What's Changed
- Cache peer CA names on client side after handshake by @WillChilds-Klein in #2994
- Add NULL checks for MakeUnique in SSL cipher list inheritance by @geedo0 in #3065
- Fix gRPC integration by @justsmth in #3070
- Latent memory leaks in KEM_KEY setter functions by @justsmth in #3041
- Fix PKCS8_decrypt to handle all negative pass_len values by @geedo0 in #3039
- Fix PKCS12_verify_mac OOB read with invalid password_len by @geedo0 in #3051
- Cleanup EVP_DH asn1 parsing by @justsmth in #3047
- Add INT_MAX bounds check before EVP_CipherUpdate in PKCS8/PKCS12 encryption by @geedo0 in #3043
- Fix PKCS8_encrypt crash when pass is NULL with negative pass_len_in by @geedo0 in #3052
- Fix CMake 4.0 CI jobs by @justsmth in #3068
- IWYU: guard stdint.h in fips_shared_support.c by @skmcgrail in #3027
- Use proper function type for different callback types by @torben-hansen in #3066
- Zeroize intermediate values for ed25519 by @justsmth in #3075
- Bump github.com/cloudflare/circl from 1.6.2 to 1.6.3 in /util/vecgen by @dependabot[bot] in #3046
- Fix sizeof-on-pointer bugs in FIPS assertion failure messages by @justsmth in #3074
- Remove dead declarations in public headers by @skmcgrail in #3053
- TLS Transfer Serialization Findings by @skmcgrail in #3071
- XOF fixes by @manastasova in #3064
- Add a test that arbitrary curves can be wrapped in EVP_PKEY by @nebeid in #3055
- Improve type safety and bounds checking in EVP cipher ctrl handlers by @justsmth in #3034
- Fix uninitialized EVP_MD_CTX and harden bn_dup_into by @justsmth in #3033
- Add ACVP Support for KAS-ECC by @nhatnghiho in #3010
- Add ACVP Support for KTS-IFC by @nhatnghiho in #3009
- Various Small Additions to ACVP Tool by @nhatnghiho in #3024
- Clean up CLI code by @nhatnghiho in #2927
- Fix NetBSD AArch64 CPU feature detection on big.LITTLE systems by @justsmth in #3082
- Prepare v1.70.0 by @nhatnghiho in #3086
Full Changelog: v1.69.0...v1.70.0