Developers of OpenBSD have presented the transferred edition of the package Libressl 3.8.0 aimed at providing a higher level of security to the OpenSSL FORK. The Libressl project aims to support SSL/TLS protocols with the removal of excessive functionality, addition of protection tools, and significant cleaning and processing of the code base.
According to reports, Libressl 3.8.0 is considered experimental as possibilities are being developed for its integration into OpenBSD 7.4. In addition, stable issues of Libressl 3.6.3 and 3.7.3 have been released to fix several errors.
Notable features of Libressl 3.8.0 includes adding support for the truncated version of the SHA-2 and SHA-3, starting the process of cleaning and processing the internal code Shaha, and rewriting the internal functions of BN_Exp() and Bn_copy().
Furthermore, assembler inserts for AMD64 architecture that involve the Endbr64 instructions (Terminate Indirect Branch) have been added. The code to verify the rules defined in RFC 5280 has been postponed from Boringssl. Additionally, Libcrypto translation is continued to use CBB (Bytebuilder) and CBS (Bytestring), and problems that lead to a violation of the division of privileges in Libtls have been bypassed due to changes in Opensl 3.
Libressl 3.8.0 also includes crowning support for RFC 3820, GF2M, API X9.31, CTS (CIPHER. Text Stealing), SXNET, NETSCAPE_CERT_SEQUENCE, POLICY_TREE, as well as dangerous quick implementations of operations with simple numbers and elliptical curves from NIST, such as EC_GFP_NIST_METHOD(). For more information, please visit libressl.org.