aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@openbsd.org>2021-04-13 14:53:35 +0200
committerTheo Buehler <tb@openbsd.org>2021-04-13 14:53:48 +0200
commit0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1 (patch)
treee1690636f9c5e64af1c020aebc4cb03873fe06b5
parent2509d58f8af80e7967c53aa80e9a650d7b464ad2 (diff)
downloadportable-0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1.tar.gz
portable-0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1.tar.bz2
portable-0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1.zip
Fix a number of typos and expand a few entries
Diffstat
-rw-r--r--ChangeLog34
1 files changed, 18 insertions, 16 deletions
diff --git a/ChangeLog b/ChangeLog
index 41bc6cd..8654509 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,10 +30,10 @@ LibreSSL Portable Release Notes:
30 30
313.3.2 - Development release 313.3.2 - Development release
32 32
33 * This release adds support for DTLSv1.2 and continued the record layer 33 * This release adds support for DTLSv1.2 and continues the rewrite
34 rewrite for the legacy stack. Numerous bugs and interoperability 34 of the record layer for the legacy stack. Numerous bugs and
35 issues were fixed in the new verifier. The OpenSSL 1.1 TLSv1.3 API 35 interoperability issues were fixed in the new verifier. The
36 is not yet available. 36 OpenSSL 1.1 TLSv1.3 API is not yet available.
37 37
38 * Switch finish{,_peer}_md_len from an int to a size_t. 38 * Switch finish{,_peer}_md_len from an int to a size_t.
39 39
@@ -54,7 +54,8 @@ LibreSSL Portable Release Notes:
54 these could leak if SSL_shutdown() or tls_close() were called 54 these could leak if SSL_shutdown() or tls_close() were called
55 after closing the underlying socket(). 55 after closing the underlying socket().
56 56
57 * Free struct members in their natural order for reviewability. 57 * Free struct members in tls13_record_layer_free() in their natural
58 order for reviewability.
58 59
59 * Gracefully handle root certificates being both trusted and 60 * Gracefully handle root certificates being both trusted and
60 untrusted. 61 untrusted.
@@ -64,7 +65,7 @@ LibreSSL Portable Release Notes:
64 65
65 * Use the legacy verifier when building auto chains. 66 * Use the legacy verifier when building auto chains.
66 67
67 * Use consistent namesin tls13_{client,server}_finished_{recv,send}(). 68 * Use consistent names in tls13_{client,server}_finished_{recv,send}().
68 69
69 * Add tls13_secret_{init,cleanup}() and use them throughout the 70 * Add tls13_secret_{init,cleanup}() and use them throughout the
70 TLSv1.3 code base. 71 TLSv1.3 code base.
@@ -97,26 +98,27 @@ LibreSSL Portable Release Notes:
97 98
98 * Clean up dtls1_reset_seq_numbers(). 99 * Clean up dtls1_reset_seq_numbers().
99 100
100 * Factor out code for explicit IV length, block size and MAC length. 101 * Factor out code for explicit IV length, block size and MAC length
102 from tls12_record_layer_open_record_protected_cipher().
101 103
102 * Provide record layer overhead for DTLS. 104 * Provide record layer overhead for DTLS.
103 105
104 * Provide functions to determine if TLSv1.2 record protection is 106 * Provide functions to determine if TLSv1.2 record protection is
105 engaged. 107 engaged.
106 108
107 * Add code to handle change of cipehr state in the new TLSv1.2 record 109 * Add code to handle change of cipher state in the new TLSv1.2 record
108 layer. 110 layer.
109 111
110 * Mop up unused dtls1_build_sequence_numbers() function. 112 * Mop up unused dtls1_build_sequence_numbers() function.
111 113
112 * Allow setting a keypair on a tls context without specifying the 114 * Allow setting a keypair on a tls context without specifying the
113 private key and fake it internally in libtls. This removes the need 115 private key, and fake it internally in libtls. This removes the
114 for privsep engines like relayd to use bogus keys. 116 need for privsep engines like relayd to use bogus keys.
115 117
116 * Skip the private key check for fake private keys. 118 * Skip the private key check for fake private keys.
117 119
118 * Move the private key setup to a helper function with proper error 120 * Move the private key setup from tls_configure_ssl_keypair() to a
119 checking. 121 helper function with proper error checking.
120 122
121 * Change the internal tls_configure_ssl_keypair() function to 123 * Change the internal tls_configure_ssl_keypair() function to
122 return -1 instead of 1 on failure. 124 return -1 instead of 1 on failure.
@@ -138,7 +140,7 @@ LibreSSL Portable Release Notes:
138 140
139 * Correct handshake MAC/PRF for various TLSv1.2 cipher suites which 141 * Correct handshake MAC/PRF for various TLSv1.2 cipher suites which
140 were originally added with the default handshake MAC and PRF rather 142 were originally added with the default handshake MAC and PRF rather
141 than hte SHA256 handshake MAC and PRF. 143 than the SHA256 handshake MAC and PRF.
142 144
143 * Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). 145 * Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().
144 146
@@ -170,8 +172,8 @@ LibreSSL Portable Release Notes:
170 zero if the minimum or maximum has been set to zero to match 172 zero if the minimum or maximum has been set to zero to match
171 OpenSSL's behavior. 173 OpenSSL's behavior.
172 174
173 * Rename the "truncated" label into "decode_err" and "f_err" into 175 * Rename the "truncated" label into "decode_err" and the "f_err"
174 "fatal_err". 176 label into "fatal_err".
175 177
176 * Factor out and change some of the legacy client version code. 178 * Factor out and change some of the legacy client version code.
177 179
@@ -321,7 +323,7 @@ LibreSSL Portable Release Notes:
321 323
322 * Document SSL_set_hostflags(3) and SSL_get0_peername(3). 324 * Document SSL_set_hostflags(3) and SSL_get0_peername(3).
323 325
324 * Update SSL_get_version.3 manualf or DTLSv.1.2 support. 326 * Update SSL_get_version.3 manual for DTLSv.1.2 support.
325 327
3263.3.1 - Security fix 3283.3.1 - Security fix
327 329
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-03 03:32:10 +0000