This release is based on LibreSSL 3.5.0:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt
The relevant changes are copied below:
* Portable Improvements
- Add libmd as platform specific libraries for Solaris.
Issue reported from (ihsan <at> opencsw org) on libressl ML.
- Set IA-64 compiler flag only if it is HP-UX with IA-64.
Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
* Bug fixes
- A long standing memleak in libtls CRL handling was fixed
A release tarball for this version can be downloaded from:
https://causal.agency/libretls/libretls-3.5.0.tar.gz
----- Original message -----
From: Brent Cook <busterb@gmail.com>
To: announce@openbsd.org
Cc: libressl@openbsd.org
Subject: LibreSSL 3.5.0 Released
Date: Thursday, February 24, 2022 12:31
We have released LibreSSL 3.5.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is a
development release for the 3.5.x branch, and we appreciate additional testing
and feedback before the final release coming soon with OpenBSD 7.1.
It includes the following changes:
* New Features
- The RFC 3779 API was ported from OpenSSL. Many bugs were fixed,
regression tests were added and the code was cleaned up.
- Certificate Transparency was ported from OpenSSL. Many internal
improvements were made, resulting in cleaner and safer code.
Regress coverage was added. libssl does not yet make use of it.
* Portable Improvements
- Fixed various POSIX compliance and other portability issues
found by the port to the Sortix operating system.
- Add libmd as platform specific libraries for Solaris.
Issue reported from (ihsan <at> opencsw org) on libressl ML.
- Set IA-64 compiler flag only if it is HP-UX with IA-64.
Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
- Enabled and scheduled Coverity scan.
Contributed by Ilya Shipitsin (chipitsine <at> gmail com> on github.
* Compatibility Changes
- Most structs that were previously defined in the following headers
are now opaque as they are in OpenSSL 1.1:
bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
x509.h, x509v3.h, x509_vfy.h
- Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
of using something consistent with the previous naming. Various
test suites expect these names (instead of checking for the much
more sensible cipher numbers). The old names are still accepted
as aliases.
- Subject alternative names and name constraints are now validated
when they are added to certificates. Various interoperability
problems with stacks that validate certificates more strictly
than OpenSSL can be avoided this way.
- Attempt to opportunistically use the host name for SNI in s_client
* Bug fixes
- In some situations, the verifier would discard the error on an
unvalidated certificate chain. This would happen when the
verification callback was in use, instructing the verifier to
continue unconditionally. This could lead to incorrect decisions
being made in software.
- Avoid an infinite loop in SSL_shutdown()
- Fix another return 0 bug in SSL_shutdown()
- Handle zero byte reads/writes that trigger handshakes in the
TLSv1.3 stack
- A long standing memleak in libtls CRL handling was fixed
* Internal Improvements
- Cache the SHA-512 hash instead of the SHA-1 hash and cache
notBefore and notAfter times when X.509 certificates are parsed.
- The X.509 lookup code has been simplified and cleaned up.
- Fixed numerous issues flagged by coverity and the cryptofuzz
project
- Increased the number of Miller-Rabin checks in DH and DSA
key/parameter generation
- Started using the bytestring API in libcrypto for cleaner and
safer code
- Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
ASN1
- Convert ASN1_OBJECT_new() to calloc()
- Convert ASN1_STRING_type_new() to calloc()
- Rewrite ASN1_STRING_cmp()
- Use calloc() for X509_CRL_METHOD_new() instead of malloc()
- Convert ASN1_PCTX_new() to calloc()
- Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a
function
- Consolidate {d2i,i2d}_{pr,pu}.c
- Remove handling of a NULL BUF_MEM from asn1_collect()
- Pull the recursion depth check up to the top of asn1_collect()
- Inline collect_data() in asn1_collect()
- Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB
- Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN()
- Consolidate ASN.1 universal tag type data
- Rewrite ASN.1 identifier/length parsing in CBS
- Make OBJ_obj2nid() work correctly with NID_undef
- tlsext_tick_lifetime_hint is now an uint32_t
- Untangle ssl3_get_message() return values
- Rename tls13_buffer to tls_buffer
- Fold DTLS_STATE_INTERNAL into DTLS1_STATE
- Provide a way to determine our maximum legacy version
- Mop up enc_read_ctx and read_hash
- Fold SSL_SESSION_INTERNAL into SSL_SESSION
- Use ssl_force_want_read in the DTLS code
- Add record processing limit to DTLS code
- Add explicit CBS_contains_zero_byte() check in CBS_strdup()
- Improve SNI hostname validation
- Ensure SSL_set_tlsext_host_name() is given a valid hostname
- Fix a strange check in the auto DH codepath
- Factor out/rewrite DHE key exchange
- Convert server serialisation of DHE parameters/public key to new
functions
- Check DH public key in ssl_kex_peer_public_dhe()
- Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
- Clean up and refactor server side DHE key exchange
- Provide CBS_get_last_u8()
- Provide CBS_get_u64()
- Provide CBS_add_u64()
- Provide various CBS_peek_* functions
- Use CBS_get_last_u8() to find the content type in TLSv1.3 records
- unifdef TLS13_USE_LEGACY_CLIENT_AUTH
- Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack
- Only allow zero length key shares when we know we're doing HRR
- Pull key share group/length CBB code up from
tls13_key_share_public()
- Refactor ssl3_get_server_kex_ecdhe() to separate parsing and
validation
- Return 0 on failure from send/get kex functions in the legacy
stack
- Rename tls13_key_share to tls_key_share
- Allocate and free the EVP_AEAD_CTX struct in
tls13_record_protection
- Convert legacy TLS client to tls_key_share
- Convert legacy TLS server to tls_key_share
- Stop attempting to duplicate the public and private key of dh_tmp
- Rename dh_tmp to dhe_params
- Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY
- Clean up pkey handling in ssl3_get_server_key_exchange()
- Fix GOST skip certificate verify handling
- Simplify tlsext_keyshare_server_parse()
- Plumb decode errors through key share parsing code
- Simplify SSL_get_peer_certificate()
- Cleanup/simplify ssl_cert_type()
- The S3I macro was removed
- The openssl(1) cms and smime subcommands option handling was
converted and the C source was cleaned up.
* Documentation improvements
- 45 new manual pages, most of which were written from scratch.
Documentation coverage of ASN.1 and X.509 code has been
significantly improved.
* API additions and removals
- libssl
API additions
SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex
API stubs for compatibility
SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets
SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets
SSL_get_num_tickets SSL_set_num_tickets
- libcrypto
added API (some of these were previously available as macros):
ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free
ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new
ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex
BIO_get_init BIO_set_callback_ex BIO_set_next
BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old
BN_abs_is_word BN_get_flags BN_is_negative
BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags
BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free
CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file
CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free
CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key
CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free
CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer
CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time
CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert
CT_POLICY_EVAL_CTX_set1_issuer
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE
CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key
DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g
DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q
ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free
EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst
EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data
EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx
EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new
EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup
EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final
EVP_MD_meth_set_flags EVP_MD_meth_set_init
EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size
EVP_MD_meth_set_update EVP_PKEY_asn1_set_check
EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check
EVP_PKEY_check EVP_PKEY_meth_set_check
EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check
EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode
FIPS_mode_set IPAddressChoice_free IPAddressChoice_new
IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free
IPAddressOrRange_new IPAddressRange_free IPAddressRange_new
OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id
OCSP_resp_get0_produced_at OCSP_resp_get0_respdata
OCSP_resp_get0_signature OCSP_resp_get0_signer
OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional
RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp
RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q
SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free
SCT_get0_extensions SCT_get0_log_id SCT_get0_signature
SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source
SCT_get_timestamp SCT_get_validation_status SCT_get_version
SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions
SCT_set0_log_id SCT_set0_signature SCT_set1_extensions
SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type
SCT_set_signature_nid SCT_set_source SCT_set_timestamp
SCT_set_version SCT_validate SCT_validation_status_string
X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey
X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject
X509_STORE_CTX_get_num_untrusted
X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify
X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain
X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth
X509_STORE_CTX_set_verify X509_STORE_get_verify
X509_STORE_get_verify_cb X509_STORE_set_verify
X509_get_X509_PUBKEY X509_get_extended_key_usage
X509_get_extension_flags X509_get_key_usage
X509v3_addr_add_inherit X509v3_addr_add_prefix
X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi
X509v3_addr_get_range X509v3_addr_inherits
X509v3_addr_is_canonical X509v3_addr_subset
X509v3_addr_validate_path X509v3_addr_validate_resource_set
X509v3_asid_add_id_or_range X509v3_asid_add_inherit
X509v3_asid_canonize X509v3_asid_inherits
X509v3_asid_is_canonical X509v3_asid_subset
X509v3_asid_validate_path X509v3_asid_validate_resource_set
d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers
d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily
d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST
i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers
i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily
i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST
i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT
i2o_SCT_LIST o2i_SCT o2i_SCT_LIST
removed API:
ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss
EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init
NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new
NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free
NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit
PEM_SealUpdate PEM_read_X509_CERT_PAIR
PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR
PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free
X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb
asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore
asn1_enc_save asn1_ex_c2i asn1_get_choice_selector
asn1_get_field_ptr asn1_set_choice_selector check_defer
d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY
d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET
d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY
i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET
i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.