Developers of the OpenBSD project presented the release of the portable edition of the package libressl 3.9.0, within which the Openssl is developing, aimed at ensuring a higher level of security. The Libressl project is aimed at high-quality support for the SSL/TLS protocols with the removal of excessive functionality, the addition of additional protection tools and a significant cleaning and processing of the code base. The release of Libressl 3.9.0 is considered as experimental, in which the possibilities are developing that will be part of the OpenBSD 7.5.
At the same time, formed Stable release Libressl 3.8.3, which fixed several specific errors for Windows and The support of the CET protection mechanism (Control-Flow Enforcement Technology) is strengthened.
Features of Libressl 3.9.0:
- Added support for digital signature algorithms based on ECDSA with HASHS SHA-3.
- Added HMAC support with truncated Hashas Sha-2 and Sha-3 as PBE PRF.
- Amendments to improve tolerance to other platforms. Most of the Libressl exported symbols used to ensure compatibility is equipped with Libressl_ Prefix. In the assembly on the basis of CMAKE, the export of Libcrypto Compat symbols is stopped.
- Amended, aimed at improving compatibility with OpenSSL. For example, the names of the CHACHA20 and CHACHA20 names are added for the Chacha algorithm, the work of the functions of SSL_LIBRARY_inInit() and Openssl_init_SSL(), are led by OpenSSL Calls EVP_{Cipher, MD}_CTX_init().
- Opensl’s utility supports “-new -force_pubkey”, “-Multivalue-RDN”, “-set_issuer”, “-set_subject” and “-utf8”.
- The transition from the use of the call Obj_bsearch_() to the standard function BSEARCH().
- The implementation of the BY_File_ctrl(), EVP_cipher{Init, update, final}() and API Obj_*. A large re