We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is the first stable release from the 2.9 series, which is also included with OpenBSD 6.5 It includes the following changes and improvements from LibreSSL 2.8.x: * API and Documentation Enhancements - CRYPTO_LOCK is now automatically initialized, with the legacy callbacks stubbed for compatibility. - Added the SM3 hash function from the Chinese standard GB/T 32905-2016. - Added the SM4 block cipher from the Chinese standard GB/T 32907-2016. - Added more OPENSSL_NO_* macros for compatibility with OpenSSL. - Partial port of the OpenSSL EC_KEY_METHOD API for use by OpenSSH. - Implemented further missing OpenSSL 1.1 API. - Added support for XChaCha20 and XChaCha20-Poly1305. - Added support for AES key wrap constructions via the EVP interface. * Compatibility Changes - Added pbkdf2 key derivation support to openssl(1) enc. - Changed the default digest type of openssl(1) enc to sha256. - Changed the default digest type of openssl(1) dgst to sha256. - Changed the default digest type of openssl(1) x509 -fingerprint to sha256. - Changed the default digest type of openssl(1) crl -fingerprint to sha256. * Testing and Proactive Security - Added extensive interoperability tests between LibreSSL and OpenSSL 1.0 and 1.1. - Added additional Wycheproof tests and related bug fixes. * Internal Improvements - Simplified sigalgs option processing and handshake signing algorithm selection. - Added the ability to use the RSA PSS algorithm for handshake signatures. - Added bn_rand_interval() and use it in code needing ranges of random bn values. - Added functionality to derive early, handshake, and application secrets as per RFC8446. - Added handshake state machine from RFC8446. - Removed some ASN.1 related code from libcrypto that had not been used since around 2000. - Unexported internal symbols and internalized more record layer structs. - Removed SHA224 based handshake signatures from consideration for use in a TLS 1.2 handshake. * Portable Improvements - Added support for assembly optimizations on 32-bit ARM ELF targets. - Added support for assembly optimizations on Mingw-w64 targets. - Improved Android compatibility * Bug Fixes - Improved protection against timing side channels in ECDSA signature generation. - Coordinate blinding was added to some elliptic curves. This is the last bit of the work by Brumley et al. to protect against the Portsmash vulnerability. - Ensure transcript handshake is always freed with TLS 1.2. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.