[ANNOUNCE] LibreTLS 3.5.0

[ANNOUNCE] LibreTLS 3.5.0

From: june
This release is based on LibreSSL 3.5.0:

The relevant changes are copied below:

  * Portable Improvements
    - Add libmd as platform specific libraries for Solaris.
      Issue reported from (ihsan <at> opencsw org) on libressl ML.
    - Set IA-64 compiler flag only if it is HP-UX with IA-64.
      Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
  * Bug fixes
    - A long standing memleak in libtls CRL handling was fixed

A release tarball for this version can be downloaded from:

----- Original message -----
From: Brent Cook <busterb@gmail.com>
To: announce@openbsd.org
Cc: libressl@openbsd.org
Subject: LibreSSL 3.5.0 Released
Date: Thursday, February 24, 2022 12:31

We have released LibreSSL 3.5.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is a
development release for the 3.5.x branch, and we appreciate additional testing
and feedback before the final release coming soon with OpenBSD 7.1.

It includes the following changes:

 * New Features
    - The RFC 3779 API was ported from OpenSSL. Many bugs were fixed,
      regression tests were added and the code was cleaned up.
    - Certificate Transparency was ported from OpenSSL. Many internal
      improvements were made, resulting in cleaner and safer code.
      Regress coverage was added. libssl does not yet make use of it.
  * Portable Improvements
    - Fixed various POSIX compliance and other portability issues
      found by the port to the Sortix operating system.
    - Add libmd as platform specific libraries for Solaris.
      Issue reported from (ihsan <at> opencsw org) on libressl ML.
    - Set IA-64 compiler flag only if it is HP-UX with IA-64.
      Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
    - Enabled and scheduled Coverity scan.
      Contributed by Ilya Shipitsin (chipitsine <at> gmail com> on github.
  * Compatibility Changes
    - Most structs that were previously defined in the following headers
      are now opaque as they are in OpenSSL 1.1:
      bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
      x509.h, x509v3.h, x509_vfy.h
    - Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
      OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
      of using something consistent with the previous naming. Various
      test suites expect these names (instead of checking for the much
      more sensible cipher numbers). The old names are still accepted
      as aliases.
    - Subject alternative names and name constraints are now validated
      when they are added to certificates. Various interoperability
      problems with stacks that validate certificates more strictly
      than OpenSSL can be avoided this way.
    - Attempt to opportunistically use the host name for SNI in s_client
  * Bug fixes
    - In some situations, the verifier would discard the error on an
      unvalidated certificate chain. This would happen when the
      verification callback was in use, instructing the verifier to
      continue unconditionally. This could lead to incorrect decisions
      being made in software.
    - Avoid an infinite loop in SSL_shutdown()
    - Fix another return 0 bug in SSL_shutdown()
    - Handle zero byte reads/writes that trigger handshakes in the
      TLSv1.3 stack
    - A long standing memleak in libtls CRL handling was fixed
  * Internal Improvements
    - Cache the SHA-512 hash instead of the SHA-1 hash and cache
      notBefore and notAfter times when X.509 certificates are parsed.
    - The X.509 lookup code has been simplified and cleaned up.
    - Fixed numerous issues flagged by coverity and the cryptofuzz
    - Increased the number of Miller-Rabin checks in DH and DSA
      key/parameter generation
    - Started using the bytestring API in libcrypto for cleaner and
      safer code
    - Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
    - Convert ASN1_OBJECT_new() to calloc()
    - Convert ASN1_STRING_type_new() to calloc()
    - Rewrite ASN1_STRING_cmp()
    - Use calloc() for X509_CRL_METHOD_new() instead of malloc()
    - Convert ASN1_PCTX_new() to calloc()
    - Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a
    - Consolidate {d2i,i2d}_{pr,pu}.c
    - Remove handling of a NULL BUF_MEM from asn1_collect()
    - Pull the recursion depth check up to the top of asn1_collect()
    - Inline collect_data() in asn1_collect()
    - Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB
    - Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN()
    - Consolidate ASN.1 universal tag type data
    - Rewrite ASN.1 identifier/length parsing in CBS
    - Make OBJ_obj2nid() work correctly with NID_undef
    - tlsext_tick_lifetime_hint is now an uint32_t
    - Untangle ssl3_get_message() return values
    - Rename tls13_buffer to tls_buffer
    - Provide a way to determine our maximum legacy version
    - Mop up enc_read_ctx and read_hash
    - Use ssl_force_want_read in the DTLS code
    - Add record processing limit to DTLS code
    - Add explicit CBS_contains_zero_byte() check in CBS_strdup()
    - Improve SNI hostname validation
    - Ensure SSL_set_tlsext_host_name() is given a valid hostname
    - Fix a strange check in the auto DH codepath
    - Factor out/rewrite DHE key exchange
    - Convert server serialisation of DHE parameters/public key to new
    - Check DH public key in ssl_kex_peer_public_dhe()
    - Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
    - Clean up and refactor server side DHE key exchange
    - Provide CBS_get_last_u8()
    - Provide CBS_get_u64()
    - Provide CBS_add_u64()
    - Provide various CBS_peek_* functions
    - Use CBS_get_last_u8() to find the content type in TLSv1.3 records
    - Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack
    - Only allow zero length key shares when we know we're doing HRR
    - Pull key share group/length CBB code up from
    - Refactor ssl3_get_server_kex_ecdhe() to separate parsing and
    - Return 0 on failure from send/get kex functions in the legacy
    - Rename tls13_key_share to tls_key_share
    - Allocate and free the EVP_AEAD_CTX struct in
    - Convert legacy TLS client to tls_key_share
    - Convert legacy TLS server to tls_key_share
    - Stop attempting to duplicate the public and private key of dh_tmp
    - Rename dh_tmp to dhe_params
    - Clean up pkey handling in ssl3_get_server_key_exchange()
    - Fix GOST skip certificate verify handling
    - Simplify tlsext_keyshare_server_parse()
    - Plumb decode errors through key share parsing code
    - Simplify SSL_get_peer_certificate()
    - Cleanup/simplify ssl_cert_type()
    - The S3I macro was removed
    - The openssl(1) cms and smime subcommands option handling was
      converted and the C source was cleaned up.
  * Documentation improvements
    - 45 new manual pages, most of which were written from scratch.
      Documentation coverage of ASN.1 and X.509 code has been
      significantly improved.
  * API additions and removals
    - libssl
      API additions
        SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex
      API stubs for compatibility
        SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets
        SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets
        SSL_get_num_tickets SSL_set_num_tickets
    - libcrypto
      added API (some of these were previously available as macros):
        ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free
        ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new
        ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex
        BIO_get_init BIO_set_callback_ex BIO_set_next
        BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old
        BN_abs_is_word BN_get_flags BN_is_negative
        BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags
        BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free
        CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file
        CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free
        CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key
        CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free
        CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer
        CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time
        CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key
        DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g
        DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q
        ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free
        EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst
        EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data
        EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx
        EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new
        EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup
        EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final
        EVP_MD_meth_set_flags EVP_MD_meth_set_init
        EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size
        EVP_MD_meth_set_update EVP_PKEY_asn1_set_check
        EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check
        EVP_PKEY_check EVP_PKEY_meth_set_check
        EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check
        EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode
        FIPS_mode_set IPAddressChoice_free IPAddressChoice_new
        IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free
        IPAddressOrRange_new IPAddressRange_free IPAddressRange_new
        OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id
        OCSP_resp_get0_produced_at OCSP_resp_get0_respdata
        OCSP_resp_get0_signature OCSP_resp_get0_signer
        OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional
        RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp
        RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q
        SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free
        SCT_get0_extensions SCT_get0_log_id SCT_get0_signature
        SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source
        SCT_get_timestamp SCT_get_validation_status SCT_get_version
        SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions
        SCT_set0_log_id SCT_set0_signature SCT_set1_extensions
        SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type
        SCT_set_signature_nid SCT_set_source SCT_set_timestamp
        SCT_set_version SCT_validate SCT_validation_status_string
        X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey
        X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject
        X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify
        X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain
        X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth
        X509_STORE_CTX_set_verify X509_STORE_get_verify
        X509_STORE_get_verify_cb X509_STORE_set_verify
        X509_get_X509_PUBKEY X509_get_extended_key_usage
        X509_get_extension_flags X509_get_key_usage
        X509v3_addr_add_inherit X509v3_addr_add_prefix
        X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi
        X509v3_addr_get_range X509v3_addr_inherits
        X509v3_addr_is_canonical X509v3_addr_subset
        X509v3_addr_validate_path X509v3_addr_validate_resource_set
        X509v3_asid_add_id_or_range X509v3_asid_add_inherit
        X509v3_asid_canonize X509v3_asid_inherits
        X509v3_asid_is_canonical X509v3_asid_subset
        X509v3_asid_validate_path X509v3_asid_validate_resource_set
        d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers
        d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily
        d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST
        i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers
        i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily
        i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST
        i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT
        i2o_SCT_LIST o2i_SCT o2i_SCT_LIST
    removed API:
        ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss
        EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init
        NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit
        PEM_SealUpdate PEM_read_X509_CERT_PAIR
        PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR
        PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free
        X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb
        asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore
        asn1_enc_save asn1_ex_c2i asn1_get_choice_selector
        asn1_get_field_ptr asn1_set_choice_selector check_defer
        d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET
        i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET
        i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.