Further tweaks and improvements to the ChangeLogv3.7.1

author: Joel Sing <joel@sing.id.au> 2023-03-16 15:54:02 +1100
committer: Joel Sing <joel@sing.id.au> 2023-03-16 15:54:02 +1100
commit: fedc581dcb6cf26d9114ef33ac75f416f3505cd7 (patch)
tree: c43d97298acfa365c365e3ca03081d9508e06e0b
parent: ab7e90a209b734622f6f968ad7be258636a9b9e8 (diff)
download: portable-3.7.1.tar.gz
portable-3.7.1.tar.bz2
portable-3.7.1.zip
1 files changed, 24 insertions, 28 deletions
diff --git a/ChangeLog b/ChangeLog
index edbf177..71fd38e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,44 +33,40 @@ LibreSSL Portable Release Notes:
        * Internal improvements
          - Initial overhaul of the BIGNUM code:
            - Added a new framework that allows architecture-dependent
-              replacement implementations for bignum primitives
+              replacement implementations for bignum primitives.
-            - Imported s2n-bignum's constant time assembly primitives.
+            - Imported various s2n-bignum's constant time assembly primitives
-              Use them for amd64 and arm64.
+              and switched amd64 to them.
-            - Lots of cleanup, simplification and bug fixes
+            - Lots of cleanup, simplification and bug fixes.
-          - Fixed Perl assembly generators to move constants into .rodata.
+          - Changed Perl assembly generators to move constants into .rodata,
-            This allows code to run with execute-only permissions.
+            allowing code to run with execute-only permissions.
-          - ASN1 parsing rework and improvements
+          - Capped the number of iterations in DSA and ECDSA signing (avoiding
-          - Make UI_destroy_method() NULL safe.
+            infinite loops), added additional sanity checks to DSA.
-          - Various improvements to nc
+          - ASN.1 parsing improvements.
-          - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
+          - Made UI_destroy_method() NULL safe.
-          - Cap the number of iterations in ECDSA signing,DSA signing, and other
+          - Various improvements to nc(1).
-            DSA sanity checks.
          - Always clear EC groups and points on free.
-          - Cleanup and improvements in EC code
+          - Cleanup and improvements in EC code.
          - Various openssl(1) improvements.
        * Bug fixes
          - Fixed a memory leak, a double free and various other issues in
-            BIO_new_NDEF()
+            BIO_new_NDEF().
-          - Avoid infinite loops in DSA and ECDSA signing.
-          - Check DSA parameter sanity
          - Fixed various crashes in the openssl(1) testing utility.
          - Do not check policies by default in the new X.509 verifier.
-          - Avoid -0 in BN_div_word().
-          - Fix an off-by-one in dsa_check_key().
          - Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.
-          - Add missing error checking in PKCS7.
+          - Added missing error checking in PKCS7.
+          - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
        * Compatibility changes
          - Correct the prototypes of BIO_get_conn_ip(3) and
            BIO_get_conn_int_port(3).
-          - Provide UI_null()
+        * New features
-          - Expose various X509_STORE_*check_issued()
+          - Added UI_null()
-          - Expose X509_CRL_get0_sigalg() and X509_get0_uids
+          - Added X509_STORE_*check_issued()
-          - Expose the EVP_CIPHER_meth_* API (setter only) in evp.h
+          - Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors.
-          - Introduce X509_get0_uids() accessor function
+          - Added EVP_CIPHER_meth_*() setter API.
        * Documentation improvements
-          - Mark BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
+          - Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
            BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
-          - Merge documentation of UI_null() from OpenSSL 1.1
+          - Merged documentation of UI_null() from OpenSSL 1.1
          - Document BIO_number_read(3), BIO_number_written(3),
                BIO_set_retry_read(3), BIO_set_retry_write(3),
                BIO_set_retry_special(3), BIO_clear_retry_flags(3),
@@ -90,11 +86,11 @@ LibreSSL Portable Release Notes:
          - Various spelling and other documentation improvements.
        * Testing and Proactive Security
          - As always, new test coverage is added as bugs are fixed and subsystems
-            are cleaned up
+            are cleaned up.
          - New Wycheproof tests added.
          - OpenSSL 3.0 Interop tests added.
          - Many old tests rewritten, cleaned up and extended.
-        * Security fix
+        * Security fixes
          - A malicious certificate revocation list or timestamp response token
            would allow an attacker to read arbitrary memory.
author	Joel Sing <joel@sing.id.au>	2023-03-16 15:54:02 +1100
committer	Joel Sing <joel@sing.id.au>	2023-03-16 15:54:02 +1100
commit	fedc581dcb6cf26d9114ef33ac75f416f3505cd7 (patch)
tree	c43d97298acfa365c365e3ca03081d9508e06e0b
parent	ab7e90a209b734622f6f968ad7be258636a9b9e8 (diff)
download	portable-3.7.1.tar.gz portable-3.7.1.tar.bz2 portable-3.7.1.zip

diff --git a/ChangeLog b/ChangeLog index edbf177..71fd38e 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -33,44 +33,40 @@ LibreSSL Portable Release Notes:
33	* Internal improvements	33	* Internal improvements
34	- Initial overhaul of the BIGNUM code:	34	- Initial overhaul of the BIGNUM code:
35	- Added a new framework that allows architecture-dependent	35	- Added a new framework that allows architecture-dependent
36	replacement implementations for bignum primitives	36	replacement implementations for bignum primitives.
37	- Imported s2n-bignum's constant time assembly primitives.	37	- Imported various s2n-bignum's constant time assembly primitives
38	Use them for amd64 and arm64.	38	and switched amd64 to them.
39	- Lots of cleanup, simplification and bug fixes	39	- Lots of cleanup, simplification and bug fixes.
40	- Fixed Perl assembly generators to move constants into .rodata.	40	- Changed Perl assembly generators to move constants into .rodata,
41	This allows code to run with execute-only permissions.	41	allowing code to run with execute-only permissions.
42	- ASN1 parsing rework and improvements	42	- Capped the number of iterations in DSA and ECDSA signing (avoiding
43	- Make UI_destroy_method() NULL safe.	43	infinite loops), added additional sanity checks to DSA.
44	- Various improvements to nc	44	- ASN.1 parsing improvements.
45	- Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().	45	- Made UI_destroy_method() NULL safe.
46	- Cap the number of iterations in ECDSA signing,DSA signing, and other	46	- Various improvements to nc(1).
47	DSA sanity checks.
48	- Always clear EC groups and points on free.	47	- Always clear EC groups and points on free.
49	- Cleanup and improvements in EC code	48	- Cleanup and improvements in EC code.
50	- Various openssl(1) improvements.	49	- Various openssl(1) improvements.
51	* Bug fixes	50	* Bug fixes
52	- Fixed a memory leak, a double free and various other issues in	51	- Fixed a memory leak, a double free and various other issues in
53	BIO_new_NDEF()	52	BIO_new_NDEF().
54	- Avoid infinite loops in DSA and ECDSA signing.
55	- Check DSA parameter sanity
56	- Fixed various crashes in the openssl(1) testing utility.	53	- Fixed various crashes in the openssl(1) testing utility.
57	- Do not check policies by default in the new X.509 verifier.	54	- Do not check policies by default in the new X.509 verifier.
58	- Avoid -0 in BN_div_word().
59	- Fix an off-by-one in dsa_check_key().
60	- Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.	55	- Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.
61	- Add missing error checking in PKCS7.	56	- Added missing error checking in PKCS7.
		57	- Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
62	* Compatibility changes	58	* Compatibility changes
63	- Correct the prototypes of BIO_get_conn_ip(3) and	59	- Correct the prototypes of BIO_get_conn_ip(3) and
64	BIO_get_conn_int_port(3).	60	BIO_get_conn_int_port(3).
65	- Provide UI_null()	61	* New features
66	- Expose various X509_STORE_*check_issued()	62	- Added UI_null()
67	- Expose X509_CRL_get0_sigalg() and X509_get0_uids	63	- Added X509_STORE_*check_issued()
68	- Expose the EVP_CIPHER_meth_* API (setter only) in evp.h	64	- Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors.
69	- Introduce X509_get0_uids() accessor function	65	- Added EVP_CIPHER_meth_*() setter API.
70	* Documentation improvements	66	* Documentation improvements
71	- Mark BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),	67	- Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
72	BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.	68	BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
73	- Merge documentation of UI_null() from OpenSSL 1.1	69	- Merged documentation of UI_null() from OpenSSL 1.1
74	- Document BIO_number_read(3), BIO_number_written(3),	70	- Document BIO_number_read(3), BIO_number_written(3),
75	BIO_set_retry_read(3), BIO_set_retry_write(3),	71	BIO_set_retry_read(3), BIO_set_retry_write(3),
76	BIO_set_retry_special(3), BIO_clear_retry_flags(3),	72	BIO_set_retry_special(3), BIO_clear_retry_flags(3),
@@ -90,11 +86,11 @@ LibreSSL Portable Release Notes:
90	- Various spelling and other documentation improvements.	86	- Various spelling and other documentation improvements.
91	* Testing and Proactive Security	87	* Testing and Proactive Security
92	- As always, new test coverage is added as bugs are fixed and subsystems	88	- As always, new test coverage is added as bugs are fixed and subsystems
93	are cleaned up	89	are cleaned up.
94	- New Wycheproof tests added.	90	- New Wycheproof tests added.
95	- OpenSSL 3.0 Interop tests added.	91	- OpenSSL 3.0 Interop tests added.
96	- Many old tests rewritten, cleaned up and extended.	92	- Many old tests rewritten, cleaned up and extended.
97	* Security fix	93	* Security fixes
98	- A malicious certificate revocation list or timestamp response token	94	- A malicious certificate revocation list or timestamp response token
99	would allow an attacker to read arbitrary memory.	95	would allow an attacker to read arbitrary memory.
100		96