diff options
| author | Joel Sing <joel@sing.id.au> | 2021-04-15 15:38:32 +1000 |
|---|---|---|
| committer | Joel Sing <joel@sing.id.au> | 2021-04-15 15:38:32 +1000 |
| commit | d74cf4423308ca26567132b22cbdbb56af925bc5 (patch) | |
| tree | 54c2bc963e9cb729838b677548c6b888165b5d5e | |
| parent | 0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1 (diff) | |
| download | portable-d74cf4423308ca26567132b22cbdbb56af925bc5.tar.gz portable-d74cf4423308ca26567132b22cbdbb56af925bc5.tar.bz2 portable-d74cf4423308ca26567132b22cbdbb56af925bc5.zip | |
Tweak changelog for 3.3.2.
| -rw-r--r-- | ChangeLog | 80 |
1 files changed, 38 insertions, 42 deletions
| @@ -37,18 +37,19 @@ LibreSSL Portable Release Notes: | |||
| 37 | 37 | ||
| 38 | * Switch finish{,_peer}_md_len from an int to a size_t. | 38 | * Switch finish{,_peer}_md_len from an int to a size_t. |
| 39 | 39 | ||
| 40 | * Fix SSL_get{,_peer}_finished() with TLSv1.3. | 40 | * Make SSL_get{,_peer}_finished() work when used with TLSv1.3. |
| 41 | 41 | ||
| 42 | * Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as size | 42 | * Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as size |
| 43 | for cert_verify_md[], finish_md[] and peer_finish_md[]. The factor 2 | 43 | for cert_verify_md[], finish_md[] and peer_finish_md[]. The factor 2 |
| 44 | was a historical artefact. | 44 | was a historical artefact. |
| 45 | 45 | ||
| 46 | * Corrected the return value type from ERR_peek_error() to a long. | 46 | * Correct the return value type from ERR_peek_error() to a long. |
| 47 | 47 | ||
| 48 | * Avoid use of uninitialized in ASN1_time_parse which could happen | 48 | * Avoid use of uninitialized in ASN1_time_parse() which could happen |
| 49 | on parsing UTCTime if the caller didn't clear the passed struct tm. | 49 | on parsing UTCTime if the caller did not initialise the passed |
| 50 | struct tm. | ||
| 50 | 51 | ||
| 51 | * Destroy mutex in a tls_config object on tls_config_free(). | 52 | * Destroy the mutex in a tls_config object on tls_config_free(). |
| 52 | 53 | ||
| 53 | * Free alert_data and phh_data in tls13_record_layer_free() | 54 | * Free alert_data and phh_data in tls13_record_layer_free() |
| 54 | these could leak if SSL_shutdown() or tls_close() were called | 55 | these could leak if SSL_shutdown() or tls_close() were called |
| @@ -63,7 +64,7 @@ LibreSSL Portable Release Notes: | |||
| 63 | * Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new | 64 | * Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new |
| 64 | verifier. | 65 | verifier. |
| 65 | 66 | ||
| 66 | * Use the legacy verifier when building auto chains. | 67 | * Use the legacy verifier when building auto chains for TLS. |
| 67 | 68 | ||
| 68 | * Use consistent names in tls13_{client,server}_finished_{recv,send}(). | 69 | * Use consistent names in tls13_{client,server}_finished_{recv,send}(). |
| 69 | 70 | ||
| @@ -77,18 +78,18 @@ LibreSSL Portable Release Notes: | |||
| 77 | * Search the intermediates only after searching the root certs in the | 78 | * Search the intermediates only after searching the root certs in the |
| 78 | new verifier to avoid problems with the legacy callback. | 79 | new verifier to avoid problems with the legacy callback. |
| 79 | 80 | ||
| 80 | * Bail out early after finding a single chain in the new verifier if | 81 | * Bail out early after finding a single chain in the new verifier, if |
| 81 | we have been called from the legacy verifier API. | 82 | we have been called via the legacy verifier API. |
| 82 | 83 | ||
| 83 | * Set (invalid and likely incomplete) chain on the xsc on chain build | 84 | * Set (invalid and likely incomplete) chain on the xsc on chain build |
| 84 | failure prior to calling the callback. This is required by things | 85 | failure prior to calling the callback. This is required by various |
| 85 | like auto chain. | 86 | callers, including auto chain. |
| 86 | 87 | ||
| 87 | * Align SSL_get_shared_ciphers() with OpenSSL. This takes into account | 88 | * Align SSL_get_shared_ciphers() with OpenSSL. This takes into account |
| 88 | that it never returned server ciphers, so now it will fail when | 89 | that it never returned server ciphers, so now it will fail when |
| 89 | called from the client side. | 90 | called from the client side. |
| 90 | 91 | ||
| 91 | * Added support for SSL_get_shared_ciphers() to TLSv1.3. | 92 | * Add support for SSL_get_shared_ciphers() with TLSv1.3. |
| 92 | 93 | ||
| 93 | * Split the record protection from the TLSv1.2 record layer. | 94 | * Split the record protection from the TLSv1.2 record layer. |
| 94 | 95 | ||
| @@ -109,7 +110,7 @@ LibreSSL Portable Release Notes: | |||
| 109 | * Add code to handle change of cipher state in the new TLSv1.2 record | 110 | * Add code to handle change of cipher state in the new TLSv1.2 record |
| 110 | layer. | 111 | layer. |
| 111 | 112 | ||
| 112 | * Mop up unused dtls1_build_sequence_numbers() function. | 113 | * Mop up now unused dtls1_build_sequence_numbers() function. |
| 113 | 114 | ||
| 114 | * Allow setting a keypair on a tls context without specifying the | 115 | * Allow setting a keypair on a tls context without specifying the |
| 115 | private key, and fake it internally in libtls. This removes the | 116 | private key, and fake it internally in libtls. This removes the |
| @@ -133,7 +134,7 @@ LibreSSL Portable Release Notes: | |||
| 133 | draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds. | 134 | draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds. |
| 134 | 135 | ||
| 135 | * Fail early in legacy exporter if the master secret is not available | 136 | * Fail early in legacy exporter if the master secret is not available |
| 136 | to avoid a segfault if it is called if the handshake is not | 137 | to avoid a segfault if it is called when the handshake is not |
| 137 | completed. | 138 | completed. |
| 138 | 139 | ||
| 139 | * Factor out legacy stack version checks. | 140 | * Factor out legacy stack version checks. |
| @@ -149,7 +150,7 @@ LibreSSL Portable Release Notes: | |||
| 149 | 150 | ||
| 150 | * Enforce read ahead with DTLS. | 151 | * Enforce read ahead with DTLS. |
| 151 | 152 | ||
| 152 | * Remove bogus DTLS checks to disable ECC and OCSP. | 153 | * Remove bogus DTLS checks that disabled ECC and OCSP. |
| 153 | 154 | ||
| 154 | * Sync cert.pem with Mozilla NSS root CAs except "GeoTrust Global CA". | 155 | * Sync cert.pem with Mozilla NSS root CAs except "GeoTrust Global CA". |
| 155 | 156 | ||
| @@ -186,18 +187,18 @@ LibreSSL Portable Release Notes: | |||
| 186 | x509_vfy_check_chain_extension() for all untrusted certs in the | 187 | x509_vfy_check_chain_extension() for all untrusted certs in the |
| 187 | chain. Take into account that the root is not necessarily trusted. | 188 | chain. Take into account that the root is not necessarily trusted. |
| 188 | 189 | ||
| 189 | * Avoid passing last and depth to x509_verify_cert_error() on ENOMEM | 190 | * Avoid passing last and depth to x509_verify_cert_error() on ENOMEM. |
| 190 | 191 | ||
| 191 | * Rename depth to num_untrusted. | 192 | * Rename depth to num_untrusted. |
| 192 | 193 | ||
| 193 | * Only use TLS versions internally rather than both TLS and DTLS | 194 | * Only use TLS versions internally rather than both TLS and DTLS |
| 194 | versions since the latter are the one's complement of the human | 195 | versions since the latter are the one's complement of the human |
| 195 | readable version numbers, which means that newer versions decrease | 196 | readable version numbers, which means that newer versions decrease |
| 196 | in values. | 197 | in value. |
| 197 | 198 | ||
| 198 | * Fix two bugs in the legacy verifier due to incorrect refactoring of | 199 | * Fix two bugs in the legacy verifier that resulted from refactoring |
| 199 | X509_verify_cert() for the new verifier: a return value was treated | 200 | of X509_verify_cert() for the new verifier: a return value was |
| 200 | as Boolean when it wasn't and thus it was not enough to decide | 201 | incorrectly treated as boolean, making it insufficient to decide |
| 201 | whether validation should carry on or not. | 202 | whether validation should carry on or not. |
| 202 | 203 | ||
| 203 | * Identify DTLS based on the version major value. | 204 | * Identify DTLS based on the version major value. |
| @@ -220,13 +221,13 @@ LibreSSL Portable Release Notes: | |||
| 220 | * Guard against future internal use of TLS1_get_{client,}_version() | 221 | * Guard against future internal use of TLS1_get_{client,}_version() |
| 221 | macros. | 222 | macros. |
| 222 | 223 | ||
| 223 | * Remove the internal ssl_downgrade_max_version() which is no longer | 224 | * Remove the internal ssl_downgrade_max_version() function which is no |
| 224 | needed. | 225 | longer needed. |
| 225 | 226 | ||
| 226 | * Fix checks for memory caps of constraints names. There are internal | 227 | * Fix checks for memory caps of constraints names. There are internal |
| 227 | caps on the number of name constraints and other names that the new | 228 | caps on the number of name constraints and other names, that the new |
| 228 | name constraints code allocates per cert chain. These checks were | 229 | name constraints code allocates per cert chain. These checks were |
| 229 | checked too late, making these caps only partially effective. | 230 | checked too late, making these limits only partially effective. |
| 230 | 231 | ||
| 231 | * Use EXFLAG_INVALID to handle out of memory and parse errors in | 232 | * Use EXFLAG_INVALID to handle out of memory and parse errors in |
| 232 | x509v3_cache_extensions(). | 233 | x509v3_cache_extensions(). |
| @@ -240,15 +241,14 @@ LibreSSL Portable Release Notes: | |||
| 240 | * Remove no longer needed read ahead workarounds in the s_client and | 241 | * Remove no longer needed read ahead workarounds in the s_client and |
| 241 | s_server. | 242 | s_server. |
| 242 | 243 | ||
| 243 | * Fix a copy-paste error a skid was confused with an akid when | 244 | * Fix a copy-paste error - skid was confused with an akid when |
| 244 | checking for EXFLAG_INVALID. This broke OCSP validation with | 245 | checking for EXFLAG_INVALID. This broke OCSP validation with |
| 245 | certain mirrors. | 246 | certain mirrors. |
| 246 | 247 | ||
| 247 | * Made supported protocols and list of DHE more prominent in | 248 | * Made supported protocols and options for DHE params more prominent |
| 248 | tls_config_set_protocols.3. Various mdoc improvements for that | 249 | in tls_config_set_protocols.3. |
| 249 | manual. | ||
| 250 | 250 | ||
| 251 | * Avoid a use-after-scope in tls13_cert_add() | 251 | * Avoid a use-after-scope in tls13_cert_add(). |
| 252 | 252 | ||
| 253 | * Split TLSv1.3 record protection from record layer. | 253 | * Split TLSv1.3 record protection from record layer. |
| 254 | 254 | ||
| @@ -256,7 +256,7 @@ LibreSSL Portable Release Notes: | |||
| 256 | struct. | 256 | struct. |
| 257 | 257 | ||
| 258 | * Fully initialize rrec in tls12_record_layer_open_record_protected() | 258 | * Fully initialize rrec in tls12_record_layer_open_record_protected() |
| 259 | to avoid confusing certain static analyzers. | 259 | to avoid confusing some static analyzers. |
| 260 | 260 | ||
| 261 | * Use tls_set_errorx() on OCSP_basic_verify() failure since the latter | 261 | * Use tls_set_errorx() on OCSP_basic_verify() failure since the latter |
| 262 | does not set errno. | 262 | does not set errno. |
| @@ -271,18 +271,15 @@ LibreSSL Portable Release Notes: | |||
| 271 | 271 | ||
| 272 | * Avoid mangled output in BIO_debug_callback(). | 272 | * Avoid mangled output in BIO_debug_callback(). |
| 273 | 273 | ||
| 274 | * Fix client side renegotiation by replacing use of s->internal-type | 274 | * Fix client initiated renegotiation by replacing use of s->internal-type |
| 275 | with s->server. | 275 | with s->server. |
| 276 | 276 | ||
| 277 | * Avoid a symbol collision with SSL_is_dtls() between libssl and | ||
| 278 | openssl(1) in static builds. | ||
| 279 | |||
| 280 | * Move the TLSv1.2 record number increment into the new record layer. | 277 | * Move the TLSv1.2 record number increment into the new record layer. |
| 281 | 278 | ||
| 282 | * Move finished and peer finished into the handshake struct. | 279 | * Move finished and peer finished into the handshake struct. |
| 283 | 280 | ||
| 284 | * Avoid transcript initialization when sending a TLS HelloRequest | 281 | * Avoid transcript initialization when sending a TLS HelloRequest, |
| 285 | to fix server side renegotiation. | 282 | fixing server initiated renegotiation. |
| 286 | 283 | ||
| 287 | * Remove pointless assignment in SSL_get0_alpn_selected(). | 284 | * Remove pointless assignment in SSL_get0_alpn_selected(). |
| 288 | 285 | ||
| @@ -290,18 +287,19 @@ LibreSSL Portable Release Notes: | |||
| 290 | 287 | ||
| 291 | * Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h. | 288 | * Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h. |
| 292 | 289 | ||
| 293 | * Show DTLSv1.2 message with openssl(1) s_server and s_client. | 290 | * Add DTLSv1.2 to openssl(1) s_server and s_client protocol message |
| 291 | logging. | ||
| 294 | 292 | ||
| 295 | * Avoid leaking param->name in x509_verify_param_zero(). | 293 | * Avoid leaking param->name in x509_verify_param_zero(). |
| 296 | 294 | ||
| 297 | * Avoid a leak in an error path in openssl x509. | 295 | * Avoid a leak in an error path in openssl(1) x509. |
| 298 | 296 | ||
| 299 | * Add some error checking to openssl x509. | 297 | * Add some error checking to openssl(1) x509. |
| 300 | 298 | ||
| 301 | * When sending an alert in TLSv1.3, only set its error code when no | 299 | * When sending an alert in TLSv1.3, only set its error code when no |
| 302 | other error was set previously. Certain clients rely on specific | 300 | other error was set previously. Certain clients rely on specific |
| 303 | SSL_R_ error codes to determine that they deal with a self signed | 301 | SSL_R_ error codes to identify that they are dealing with a self |
| 304 | cert. | 302 | signed cert. |
| 305 | 303 | ||
| 306 | * Provide SSL_use_certificate_chain_file(3). | 304 | * Provide SSL_use_certificate_chain_file(3). |
| 307 | 305 | ||
| @@ -309,8 +307,6 @@ LibreSSL Portable Release Notes: | |||
| 309 | 307 | ||
| 310 | * Provide various DTLSv1.2 specific functions and defines. | 308 | * Provide various DTLSv1.2 specific functions and defines. |
| 311 | 309 | ||
| 312 | * Remove workarounds for SSL_is_dtls() in openssl(1). | ||
| 313 | |||
| 314 | * Document meaning of '*' in the genrsa output. | 310 | * Document meaning of '*' in the genrsa output. |
| 315 | 311 | ||
| 316 | * Updated documentation for SSL_get_shared_ciphers(3). | 312 | * Updated documentation for SSL_get_shared_ciphers(3). |