Commit 78f65b1e09 for openssl.org
commit 78f65b1e09132b0170cd56e8d5758912754c470c
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date: Tue Apr 14 11:10:32 2026 +0200
CHANGES.md, NEWS.md: updates for 4.0.0 final release
NEWS.md is amended to include the following PRs:
* https://github.com/openssl/openssl/pull/28305
"Replace homebrewed implementation of *printf*() functions with libc"
* https://github.com/openssl/openssl/pull/29299
"Remove support for custom EVP_CIPHERs"
* https://github.com/openssl/openssl/pull/29366
"Remove support for custom EVP_MDs"
* https://github.com/openssl/openssl/pull/29384
"Remove support for custom EVP_PKEY_METHODs"
* https://github.com/openssl/openssl/pull/30128
"Removes fixed version TLS methods."
* https://github.com/openssl/openssl/pull/29405
"Remove support EVP_PKEY_ASN1_METHODs from the public API"
Overall, CHANGES.md includes the following:
* https://github.com/openssl/openssl/pull/8136
"Remove spurious '00:' printing RSA/DSA/DH/EC key material with leading bit
set in unsigned BN"
* https://github.com/openssl/openssl/pull/17495
"4.0: `X509_ALGOR_set_md()`: Add return value to indicate success or failure"
* https://github.com/openssl/openssl/pull/18229
"public API: Remove needless `const` from scalar types"
* https://github.com/openssl/openssl/pull/22304
"4.0: crypto/{CMS,PKCS7,OCSP,TS,X509}: constify cert list parameters"
* https://github.com/openssl/openssl/pull/24551
"Enable RFC 7919 FFDHE groups for TLS 1.2 server"
* https://github.com/openssl/openssl/pull/24738
"add ech-api.md"
* https://github.com/openssl/openssl/pull/25193
"ECH build artefacts and a bit of code"
* https://github.com/openssl/openssl/pull/25420
"ECH CLI implementation"
* https://github.com/openssl/openssl/pull/25663
"ECH external APIs"
* https://github.com/openssl/openssl/pull/25991
"preserve data constness when getting issuer name's and subject's hash"
* https://github.com/openssl/openssl/pull/26011
"ECH client side"
* https://github.com/openssl/openssl/pull/27397
"create SSL_listen_ex api"
* https://github.com/openssl/openssl/pull/27431
"fips: Enforce lower bounds checks for password protected files when using
FIPS providers, by default"
* https://github.com/openssl/openssl/pull/27540
"ECH client sending mulitple key shares"
* https://github.com/openssl/openssl/pull/27561
"ECH both sides now"
* https://github.com/openssl/openssl/pull/27776
"Introduce the PACKET_msg_start() function"
* https://github.com/openssl/openssl/pull/28033
"Constify further X509 functions; remove OSSL_FUTURE_CONST"
* https://github.com/openssl/openssl/pull/28041
"Remove support for SSLv2 Client Hello"
* https://github.com/openssl/openssl/pull/28108
"Add a way to cleanse params arrays"
* https://github.com/openssl/openssl/pull/28160
"New options for reading MAC key from environment variable, file and standard
input were added."
* https://github.com/openssl/openssl/pull/28270
"s_client and s_server command line options for ECH (plus some wndows
CI fixes)"
* https://github.com/openssl/openssl/pull/28278
"Implementing store support for EVP_SKEY"
* https://github.com/openssl/openssl/pull/28305
"Replace homebrewed implementation of *printf*() functions with libc"
* https://github.com/openssl/openssl/pull/28432
"Add support for CSHAKE."
* https://github.com/openssl/openssl/pull/28445
"Updated s_server's verify_return_error option to enable peer verification"
* https://github.com/openssl/openssl/pull/28535
"Print PowerPC CPUINFO"
* https://github.com/openssl/openssl/pull/28623
"Combining time validation with comparison return values considered harmful"
* https://github.com/openssl/openssl/pull/28837
"Add support to serialize/deserialize digest state for export/import"
* https://github.com/openssl/openssl/pull/29018
"CRL: Validate Certificate Issuer extension with IDP Indirect=TRUE"
* https://github.com/openssl/openssl/pull/29057
"Avoid empty AKID/SKID extensions in CSRs and certs"
* https://github.com/openssl/openssl/pull/29107
"CRL: Enforce proper handling of ASN1_TIME validation results"
* https://github.com/openssl/openssl/pull/29116
"info: Print CPUINFO for SPARCv9 processors"
* https://github.com/openssl/openssl/pull/29152
"Add new public API for checking certificate times."
* https://github.com/openssl/openssl/pull/29187
"Remove the ASN1_STRING_FLAG_X509_TIME flag"
* https://github.com/openssl/openssl/pull/29195
"Add SNMPKDF implementation"
* https://github.com/openssl/openssl/pull/29200
"Add tests and documentation and fix some issues resulting"
* https://github.com/openssl/openssl/pull/29206
"Per-key encoding formats for ML-KEM and ML-DSA"
* https://github.com/openssl/openssl/pull/29222
"Implementation of Deferred FIPS Self-Tests"
* https://github.com/openssl/openssl/pull/29223
"ML-DSA: Add a digest that can calculate external mu."
* https://github.com/openssl/openssl/pull/29230
"doc/man3: Add OPENSSL_ppccap.pod
* https://github.com/openssl/openssl/pull/29266
"make PEM hexdump width a multiple of 8 bytes"
* https://github.com/openssl/openssl/pull/29299
"Remove support for custom EVP_CIPHERs"
* https://github.com/openssl/openssl/pull/29305
"Feature/engineremoval"
* https://github.com/openssl/openssl/pull/29311
"Documentation for BIO flags and related functions"
* https://github.com/openssl/openssl/pull/29338
"merge feature/removesslv3"
* https://github.com/openssl/openssl/pull/29366
"Remove support for custom EVP_MDs"
* https://github.com/openssl/openssl/pull/29380
"Remove crypto-mdebug-backtrace option from config"
* https://github.com/openssl/openssl/pull/29381
" Added LMS support for OpenSSL commandline signature verification using
pkeyutl."
* https://github.com/openssl/openssl/pull/29384
"Remove support for custom EVP_PKEY_METHODs"
* https://github.com/openssl/openssl/pull/29385
"Atexit.final draft.cleanup"
* https://github.com/openssl/openssl/pull/29387
"Add ASN1_BIT_STRING_get_length()"
* https://github.com/openssl/openssl/pull/29405
"Remove support EVP_PKEY_ASN1_METHODs from the public API"
* https://github.com/openssl/openssl/pull/29427
"Remove the c_rehash script"
* https://github.com/openssl/openssl/pull/29428
"Constify return value of X509_get_X509_PUBKEY()"
* https://github.com/openssl/openssl/pull/29435
"Add SRTP KDF"
* https://github.com/openssl/openssl/pull/29445
"Remove BIO_f_reliable() as it is broken"
* https://github.com/openssl/openssl/pull/29465
"Constify X509_get_ext() and friends.."
* https://github.com/openssl/openssl/pull/29468
"constify X509_NAME."
* https://github.com/openssl/openssl/pull/29488
"Constify the X509_STORE_CTX argument to the lookup_certs functions."
* https://github.com/openssl/openssl/pull/29576
"KDF: Add configuration options to disable many of the KDF algorithms."
* https://github.com/openssl/openssl/pull/29612
"Support multiple names for certificate verification"
* https://github.com/openssl/openssl/pull/29635
"SSL_CTX_is_server() was added"
* https://github.com/openssl/openssl/pull/29639
"Disabling explicit EC curves encoding"
* https://github.com/openssl/openssl/pull/29640
"add thunking for compare function to OPENSSL_STACK"
* https://github.com/openssl/openssl/pull/29646
"Added SSL_CTX_get0_alpn_protos() and SSL_get0_alpn_protos()"
* https://github.com/openssl/openssl/pull/29653
"Drop darwin-i386(-cc) targets from Configurations"
* https://github.com/openssl/openssl/pull/29658
"Disable support of weak elliptic curves in TLS by default"
* https://github.com/openssl/openssl/pull/29672
"Drop darwin-ppc{,64} targets"
* https://github.com/openssl/openssl/pull/29721
"Make OPENSSL_cleanup() G A"
* https://github.com/openssl/openssl/pull/29813
"Make X509_ATTRIBUTE accessor functions const-correct"
* https://github.com/openssl/openssl/pull/29862
"Make ASN1_STRING opaque"
* https://github.com/openssl/openssl/pull/29874
"Take OPENSSL_atexit() for a walk behind the barn."
* https://github.com/openssl/openssl/pull/29926
"Provide ASN1_BIT_STRING_set1()"
* https://github.com/openssl/openssl/pull/29953
"Support for RFC8998 `sm2sig_sm3`, `curveSM2` and its ML-KEM-768 hybrid."
* https://github.com/openssl/openssl/pull/29971
"X509: apply AKID verification checks when X509_V_FLAG_X509_STRICT is set"
* https://github.com/openssl/openssl/pull/29982
"Improved reporting of shared and peer sigalgs"
* https://github.com/openssl/openssl/pull/29991
"Fix of SSL_get_error() so that it no longer depends on the state
of the error stack"
* https://github.com/openssl/openssl/pull/29995
"Add abilty to use static vcruntime"
* https://github.com/openssl/openssl/pull/30005
"Make ERR_STATE opaque and remove related deprecated functions"
* https://github.com/openssl/openssl/pull/30011
"Deprecate ASN1_OBJECT_new()."
* https://github.com/openssl/openssl/pull/30020
"Const correct time parameter for X509_cmp_time(), X509_time_adj()
and X509_time_adj_ex()."
* https://github.com/openssl/openssl/pull/30024
"CRL: reject malformed CRL Number and CRL Delta Indicator"
* https://github.com/openssl/openssl/pull/30028
"Add TLS 1.3 SM ciphersuites"
* https://github.com/openssl/openssl/pull/30031
"Mostly deprecated is slightly not deprecated...."
* https://github.com/openssl/openssl/pull/30033
"Remove the "msie-hack" option from openssl ca"
* https://github.com/openssl/openssl/pull/30034
"Use the appropriate libctx when executing CMS_SignerInfo_verify"
* https://github.com/openssl/openssl/pull/30035
"Constify X509_verify"
* https://github.com/openssl/openssl/pull/30036
"Constify more X509 arguments and return values"
* https://github.com/openssl/openssl/pull/30044
"Added BIO_set_send_flags() function to set flags passed to send(),
sendto(), and sendmsg()"
* https://github.com/openssl/openssl/pull/30048
"change from I-D to RFC 9849 and resolve TODO(ECH) cases"
* https://github.com/openssl/openssl/pull/30053
"Constify NAME_CONSTRAINTS_check and NAME_CONSTRAINTS_check_CN"
* https://github.com/openssl/openssl/pull/30054
"Consity X509_add_cert and X509_self_signed"
* https://github.com/openssl/openssl/pull/30055
"Constify various functions that were non const due to extension cache"
* https://github.com/openssl/openssl/pull/30056
"Constify X509_build_chain"
* https://github.com/openssl/openssl/pull/30058
"Constify X509_chain_check_suiteb"
* https://github.com/openssl/openssl/pull/30067
"Constify X509_check_issued and friends"
* https://github.com/openssl/openssl/pull/30071
"constify X509_check_trust, X509_TRUST_add"
* https://github.com/openssl/openssl/pull/30072
"Constify X509_to_X509_REQ and X509_REQ_to_X509"
* https://github.com/openssl/openssl/pull/30073
"Constify X509_print_fp and X509_print_ex_fp"
* https://github.com/openssl/openssl/pull/30074
"Constify X509_STORE_add_cert()"
* https://github.com/openssl/openssl/pull/30076
"Constify X509_STORE_CTX functions invoving X509 *"
* https://github.com/openssl/openssl/pull/30079
"Constify X509_CRL_get0_by_cert"
* https://github.com/openssl/openssl/pull/30080
"Constify X509v3_asid_validate_resource_set
and X509v3_addr_validate_resource_set"
* https://github.com/openssl/openssl/pull/30082
"Constify X509_REQ_get1_email, X509_get1_email and X509_get1_ocsp."
* https://github.com/openssl/openssl/pull/30084
"Constify X509_issuer_and_serial_hash"
* https://github.com/openssl/openssl/pull/30089
"Added -expected-rpks s_client/server option"
* https://github.com/openssl/openssl/pull/30090
"Constify X509_CRL_get0_by_cert"
* https://github.com/openssl/openssl/pull/30092
"constify X509_find_by_issuer_and_serial"
* https://github.com/openssl/openssl/pull/30096
"Constify X509_find_by_subject"
* https://github.com/openssl/openssl/pull/30098
"Add a changes entry for the x509 time function changes"
* https://github.com/openssl/openssl/pull/30113
"Add keyshare floating"
* https://github.com/openssl/openssl/pull/30117
"Constify X509_OBJECT_[get0|set1]_X509 and friends"
* https://github.com/openssl/openssl/pull/30127
"Constify a bunch of seldom used X509 functions. "
* https://github.com/openssl/openssl/pull/30128
"Removes fixed version TLS methods."
* https://github.com/openssl/openssl/pull/30140
"Ensure TLS 1.3 ciphersuites are actually for TLS 1.3"
* https://github.com/openssl/openssl/pull/30171
"CRL: Reject CRLs with malformed Issuing Distribution Point"
* https://github.com/openssl/openssl/pull/30200
"Remove remnant SSL_FIPS flag"
* https://github.com/openssl/openssl/pull/30229
"X509 returned by X509_REQ_to_X509() should not be (const ...)"
* https://github.com/openssl/openssl/pull/30235
"Make X509_up_ref and X509_free take const X509 *"
* https://github.com/openssl/openssl/pull/30249
"x509: remove erroneous critical extension enforcement"
* https://github.com/openssl/openssl/pull/30252
"Some more X509 extension add/del polish"
* https://github.com/openssl/openssl/pull/30263
"Restrict the number of keyshares/groups/sigalgs a server is willing
to accept"
* https://github.com/openssl/openssl/pull/30265
"Unconstify X509_find_by_issuer_and_serial() and X509_find_by_subject()"
* https://github.com/openssl/openssl/pull/30272
"Partially revert "Constify X509_STORE_CTX functions invoving X509
*""
* https://github.com/openssl/openssl/pull/30273
"Revert "Make X509_up_ref and X509_free take const X509 *""
* https://github.com/openssl/openssl/pull/30276
"Un-constify X509_OBJECT_get0_X509 and X509_OBJECT_set1_X509"
The changes associated with these PRs are already mentioned in 3.6.x changes:
* https://github.com/openssl/openssl/pull/28760
"Improve the CPUINFO display for RISC-V"
* https://github.com/openssl/openssl/pull/28797
"Fix regression when X509_V_FLAG_CRL_CHECK_ALL is set"
* https://github.com/openssl/openssl/pull/28955
"Fix for TLS handshake issue with GnuTLS #28902"
* https://github.com/openssl/openssl/pull/29155
"fix(x509.c): fixed -checkend return values"
* https://github.com/openssl/openssl/pull/29214
"s390x: Check and fail on invalid malformed ECDSA signatures"
* https://github.com/openssl/openssl/pull/29242
"Clang format head"
* https://github.com/openssl/openssl/pull/29251
"Fix change of behavior of the single stapled OCSP response API"
* https://github.com/openssl/openssl/pull/30204
"Fix detection of plaintext HTTP over TLS"
* https://github.com/openssl/openssl/pull/30384
"Fix #19891 CONNECT request for IPv6 targets in OSSL_HTTP_proxy_connect"
* https://github.com/openssl/openssl/pull/30557
"re-constructorize the cpuid stuff, but fix riscv to not depend
on BIO_snprintf."
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Original-PR: https://github.com/openssl/openssl/pull/30817)
Original-Commit: 8fba5d0d9c64 "CHANGES.md, NEWS.md: updates for 4.0.0 final release"
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Sun Apr 26 13:17:07 2026
(Merged from https://github.com/openssl/openssl/pull/30847)
diff --git a/CHANGES.md b/CHANGES.md
index a4c2185ab0..049c0e7288 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -119,16 +119,19 @@ OpenSSL Releases
and `openssl s_server` commands. This makes it possible to specify
one or more public keys expected from the remote peer that are then used
to authenticate the connection.
+ <!-- https://github.com/openssl/openssl/pull/30089 -->
*Viktor Dukhovni*
* Added `-hmac-env` and `-hmac-stdin` options to `openssl dgst` command.
+ <!-- https://github.com/openssl/openssl/pull/28160 -->
*Igor Ustinov*
* Added LMS support for signature verification to `openssl pkeyutl` command.
To enable this, LMS `SubjectPublicKeyInfo` encoder and decoders were
added, and the LMS keymanager and signature code were updated.
+ <!-- https://github.com/openssl/openssl/pull/29381 -->
*Shane Lontis*
@@ -150,6 +153,8 @@ OpenSSL Releases
Signature Algorithms: mldsa65:mldsa87:mldsa44:ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512:ed25519:ed448:ecdsa_brainpoolP256r1tls13_sha256:ecdsa_brainpoolP384r1tls13_sha384:ecdsa_brainpoolP512r1tls13_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:rsa_pkcs1_sha256:rsa_pkcs1_sha384:rsa_pkcs1_sha512:ecdsa_sha224:rsa_pkcs1_sha224:dsa_sha224:dsa_sha256:dsa_sha384:dsa_sha512
+ <!-- https://github.com/openssl/openssl/pull/29982 -->
+
*Viktor Dukhovni*
* Implemented client-side predicted keyshare floating. When a tuple loses
@@ -159,9 +164,20 @@ OpenSSL Releases
because it is removed by configuration (e.g. `DEFAULT:-<groupname>`), if
the tuple remains non-empty, the keyshare is inherited by the first (i.e.
most preferred) remaining element of the tuple.
+ <!-- https://github.com/openssl/openssl/pull/30113 -->
*Viktor Dukhovni*
+ * Implemented `OSSL_STORE` support for `EVP_SKEY` objects, that includes
+ addition of new `-skeyuri` and `-storepass` options to `openssl enc`
+ command, addition of a new `-skeys` option to `openssl storeutl` command,
+ addition of `OSSL_STORE_INFO_SKEY` `OSS_STORE` object type and the relevant
+ `OSSL_STORE_INFO_get0_SKEY()`, `OSSL_STORE_INFO_get1_SKEY()`,
+ and `OSSL_STORE_INFO_new_SKEY()` APIs.
+ <!-- https://github.com/openssl/openssl/pull/28278 -->
+
+ *Dmitry Belyavskiy*
+
* Added support for [RFC 8998], signature algorithm `sm2sig_sm3`, key exchange
group `curveSM2`, and [tls-hybrid-sm2-mlkem] post-quantum group
`curveSM2MLKEM768`.
@@ -174,32 +190,39 @@ OpenSSL Releases
value can be specified with the use of either the **-pkeyopt**
(`openssl-pkeyutl(1)`) or **-sigopt** (`openssl-dgst(1)`) option with a
value of "distid:".
+ <!-- https://github.com/openssl/openssl/pull/29953 -->
*Viktor Dukhovni*
* Added support for TLS 1.3 SM cipher suites `TLS_SM4_GCM_SM3`
and `TLS_SM4_CCM_SM3` from [RFC 8998].
+ <!-- https://github.com/openssl/openssl/pull/30028 -->
*Milan Brož*
* Added cSHAKE function support as per [SP 800-185].
+ <!-- https://github.com/openssl/openssl/pull/28432 -->
*Shane Lontis*
* Added "ML-DSA-MU" digest algorithm support.
+ <!-- https://github.com/openssl/openssl/pull/29223 -->
*Shane Lontis*
* Added SNMP KDF (`EVP_KDF_SNMPKDF`) to `EVP_KDF`.
+ <!-- https://github.com/openssl/openssl/pull/29195 -->
*Barry Fussell and Helen Zhang*
- * Added SRTP KDF (`EVP_KDF_SRTPKDF`) to `EVP_KDF`
+ * Added SRTP KDF (`EVP_KDF_SRTPKDF`) to `EVP_KDF`.
+ <!-- https://github.com/openssl/openssl/pull/29435 -->
*Barry Fussell and Helen Zhang*
* Implemented [RFC 7919], adding support for negotiated FFDHE key exchange
in TLS 1.2.
+ <!-- https://github.com/openssl/openssl/pull/24551 -->
*Joachim Vandersmissen* (with additional support from *Viktor Dukhovni*)
@@ -208,47 +231,97 @@ OpenSSL Releases
Raise `X509_V_ERR_EMPTY_AUTHORITY_KEY_IDENTIFIER` when AKID has no attributes.
Raise `X509_V_ERR_AKID_ISSUER_SERIAL_NOT_PAIRED` when `authorityCertIssuer`
and `authorityCertSerialNumber` fields are not paired.
+ <!-- https://github.com/openssl/openssl/pull/29971 -->
*Daniel Kubec*
* Implemented [RFC 9849], adding support for Encrypted Client Hello (ECH).
See `doc/design/ech-api.md` for details.
+ <!-- https://github.com/openssl/openssl/pull/25193 -->
+ <!-- https://github.com/openssl/openssl/pull/25420 -->
+ <!-- https://github.com/openssl/openssl/pull/25663 -->
+ <!-- https://github.com/openssl/openssl/pull/26011 -->
+ <!-- https://github.com/openssl/openssl/pull/27540 -->
+ <!-- https://github.com/openssl/openssl/pull/27561 -->
+ <!-- https://github.com/openssl/openssl/pull/28270 -->
+ <!-- https://github.com/openssl/openssl/pull/29200 -->
+ <!-- https://github.com/openssl/openssl/pull/30048 -->
*Stephen Farrell* (with much support from *Matt Caswell* and *Tomáš Mráz*)
- * Added the `OSSL_ESS_check_signing_certs_ex()` call.
+ * Implemented display of CPU capabilities in `openssl version -c` output
+ on POWER and SPARC platforms, added `OPENSSL_ppccap(3)` manual page.
+ <!-- https://github.com/openssl/openssl/pull/28535 -->
+ <!-- https://github.com/openssl/openssl/pull/29116 -->
+ <!-- https://github.com/openssl/openssl/pull/29230 -->
+
+ *Bernd Edlinger, Nia Alarie, and George Wilson*
+
+ * Added `OSSL_ESS_check_signing_certs_ex()` function.
This API call is an extension to `OSSL_ESS_check_signing_certs()` that adds
the ability to specify a library context and property query when fetching
algorithms to validate a given certificate.
+ <!-- https://github.com/openssl/openssl/pull/30034 -->
*Neil Horman*
- * Added `OPENSSL_sk_set_cmp_thunks()` API to allow for proper typecasting
+ * Added `OPENSSL_sk_set_cmp_thunks()` function to allow for proper typecasting
during comparison of elements in a `STACK_OF` structure.
+ <!-- https://github.com/openssl/openssl/pull/29640 -->
*Neil Horman*
+ * Added `OSSL_PARAM_clear_free` function that allows cleansing `PARAM`s that
+ contain sensitive information, and switched to its use where it is suitable.
+ <!-- https://github.com/openssl/openssl/pull/28108 -->
+
+ *Simo Source*
+
+ * Added `ASN1_BIT_STRING_get_length()` function, that returns the number
+ of octets and the number of unused bits in an `ASN1_BIT_STRING` object.
+ <!-- https://github.com/openssl/openssl/pull/29387 -->
+
+ *Bob Beck*
+
* Added `ASN1_BIT_STRING_set1()` function to set a bit string to a value,
including the length in bytes and the number of unused bits. Internally,
`ASN1_BIT_STRING_set_bit()` has also been modified to keep the number
of unused bits correct when changing an `ASN1_BIT_STRING`.
+ <!-- https://github.com/openssl/openssl/pull/29926 -->
*Bob Beck*
+ * Added `PACKET_msg_start()` function, that allows obtaining start
+ of a `PACKET` buffer.
+ <!-- https://github.com/openssl/openssl/pull/27776 -->
+
+ *Matt Caswell*
+
* Added `SSL_add1_dnsname()`, `SSL_set1_dnsname()`, `SSL_add1_ipaddr()`,
and `SSL_set1_ipaddr()` functions as a replacement for `SSL_add1_host()`
and `SSL_set1_host()` that are deprecated now. The new replacement API
functions was added to support checking multiple names against a certificate
with `X509_VERIFY_PARAM`. See `X509_VERIFY_PARAM_set_flags(3)` for full
details.
+ <!-- https://github.com/openssl/openssl/pull/29612 -->
*Bob Beck*
+ * Added `SSL_listen_ex()` function, that, together with added ability to create
+ "blank" SSL objects using `OSSL_QUIC_method()`, allows implementing polling
+ of inbound connections in QUIC in a fashion similar to DTLS.
+ <!-- https://github.com/openssl/openssl/pull/27397 -->
+
+ *Neil Horman*
+
* Added `SSL_CTX_get0_alpn_protos()` and `SSL_get0_alpn_protos()` functions.
+ <!-- https://github.com/openssl/openssl/pull/29646 -->
*Daniel Kubec*
- * Added `SSL_CTX_is_server()`.
+ * Added `SSL_CTX_is_server()` function, that is similar to `SSL_is_server()`,
+ but takes `SSL_CTX` object as an argument.
+ <!-- https://github.com/openssl/openssl/pull/29635 -->
*Igor Ustinov*
@@ -257,6 +330,7 @@ OpenSSL Releases
it later to continue a computation from a specific checkpoint. Only SHA-2
and the SHA-3 family (Keccak, SHAKE, SHA-3) of functions currently support
this functionality.
+ <!-- https://github.com/openssl/openssl/pull/28837 -->
*Simo Sorce*
@@ -264,12 +338,33 @@ OpenSSL Releases
`send()`, `sendto()`, and `sendmsg()`. The main intention is to allow
setting the `MSG_NOSIGNAL` flag to avoid a crash on receiving the `SIGPIPE`
signal.
+ <!-- https://github.com/openssl/openssl/pull/30044 -->
+
+ *Igor Ustinov*
+
+ * Added `X509v3_delete_extension()` function, that extends
+ `X509v3_delete_ext()` by deallocating the extension stack if it becomes
+ empty, as a convenience wrapper useful for optional X.509 extensions.
+ <!-- https://github.com/openssl/openssl/pull/30252 -->
+
+ *Viktor Dukhovni*
+
+ * Added ability to specify ML-KEM and ML-DSA encoding formats on a per-key
+ basis, by setting `output-formats` `EVP_PKEY` encoding parameter
+ appropriately via `OSSL_ENCODER_CTX_set_params(3)`.
+ <!-- https://github.com/openssl/openssl/pull/29206 -->
+
+ *Viktor Dukhovni*
+
+ * Added documentation for `BIO` flags and related functions.
+ <!-- https://github.com/openssl/openssl/pull/29311 -->
*Igor Ustinov*
* FIPS self tests can now be deferred and run as needed when installing
the FIPS module with the `-defer_tests` option of the `openssl fipsinstall`
command.
+ <!-- https://github.com/openssl/openssl/pull/29222 -->
*Simo Sorce*
@@ -287,6 +382,7 @@ OpenSSL Releases
previous OpenSSL version or the default provider, and then
re-encrypt them with the newer OpenSSL (using the FIPS provider),
thus upgrading to longer password, salt length and AES-256 CBC.
+ <!-- https://github.com/openssl/openssl/pull/27431 -->
*Dimitri John Ledkov*
@@ -295,18 +391,21 @@ OpenSSL Releases
OpenSSL can now be configured to use the static or dynamic `vcruntime.dll`
linkage. The multithreaded or single threaded static VC runtime is selected
based on the `enable-threads` option.
+ <!-- https://github.com/openssl/openssl/pull/29995 -->
*Neil Horman*
* Added configure options to disable KDF algorithms for `hmac-drbg-kdf`,
`kbkdf`, `krb5kdf`, `pvkkdf`, `snmpkdf`, `sskdf`, `sshkdf`, `x942kdf`,
and `x963kdf`.
+ <!-- https://github.com/openssl/openssl/pull/29576 -->
*Shane Lontis*
* Removed configure options can now only be disabled. You may continue
to use `disable-<feature>` syntax, which will remain supported. Using
`enable-<feature>` for a removed feature is no longer permitted.
+ <!-- https://github.com/openssl/openssl/pull/29338 -->
*Andrew Dinh*
@@ -315,6 +414,7 @@ OpenSSL Releases
of supported `group`s (128) and `sig_alg`s (128). Any sent beyond
these limits are ignored, in order to avoid clients sending excessively
long lists in these extensions.
+ <!-- https://github.com/openssl/openssl/pull/30263 -->
*Matt Caswell*
@@ -336,11 +436,13 @@ OpenSSL Releases
The settings in the stock OpenSSL 4.0 configuration file arrange for
addition of the requisite SKID and AKID extensions. Other configuration
files may need to be adjusted if desired.
+ <!-- https://github.com/openssl/openssl/pull/29057 -->
*Viktor Dukhovni*
* Enabled Server verification by default in `s_server`
when the `-verify_return_error` option is enabled.
+ <!-- https://github.com/openssl/openssl/pull/28445 -->
*Ryan Hooper*
@@ -348,11 +450,13 @@ OpenSSL Releases
in hexadecimal format where the first (most significant) byte is >= 0x80.
This had been added artificially to resemble ASN.1 DER encoding internals.
Fixing this also makes sure that key output always has the expected length.
+ <!-- https://github.com/openssl/openssl/pull/8136 -->
*David von Oheimb*
* Standardized the width of hexadecimal dumps to 24 bytes for signatures
(to stay within the 80 characters limit) and 16 bytes for everything else.
+ <!-- https://github.com/openssl/openssl/pull/29266 -->
*Beat Bolli*
@@ -360,21 +464,25 @@ OpenSSL Releases
`curveSM2MLKEM768` to the first tuple in that order after `*X25519MLKEM768`.
Also inserted a penultimate tuple with `curveSM2` (just before the `FFDHE`
groups).
+ <!-- https://github.com/openssl/openssl/pull/30113 -->
*Viktor Dukhovni*
* Consolidated processing of SM2 and EdDSA signatures with essentially
identical code for ECDSA in the `openssl speed` command. The output format
has changed slightly to report the EC curve name rather than its bit size.
+ <!-- https://github.com/openssl/openssl/pull/29953 -->
*Viktor Dukhovni*
* CRLs with a malformed Issuing Distribution Point extensions are now rejected.
+ <!-- https://github.com/openssl/openssl/pull/30171 -->
*Daniel Kubec*
* CRLs with malformed `CRL Number` or `Delta CRL Indicator` extensions
are now rejected.
+ <!-- https://github.com/openssl/openssl/pull/30024 -->
*Daniel Kubec*
@@ -383,18 +491,21 @@ OpenSSL Releases
of `ASN1_TIME` validation results so that any CRL containing invalid
time fields is rejected immediately, preventing the error from propagating
to verification.
+ <!-- https://github.com/openssl/openssl/pull/29107 -->
*Daniel Kubec*
* CRLs with a `Certificate Issuer` extension in a certificate revocation entry
are now rejected, unless the `Indirect` flag is set to `TRUE`
in the `Issuing Distribution Point` extension of the CRL.
+ <!-- https://github.com/openssl/openssl/pull/29018 -->
*Daniel Kubec*
* `SSL_get_error()` no longer depends on the state of the error stack,
so it is no longer necessary to empty the error queue before the
TLS/SSL I/O operations.
+ <!-- https://github.com/openssl/openssl/pull/29991 -->
*Igor Ustinov*
@@ -403,81 +514,133 @@ OpenSSL Releases
Access to values from `ASN1_STRING` and related types should be done with the
appropriate accessor functions. The various `ASN1_STRING_FLAG` values have
been made private.
+ <!-- https://github.com/openssl/openssl/pull/29862 -->
*Bob Beck*
- * `OPENSSL_cleanup()` now runs in a global destructor, or not at all by default.
-
- `OpenSSL_cleanup()` will no longer by default free global objects when run from
- an application. Instead it sets a flag for a global destructor to do this after
- the process exits, and after subordinate libraries using OpenSSL have run their
- destructors. If destructor support is not available, `OpenSSL_cleanup()` will do
- nothing, leaving the global objects to be cleaned up by the Operating System.
+ * `OPENSSL_cleanup()` now runs in a global destructor, or not at all
+ by default: `OPENSSL_cleanup()` will no longer by default free global
+ objects when run from an application. Instead it sets a flag for a global
+ destructor to do this after the process exits, and after subordinate
+ libraries using OpenSSL have run their destructors. If destructor support
+ is not available, `OPENSSL_cleanup()` will do nothing, leaving the global
+ objects to be cleaned up by the operating system.
+ <!-- https://github.com/openssl/openssl/pull/29721 -->
*Bob Beck*
* `X509_ALGOR_set_md()` function now returns a value indicating success
or failure.
+ <!-- https://github.com/openssl/openssl/pull/17495 -->
*David von Oheimb*
- * Added documentation for `X509_cmp_time()`, `X509_cmp_current_time()`,
- and `X509_cmp_timeframe()`, and deprecated them.
- Added a new function, `X509_check_certificate_times()`, as well as
- the `<openssl/posix_time.h>` interface from BoringSSL/LibreSSL.
- For details of these functions and non-deprecated replacement
- strategies, see `X509_check_certificate_times(3)`.
+ * Changed `BIO_snprintf()` implementation to use `snprintf()` provided
+ by system's libc (instead of relying on internal implementation),
+ making it bug-for-bug compatible with it.
+ <!-- https://github.com/openssl/openssl/pull/28305 -->
+
+ *Alexandr Nedvedicky*
+
+ * Added `X509_check_certificate_times()` function, as well as
+ the `<openssl/posix_time.h>` interface from BoringSSL/LibreSSL, that replace
+ now deprecated `X509_cmp_time()`, `X509_cmp_current_time()`,
+ and `X509_cmp_timeframe()`. See `X509_check_certificate_times(3)`
+ for details.
+ <!-- https://github.com/openssl/openssl/pull/28623 -->
+ <!-- https://github.com/openssl/openssl/pull/29152 -->
+ <!-- https://github.com/openssl/openssl/pull/30098 -->
*Bob Beck*
- * Const-corrected `time_t` arguments for `X509_cmp_time()`, `X509_time_adj()`,
- and `X509_time_adj_ex()`.
+ * `const`-corrected `time_t` arguments for `X509_cmp_time()`,
+ `X509_time_adj()`, and `X509_time_adj_ex()`.
+ <!-- https://github.com/openssl/openssl/pull/30020 -->
*Frederik Wedel-Heinen*
- * Made `X509_ATTRIBUTE` accessor functions const-correct. The functions
+ * Made `X509_ATTRIBUTE` accessor functions `const`-correct. The functions
`X509_ATTRIBUTE_get0_object()`, `X509_ATTRIBUTE_get0_type()`, and
`X509_ATTRIBUTE_get0_data()` now accept `const X509_ATTRIBUTE *` and
- return const pointers. Related PKCS12 functions `PKCS12_get_attr_gen()`,
+ return `const` pointers. Related PKCS#12 functions `PKCS12_get_attr_gen()`,
`PKCS12_get_attr()`, and `PKCS8_get_attr()` have also been updated to
return `const ASN1_TYPE *`.
+ <!-- https://github.com/openssl/openssl/pull/29813 -->
*kovan*
- * Constified various function return values, particularly in X509 and related
- areas, and when functions were returning non-const objects owned by a const
- parameter.
+ * Made `X509_PUBKEY` accessor functions `const`-correct.
+ <!-- https://github.com/openssl/openssl/pull/29428 -->
+
+ *Bob Beck*
+
+ * `const`-corrected various function return values, particularly in `X509`
+ and related areas, and when functions were returning non-`const` objects
+ owned by a `const` parameter.
+ <!-- https://github.com/openssl/openssl/pull/30035 -->
+ <!-- https://github.com/openssl/openssl/pull/30036 -->
*Bob Beck*
* Many functions accepting `X509 *` arguments, or returning values
- from a const `X509 *` have been changed to take/return const
+ from a `const` `X509 *` have been changed to take/return `const`
arguments. The most visible changes are places where pointer values
- are returned from a const `X509 *` object. In many places where
- these were non const values being returned from a const object,
- these pointer values have now been made const. The goal of this
+ are returned from a `const` `X509 *` object. In many places where
+ these were non `const` values being returned from a `const` object,
+ these pointer values have now been made `const`. The goal of this
change is to enable future improvements in X.509 certificate
handling. For full details see the relevant section in
- ossl-migration-guide(7).
+ `ossl-migration-guide(7)`.
+ <!-- https://github.com/openssl/openssl/pull/29465 -->
+ <!-- https://github.com/openssl/openssl/pull/29468 -->
+ <!-- https://github.com/openssl/openssl/pull/29488 -->
+ <!-- https://github.com/openssl/openssl/pull/30053 -->
+ <!-- https://github.com/openssl/openssl/pull/30054 -->
+ <!-- https://github.com/openssl/openssl/pull/30056 -->
+ <!-- https://github.com/openssl/openssl/pull/30058 -->
+ <!-- https://github.com/openssl/openssl/pull/30067 -->
+ <!-- https://github.com/openssl/openssl/pull/30071 -->
+ <!-- https://github.com/openssl/openssl/pull/30072 -->
+ <!-- https://github.com/openssl/openssl/pull/30073 -->
+ <!-- https://github.com/openssl/openssl/pull/30074 -->
+ <!-- https://github.com/openssl/openssl/pull/30076 -->
+ <!-- https://github.com/openssl/openssl/pull/30079 -->
+ <!-- https://github.com/openssl/openssl/pull/30080 -->
+ <!-- https://github.com/openssl/openssl/pull/30082 -->
+ <!-- https://github.com/openssl/openssl/pull/30084 -->
+ <!-- https://github.com/openssl/openssl/pull/30090 -->
+ <!-- https://github.com/openssl/openssl/pull/30092 -->
+ <!-- https://github.com/openssl/openssl/pull/30096 -->
+ <!-- https://github.com/openssl/openssl/pull/30117 -->
+ <!-- https://github.com/openssl/openssl/pull/30127 -->
+ <!-- https://github.com/openssl/openssl/pull/30229 -->
+ <!-- https://github.com/openssl/openssl/pull/30235 -->
+ <!-- https://github.com/openssl/openssl/pull/30265 -->
+ <!-- https://github.com/openssl/openssl/pull/30272 -->
+ <!-- https://github.com/openssl/openssl/pull/30273 -->
+ <!-- https://github.com/openssl/openssl/pull/30276 -->
*Bob Beck*
- * Constified various function parameters, in particular for X509-related
- functions.
+ * `const`-corrected various function parameters, in particular
+ for `X509`-related functions.
+ <!-- https://github.com/openssl/openssl/pull/28033 -->
*David von Oheimb*
- * Constified various X509-related functions: `X509_get_pathlen()`,
+ * `const`-corrected various `X509`-related functions: `X509_get_pathlen()`,
`X509_check_ca()`, `X509_check_purpose()`, `X509_get_proxy_pathlen()`,
`X509_get_extension_flags()`, `X509_get_key_usage()`,
`X509_get_extended_key_usage()`, `X509_get0_subject_key_id()`,
`X509_get0_authority_key_id()`, `X509_get0_authority_issuer()`,
`X509_get0_authority_serial()`, `X509_get0_distinguishing_id()`.
+ <!-- https://github.com/openssl/openssl/pull/30055 -->
*Bob Beck*
* Removed needless `const` qualifiers from scalar type arguments in the public
APIs, mostly for AES and Camellia.
+ <!-- https://github.com/openssl/openssl/pull/18229 -->
*David von Oheimb*
@@ -485,64 +648,76 @@ OpenSSL Releases
`ciphersuites` list, and for that list to contain duplicates.
Cipher configuration strings for both TLS 1.2 and 1.3 are now
case-insensitive.
+ <!-- https://github.com/openssl/openssl/pull/30140 -->
*Viktor Dukhovni*
* Deprecated `ASN1_OBJECT_new()` function.
Refer to `ossl-migration-guide(7)` for more info.
+ <!-- https://github.com/openssl/openssl/pull/30011 -->
*Frederik Wedel-Heinen*
* Deprecated `X509_NAME_get_text_by_NID()` and `X509_NAME_get_text_by_OBJ()`
functions, and documented them as such.
+ <!-- https://github.com/openssl/openssl/pull/30031 -->
*Bob Beck*
* Removed the `SSL_TXT_FIPS` option. This was a remnant of the old FIPS
canister and wasn't used anymore.
+ <!-- https://github.com/openssl/openssl/pull/30200 -->
*Dr Paul Dale*
* Removed `OPENSSL_atexit()` function.
+ <!-- https://github.com/openssl/openssl/pull/29874 -->
*Bob Beck*
- * Critical extension enforcement for `EXFLAG_BCONS_CRITICAL`,
- `EXFLAG_AKID_CRITICAL`, `EXFLAG_SKID_CRITICAL`, and `EXFLAG_SAN_CRITICAL` is
- incorrect. These checks were intended as CA requirements to prevent
- misinterpretation by verifiers that don't support certain extensions
- However, since we do support these extensions, there is no requirement for
- them to be marked as critical. Enforcing that on `X509_V_FLAG_X509_STRICT` was a mistake.
+ * Removed critical extension enforcement for `EXFLAG_BCONS_CRITICAL`,
+ `EXFLAG_AKID_CRITICAL`, `EXFLAG_SKID_CRITICAL`, and `EXFLAG_SAN_CRITICAL`,
+ as it was incorrect. These checks were intended as CA requirements
+ to prevent misinterpretation by verifiers that don't support certain
+ extensions. However, since we do support these extensions,
+ there is no requirement for them to be marked as critical. Enforcing
+ that on `X509_V_FLAG_X509_STRICT` was a mistake.
+ <!-- https://github.com/openssl/openssl/pull/30249 -->
*Daniel Kubec*
- * Support of deprecated elliptic curves in TLS according to [RFC 8422] was
- disabled at compile-time by default. To enable it, use the
- `enable-tls-deprecated-ec` configuration option.
-
- *Dmitry Belyavskiy*
-
* Removed support for an SSLv2 Client Hello. When a client wanted to support
both SSLv2 and higher versions like SSLv3 or even TLSv1, it needed to
send an SSLv2 Client Hello. SSLv2 support itself was removed
in OpenSSL 1.1.0, but there was still compatibility code for clients sending
an SSLv2 Client Hello. Since we no longer support SSLv2 Client Hello,
`SSL_client_hello_isv2()` is now deprecated and always returns 0.
+ <!-- https://github.com/openssl/openssl/pull/28041 -->
*Kurt Roeckx*
* Removed support for SSLv3. SSLv3 has been deprecated since 2015, and OpenSSL
had it disabled by default since version 1.1.0 (2016).
+ <!-- https://github.com/openssl/openssl/pull/29338 -->
*Kurt Roeckx*
+ * Support of deprecated elliptic curves in TLS according to [RFC 8422] was
+ disabled at compile-time by default. To enable it, use the
+ `enable-tls-deprecated-ec` configuration option.
+ <!-- https://github.com/openssl/openssl/pull/29658 -->
+
+ *Dmitry Belyavskiy*
+
* Support of explicit EC curves was disabled by default, an error will occur
if an explicit EC curve doesn't match any known one. A new configuration
option, `enable-ec_explicit_curves`, is added.
+ <!-- https://github.com/openssl/openssl/pull/29639 -->
*Dmitry Belyavskiy*
* Removed `c_rehash` script tool. Use `openssl rehash` instead.
+ <!-- https://github.com/openssl/openssl/pull/29427 -->
*Norbert Pócs*
@@ -551,24 +726,30 @@ OpenSSL Releases
may report spurious allocated and reachable memory at application exit.
To avoid such spurious leak detection reports the application may call
`OPENSSL_cleanup()` before the process exits.
+ <!-- https://github.com/openssl/openssl/pull/29385 -->
*Alexandr Nedvedicky*
* Removed the `crypto-mdebug-backtrace` configuration option entirely.
The option has been a no-op since OpenSSL 1.0.2.
+ <!-- https://github.com/openssl/openssl/pull/29380 -->
*Neil Horman*
* Removed the deprecated function `ASN1_STRING_data()`.
+ <!-- https://github.com/openssl/openssl/pull/29149 -->
*Bob Beck*
* Removed the `ASN1_STRING_FLAG_X509_TIME` define.
+ <!-- https://github.com/openssl/openssl/pull/29187 -->
*Bob Beck*
* Dropped `darwin-i386{,-cc}` and `darwin-ppc{,64}{,-cc}` targets
from Configurations.
+ <!-- https://github.com/openssl/openssl/pull/29653 -->
+ <!-- https://github.com/openssl/openssl/pull/29672 -->
*Daniel Kubec and Eugene Syromiatnikov*
@@ -578,20 +759,43 @@ OpenSSL Releases
by defining a macro `OPENSSL_ENGINE_STUBS`; however, all these functions
will return error when called. Provider API should be used to replace
engine functionality.
+ <!-- https://github.com/openssl/openssl/pull/29305 -->
*Milan Brož*, *Neil Horman*, *Norbert Pócs*
+ * Removed deprecated support for custom `EVP_CIPHER`, `EVP_MD`, `EVP_PKEY`,
+ and `EVP_PKEY_ASN1` methods (`EVP_CIPHER_meth_*`, `EVP_MD_meth_*`,
+ `EVP_PKEY_meth_*`, and `EVP_PKEY_asn1_*` function families, respectively).
+ <!-- https://github.com/openssl/openssl/pull/29299 -->
+ <!-- https://github.com/openssl/openssl/pull/29366 -->
+ <!-- https://github.com/openssl/openssl/pull/29384 -->
+ <!-- https://github.com/openssl/openssl/pull/29405 -->
+ <!-- https://github.com/openssl/openssl/pull/29446 -->
+
+ *Matt Caswell*
+
+ * Removed deprecated fixed SSL/TLS version methods
+ (`{SSLv3,{D,}TLSv1{,_1,_2}}{,_client,_server}_method()` functions),
+ the migrating application should use `TLS_method()`, `TLS_client_method()`,
+ and `TLS_server_method()` functions instead.
+ <!-- https://github.com/openssl/openssl/pull/30128 -->
+
+ *Frederik Wedel-Heinen*
+
* Removed `BIO_f_reliable()` implementation without replacement.
It was broken since 3.0 release without any complaints.
+ <!-- https://github.com/openssl/openssl/pull/29445 -->
*Tomáš Mráz*
* Removed deprecated functions `ERR_get_state()`, `ERR_remove_state()`
and `ERR_remove_thread_state()`. The `ERR_STATE` object is now always opaque.
+ <!-- https://github.com/openssl/openssl/pull/30005 -->
*Tomáš Mráz*
* Removed the deprecated `msie-hack` option from the `openssl ca` command.
+ <!-- https://github.com/openssl/openssl/pull/30033 -->
*Bob Beck*
diff --git a/NEWS.md b/NEWS.md
index 494ca0fe67..674c1a64e0 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -57,6 +57,9 @@ changes:
* `libcrypto` no longer cleans up globally allocated data via `atexit()`.
+ * `BIO_snprintf()` now uses `snprintf()` provided by libc instead of internal
+ implementation.
+
* `OPENSSL_cleanup()` now runs in a global destructor, or not at all
by default.
@@ -91,8 +94,14 @@ changes:
* Removed `BIO_f_reliable()` implementation without replacement.
It was broken since 3.0 release without any complaints.
+ * Removed deprecated support for custom `EVP_CIPHER`, `EVP_MD`, `EVP_PKEY`,
+ and `EVP_PKEY_ASN1` methods.
+
+ * Removed deprecated fixed SSL/TLS version method functions.
+
* Removed deprecated functions `ERR_get_state()`, `ERR_remove_state()`
- and `ERR_remove_thread_state()`. The `ERR_STATE` object is now always opaque.
+ and `ERR_remove_thread_state()`. The `ERR_STATE` object is now always
+ opaque.
* Dropped `darwin-i386{,-cc}` and `darwin-ppc{,64}{,-cc}` targets
from Configurations.