We have released LibreSSL 4.2.0, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is the first stable release for the 4.2.x branch, also to be available with OpenBSD 7.8 It includes the following changes from LibreSSL 4.1.0: * Portable changes - Added explicit OpenBSD/ISC license to build system / scripts. - Fixed compilation on more CPU targets by removing architecture-specific definitions from header files. - Fixed builds in deep paths by using relative paths for linking. - Fixed Windows builds with Clang and CMake. - Fixed Windows error handling accepting connections with nc. - Fixed 32-bit ARM builds on Darwin. * Internal improvements - Cleaned up code implementing block cipher modes of operation. Includes untangling a horrible #ifdef mess and removing a few instances of undefined behavior. - Removed assembly implementations of AES using bit slicing (BS-AES) and vector permutation (VP-AES). - Removed OPENSSL_SMALL_FOOTPRINT and OPENSSL_FIPSAPI. - Implemented constant time EC field element operations to allow elliptic curve operations without bignum arithmetic. - Implemented an EC method using homogeneous projective coordinates. This will allow exception-free elliptic curve arithmetic in constant time in future releases. - Started cleaning up the openssl speed implementation. - The last SIGILL-based CPU capability detection was removed. Instead, capabilities are now detected using a constructor on library load, which improves the incomplete coverage by calls to OPENSSL_init_crypto() on various entry points. - Rework and simplify AES handling in EVP. In particular, AES-NI is now handled in the AES internal code and no longer requires the use of EVP. - Added a public API for ML-KEM. This is not yet documented in a manpage and may not be in its final form. This will be used to support X25519MLKEM768 in libssl. * Compatibility changes - Removed the -msie_hack option from the openssl(1) ca subcommand. - Removed parameters of the 239-bit prime curves from X9.62, H.5.2: prime239v1, prime239v2, prime239v3. - Increased default MAC salt length used by PKCS12_set_mac(3) to 16 per recommendation of NIST SP 800-132. - Encrypted PKCS#8 key files now use a default password-based key derivation function that is acceptable in the present millenium. - const corrected EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}(). - X509_CRL_verify() now checks that the AlgorithmIdentifiers in the signature and the tbsCertList are identical. - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain. - Removed BIO_s_log(), X509_PKEY_{new,free}(), PEM_X509_INFO_read() and PEM_X509_INFO_write_bio(). - Re-expose the ASN.1 Boolean template items. - opensslconf.h is now machine-independent. * New features - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0". * Bug fixes - Avoid pointer arithmetic on NULL for memory BIOs. - Fix leaks and use-after-frees in PKCS7 attribute handling. - Ensure p and q in RSA private key have a minimum distance of 2^(bits/2 - 100) as specified in NIST SP 800-56B Revision 2. * Security fixes - Fix out-of-bounds read and write, memory leaks and incorrect error check for CMS enveloped data. * Documentation - Rewrote most of the EC documentation from scratch to be at least somewhat accurate and intelligible. - Updated documentation for SMIME_{read,write}* to match reality. * Testing and proactive security - Added a testing framework that will help deduplicating lots of ad-hoc code in the regression tests. - Converted the Wycheproof testing framework to use testvectors_v1. This in combination with a few new tests significantly increases regress coverage. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.