5.1.0

What's Changed

• Added used_hello_retry_request function by @icrutche in #481
• Export pre-built libraries for packaging by @kornelski in #485
• Add TLS 1.2 PRF module and bindings by @janrueth in #487
• Add generic PKey private key generation API by @janrueth in #488
• Add EVP_AEAD-based detached AEAD module by @janrueth in #486

New Contributors

• @icrutche made their first contribution in #481
• @janrueth made their first contribution in #487

Full Changelog: v5.0.2...5.1.0

v5.0.2

What's Changed

• boring-sys: Support static MSVC runtime by @jrose-signal in #475
• Sync methods with rust-openssl by @kornelski in #477
• Don't add build/ to non-FIPS pre-built path + v4 compat alias by @kornelski in #474

For major changes in v5 see: https://github.com/cloudflare/boring/releases/tag/v5.0.0

Full Changelog: v5.0.1...v5.0.2

v5.0.1

• Improved building with older versions of upstream BoringSSL C headers #469
• Added mlkem and credential Cargo features for new BoringSSL APIs.

See v5.0.0 for major changes.

v5.0.0

Breaking changes

Upgrade to 4.21.1 first and fix any deprecation warnings.

Cargo features removed/simplified

• FIPS only needs the fips Cargo feature, and the rest is customized via env vars (like BORING_BSSL_FIPS_PATH): #383
• Removed the "kx-*" features #393
• Post-quantum is enabled by default (X25519MLKEM768 and P256Kyber768Draft00) and the "pq-experimental" Cargo feature flag is not used any more.

Other semver changes

• Updated BoringSSL to a newer version with updated patches by @nox in #419
• Removed SslCurve API. Identifying curves by name is more reliable across different builds of BoringSSL. Use SslRef::curve_name() instead #390 #396
• Removed deprecated X509CheckFlags #425
• X509Store is now cheaply cloneable, but immutable. SslContextBuilder.cert_store_mut() can't be used after .set_cert_store(). If you need .cert_store_mut(), either don't overwrite the default store, or use .set_cert_store_builder() #426
• X509StoreBuilder::add_cert takes a reference.
• Hyper version upgraded from v0 to v1
• set_ex_data() will always Drop previous values #424
• Removed blanket Eq from FFI types
• BIO_set_retry_write on WouldBlock @ihciah in #118

Added

• Added ML-KEM-768 and ML-KEM-1024 support #455 #456 #462
• Added init-update-finalize API for HMAC #459
• set_strict_cipher_list by @abernardeau-wallix in #416
• Added set_ticket_key_callback by @toidiu in #330
• SslCipherRef::protocol_id by @nox in #409

Full Changelog: v4.20.0...v5.0.0

v5.0.0-alpha.3

• Added ML-KEM-768 and ML-KEM-1024 support #455 #456 #462
• Added init-update-finalize API for HMAC #459
• Re-added pq-experimental (no-op) Cargo feature flag to allow crates support both boring v4 and v5 #461
• OpenBSD build fix #454
• See previous release notes for major v5 changes: https://github.com/cloudflare/boring/releases/tag/v5.0.0-alpha.1

Full Changelog: v5.0.0-alpha.1...v5.0.0-alpha.3

v4.21.1

• Deprecated APIs that were removed in v5.
• Fixed docs.rs build

v5.0.0-alpha.1

Breaking changes

Upgrade to 4.21.1 first and fix any deprecation warnings.

Cargo features removed/simplified

• FIPS only needs the fips Cargo feature, and the rest is customized via env vars (like BORING_BSSL_FIPS_PATH): #383
• Removed the "kx-*" features #393
• Post-quantum is enabled by default (X25519MLKEM768 and P256Kyber768Draft00) and the "pq-experimental" Cargo feature flag is not used any more.

Other changes

• Updated BoringSSL to a newer version with updated patches by @nox in #419
• Removed SslCurve API. Identifying curves by name is more reliable across different builds of BoringSSL. #390
• Removed deprecated X509CheckFlags #425
• X509Store is immutable, but cloneable #426
• Minimum Hyper version upgraded from v0
• Added SslRef::curve_name() by @ghedo in #396
• Added set_ticket_key_callback (SSL_CTX_set_tlsext_ticket_key_cb) by @toidiu in #330
• SslCipherRef::protocol_id by @nox in #409
• set_strict_cipher_list by @abernardeau-wallix in #416
• set_ex_data() will always Drop previous values #424
• Removed blanket Eq from FFI types
• BIO_set_retry_write on WouldBlock @ihciah in #118

Full Changelog: v4.19.0...v5.0.0-alpha.1

v4.21.0

Deprecated APIs that were removed in v5.

v4.20.0

• Add a more reliable Error::library_reason()
• Fix string data conversion in ErrorStack::put()
• CStr vs UTF-8 improvements in #371
• Fix swapped host/target args and support TARGET_CC and CC_{target} in #375
• Enable bindgen layout tests on all Rust versions 3116032

Full Changelog: v4.19.0...v4.20.0

v4.19.0

• Error improvements by @kornelski in #372
• Add binding for X509_check_ip_asc by @evanrittenhouse in #381

Full Changelog: v4.18.0...v4.19.0