The developers of the OpenBSD project have released LibreSSL 3.7.0 portable edition, which develops a fork of OpenSSL aimed at providing a higher level of security. The LibreSSL project is focused on high-quality support for SSL / TLS protocols with the removal of unnecessary functionality, the addition of additional security features and a significant cleaning and reworking of the code base. The LibreSSL 3.7.0 release is seen as an experimental release that develops features that will be included with OpenBSD 7.3.
Features of LibreSSL 3.7.0:
- Added support for Ed25519 public key digital signature, developed by Daniel Bernstein and based on Curve25519 elliptic curve and SHA-512 hash. Support for Ed25519 is available both as a standalone primitive and through the EVP interface.
- Support for X25519 digital signatures has been added to the EVP interface, which differs from Ed25519 signatures by using only "X" coordinates when manipulating points on an elliptic curve, which can significantly reduce the size of the code required to create and verify signatures.
- Implemented OpenSSL 1.1 compliant low-level API for working with public and private keys, supporting EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519 keys.
- Instead of the system functions timegm() and gmtime(), POSIX functions from BoringSSL are used to convert dates.
- The BN (BigNum) library has been cleaned up of old and unused code that works with prime numbers.
- Removed HMAC PRIVATE KEY support.
- Redesigned internal code for creating and verifying DSA signatures.
- Rewritten code for exporting keys for TLSv1.2.
- Cleaned up and reworked the old TLS stack.
- The behavior of the BIO_read() and BIO_write() functions is close to OpenSSL 3.]
Source: opennet.ru