Developers of the OpenBSD project release of a portable edition of a package , within which a fork of OpenSSL is being developed, aimed at providing a higher level of security. The LibreSSL project is focused on high-quality support for SSL / TLS protocols with the removal of unnecessary functionality, the addition of additional security features and a significant cleaning and reworking of the code base. The LibreSSL 2.9.1 release is seen as an experimental release that develops features that will be included with OpenBSD 6.5.
Changes in LibreSSL 2.9.1:
- Added hash function SM3 (Chinese standard GB/T 32905-2016);
- Added block cipher SM4 (Chinese standard GB/T 32907-2016);
- Added macros OPENSSL_NO_* to improve compatibility with OpenSSL;
- Partially ported from OpenSSL method EC_KEY_METHOD;
- Implemented missing OpenSSL 1.1 API calls;
- Added support for XChaCha20 and XChaCha20-Poly1305;
- Added support for transferring AES keys via the EVP interface;
- Provided automatic initialization of CRYPTO_LOCK;
- To improve compatibility with OpenSSL, the openssl utility has added support for the pbkdf2 key hashing scheme, by default, the sha509 hashing method is used in the enc , crl, x25 and dgst commands;
- Added tests to check portability between LibreSSL and OpenSSL
1.0 / 1.1; - Added additional Wycheproof tests;
- Added the ability to use the RSA PSS algorithm for digital signatures when negotiating connections (handshake);
- Added state machine implementation for handling handshake, defined in RFC-8446;
- Removed deprecated ASN.1-related code from libcrypto that has not been used for about 20 years;
- Added assembler optimizations for 32-bit ARM and Mingw-w64 systems;
- Improved compatibility with the Android platform.
Source: opennet.ru