMs in EC_GROUP and EC_POINT are now heap allocated.	99	- The BIGNUMs in EC_GROUP and EC_POINT are now heap allocated.
@@ -60,8 +106,11 @@ LibreSSL Portable Release Notes:
60	- Replaced combinations of BN_MONT_CTX_new/set with an internal	106	- Replaced combinations of BN_MONT_CTX_new/set with an internal
61	BN_MONT_CTX_create().	107	BN_MONT_CTX_create().
62	- Replaced BN_bn2hex() reimplementation in openssl(1) ca with	108	- Replaced BN_bn2hex() reimplementation in openssl(1) ca with
63	a poper API call.	109	a proper API call.
64	- Fixed integer overflows due to signed shift in obj_dat.c.	110	- Fixed integer overflows due to signed shift in obj_dat.c.
		111	- Improved some X509_VERIFY_PARAM internals and avoid an out of
		112	bounds read from public API.
		113	- Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API).
65	* Compatibility changes	114	* Compatibility changes
66	- Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto().	115	- Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto().
67	It has no effect since LibreSSL doesn't call atexit().	116	It has no effect since LibreSSL doesn't call atexit().
@@ -70,6 +119,9 @@ LibreSSL Portable Release Notes:
70	- EC_METHOD is no longer public and the API exposing it has been	119	- EC_METHOD is no longer public and the API exposing it has been
71	removed. This includes EC_GROUP_new(), EC_GFp_mont_method(),	120	removed. This includes EC_GROUP_new(), EC_GFp_mont_method(),
72	EC_GROUP_method_of() and EC_METHOD_get_field_type().	121	EC_GROUP_method_of() and EC_METHOD_get_field_type().
		122	- The precomputation stubs for EC_GROUP were removed.
		123	- The API setting Jacobian projective coordinates for a point was
		124	removed as were EC_POINTs_{mul,make_affine}().
73	- All elliptic curves over fields with less than 224 bits and a	125	- All elliptic curves over fields with less than 224 bits and a
74	few more were removed from the built-in curves. This includes	126	few more were removed from the built-in curves. This includes
75	all WTLS curves and P-192.	127	all WTLS curves and P-192.
@@ -78,25 +130,25 @@ LibreSSL Portable Release Notes:
78	- Removed the -C option to generate "C code" from the openssl(1)	130	- Removed the -C option to generate "C code" from the openssl(1)
79	dh, dhparam, dsaparam, ecparam, and x509 subcommands.	131	dh, dhparam, dsaparam, ecparam, and x509 subcommands.
80	- Removed #error in headers when OPENSSL_NO_* is defined.	132	- Removed #error in headers when OPENSSL_NO_* is defined.
81	- EC_METHOD is no longer public and all public API directly using
82	it was removed. This includes EC_GROUP_new(), EC_GFp_mont_method()
83	EC_{GROUP,POINT}_method_of() and EC_METHOD_get_field_type().
84	- The precomputation stubs for EC_GROUP were removed.
85	- The API setting Jacobian projective coordinates for a point was
86	removed as were EC_POINTs_{mul,make_affine}().
87	- CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and	133	- CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and
88	CRYPTO_set_mem_ex_functions() was removed.	134	CRYPTO_set_mem_ex_functions() was removed.
89	- X509_NAME_print() and X509_OBJECT_up_ref_count() are no longer public.	135	- The tls_session_secret_cb_fn type now matches OpenSSL 1.1.
		136	- Unexport X509_NAME_print() and X509_OBJECT_up_ref_count().
90	- const corrected UI_OpenSSL() and BN_MONT_CTX_copy().	137	- const corrected UI_OpenSSL() and BN_MONT_CTX_copy().
91	- Support OPENSSL_NO_FILENAMES.	138	- Support OPENSSL_NO_FILENAMES.
		139	- Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
		140	- Export PKCS12_key_gen_uni() again.
92	* New features	141	* New features
93	- libtls has a new tls_peer_cert_common_name() API call to retrieve	142	- libtls has a new tls_peer_cert_common_name() API call to retrieve
94	the peer's common name without having to inspect the PEM.	143	the peer's common name without having to inspect the PEM.
95	- Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API).
96	* Bug fixes	144	* Bug fixes
97	- Plugged a leak in eckey_compute_pubkey().	145	- Plugged a leak in eckey_compute_pubkey().
98	- Again allow the magic values -1, -2 and -3 for the salt length	146	- Again allow the magic values -1, -2 and -3 for the salt length
99	of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface.	147	of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface.
		148	- Fixed a few memory leaks in legacy code.
		149	* Documentation
		150	- The remaining undocumented public EVP API is now documented.
		151	- Reorganization of existing documentation for clarity and accuracy.
100	* Testing and proactive security	152	* Testing and proactive security
101	- Improved regress coverage of the EC code.	153	- Improved regress coverage of the EC code.
102		154