From: Tomas Mraz Date: Tue, 25 Mar 2025 14:19:05 +0000 (+0100) Subject: Update NEWS.md and CHANGES.md for the 3.5 release X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=21f4bd986b7739f24f67270d533412065c7af0fc;p=thirdparty%2Fopenssl.git Update NEWS.md and CHANGES.md for the 3.5 release Reviewed-by: Neil Horman Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/27152) (cherry picked from commit d6ace599edfba7f1487725993531578bfeb9663a) --- diff --git a/CHANGES.md b/CHANGES.md index 28e96ee6707..13c4326de30 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -46,6 +46,21 @@ OpenSSL 3.5 *Hugo Landau, Matt Caswell, Tomáš Mráz, Neil Horman, Sasha Nedvedicky, Andrew Dinh* + * Tolerate PKCS#8 version 2 with optional public keys. The public key data + is currently ignored. + + *Viktor Dukhovni* + + * Signature schemes without an explicit signing digest in CMS are now supported. + Examples of such schemes are ED25519 or ML-DSA. + + *Michael Schroeder* + + * The TLS Signature algorithms defaults now include all three ML-DSA variants as + first algorithms. + + *Viktor Dukhovni* + * Added a `no-tls-deprecated-ec` configuration option. The `no-tls-deprecated-ec` option disables support for TLS elliptic curve @@ -105,18 +120,11 @@ OpenSSL 3.5 *Simo Sorce* - * Initial support for opaque symmetric keys objects. These replace the ad-hoc byte - arrays that are pervasive throughout the library. + * Initial support for opaque symmetric keys objects (EVP_SKEY). These + replace the ad-hoc byte arrays that are pervasive throughout the library. *Dmitry Belyavskiy and Simo Sorce* - * For TLSv1.3: Add capability for a client to send multiple key shares. Extend the scope of - `SSL_OP_CIPHER_SERVER_PREFERENCE` to cover server-side key exchange group selection. - Extend the server-side key exchange group selection algorithm and related group list syntax - to support multiple group priorities, e.g. to prioritize (hybrid-)KEMs. - - *David Kelsey*, *Martin Schmatz* - * The default TLS group list setting is now set to: `?*X25519MLKEM768 / ?*X25519:?secp256r1 / ?X448:?secp384r1:?secp521r1 / ?ffdhe2048:?ffdhe3072` @@ -124,8 +132,20 @@ OpenSSL 3.5 default by the TLS client. GOST groups and FFDHE groups larger than 3072 bits are no longer enabled by default. + The group names in the group list setting are now also case insensitive. + *Viktor Dukhovni* + * For TLSv1.3: Add capability for a client to send multiple key shares. + Extend the scope of `SSL_OP_CIPHER_SERVER_PREFERENCE` to cover + server-side key exchange group selection. + + Extend the server-side key exchange group selection algorithm and related + group list syntax to support multiple group priorities, e.g. to prioritize + (hybrid-)KEMs. + + *David Kelsey*, *Martin Schmatz* + * A new random generation API has been introduced which modifies all of the L family of calls so they are routed through a specific named provider instead of being resolved via the normal DRBG @@ -248,22 +268,52 @@ OpenSSL 3.5 *Pablo De Lara Guarch, Dan Pittman* - * Fix EVP_DecodeUpdate(): do not write padding zeros to the decoded output. + * Fixed EVP_DecodeUpdate() to not write padding zeros to the decoded output. - According to the documentation, - for every 4 valid base64 bytes processed (ignoring whitespace, carriage returns and line feeds), - EVP_DecodeUpdate() produces 3 bytes of binary output data - (except at the end of data terminated with one or two padding characters). - However, the function behaved like an EVP_DecodeBlock(): - produces exactly 3 output bytes for every 4 input bytes. - Such behaviour could cause writes to a non-allocated output buffer - if a user allocates its size based on the documentation and knowing the padding size. + According to the documentation, for every 4 valid base64 bytes processed + (ignoring whitespace, carriage returns and line feeds), EVP_DecodeUpdate() + produces 3 bytes of binary output data (except at the end of data + terminated with one or two padding characters). However, the function + behaved like an EVP_DecodeBlock(). It produced exactly 3 output bytes for + every 4 input bytes. Such behaviour could cause writes to a non-allocated + output buffer if a user allocates its size based on the documentation and + knowing the padding size. - The fix makes EVP_DecodeUpdate() produce - exactly as many output bytes as in the initial non-encoded message. + The fix makes EVP_DecodeUpdate() produce exactly as many output bytes as + in the initial non-encoded message. *Valerii Krygin* + * Added support for aAissuingDistributionPoint, allowedAttributeAssignments, + timeSpecification, attributeDescriptor, roleSpecCertIdentifier, + authorityAttributeIdentifier and attributeMappings X.509v3 extensions. + + *Jonathan M. Wilbur* + + * Added a new CLI option `-provparam` and API functions for setting of + provider configuration parameters. + + *Viktor Dukhovni* + + * Added a new trace category for PROVIDER calls and added new tracing calls + in provider and algorithm fetching API functions. + + *Neil Horman* + + * Fixed benchmarking for AEAD ciphers in the `openssl speed` utility. + + *Mohammed Alhabib* + + * Added a build configuration option `enable-sslkeylog` for enabling support + for SSLKEYLOGFILE environment variable to log TLS connection secrets. + + *Neil Horman* + + * Added EVP_get_default_properties() function to retrieve the current default + property query string. + + *Dmitry Belyavskiy* + OpenSSL 3.4 ----------- diff --git a/NEWS.md b/NEWS.md index 0c74a8bc62d..e3d9935edea 100644 --- a/NEWS.md +++ b/NEWS.md @@ -38,32 +38,37 @@ changes: * Default encryption cipher for the `req`, `cms`, and `smime` applications changed from `des-ede3-cbc` to `aes-256-cbc`. - * The TLS supported groups list has been changed in favor of PQC support. + * The default TLS supported groups list has been changed to include and + prefer hybrid PQC KEM groups. Some practically unused groups were removed + from the default list. * The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519. + * All `BIO_meth_get_*()` functions were deprecated. + This release adds the following new features: * Support for server side QUIC (RFC 9000) - * Support for 3rd party QUIC stacks + * Support for 3rd party QUIC stacks including 0-RTT support + + * Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA) - * Support for PQC algorithms (ML-KEM, ML-DSA, SLH-DSA) + * A new configuration option `no-tls-deprecated-ec` to disable support for + TLS groups deprecated in RFC8422 - * Allow the FIPS provider to optionally use the `JITTER` seed source. - Because this seed source is not part of the OpenSSL FIPS validations, - it should only be enabled after the [jitterentropy-library] has been - assessed for entropy quality. Moreover, the FIPS provider including - this entropy source will need to obtain an [ESV] from the [CMVP] before - FIPS compliance can be claimed. Enable this using the configuration - option `enable-fips-jitter`. + * A new configuration option `enable-fips-jitter` to make the FIPS provider + to use the `JITTER` seed source * Support for central key generation in CMP - * Support added for opaque symmetric key objects (EVP_SKEY). + * Support added for opaque symmetric key objects (EVP_SKEY) + + * Support for multiple TLS keyshares and improved TLS key establishment group + configurability - * Support for multiple TLS keyshares. + * API support for pipelining in provided cipher algorithms OpenSSL 3.4 -----------