diff options
| author | Brent Cook <bcook@openbsd.org> | 2018-09-23 12:51:51 -0500 |
|---|---|---|
| committer | Brent Cook <bcook@openbsd.org> | 2018-09-23 12:51:51 -0500 |
| commit | 35dbed1ae9f69ed6aed40789a7fb5deeb6eb8888 (patch) | |
| tree | af1a7a93c990024fdcc8a3be0f9701e34e2ee959 | |
| parent | 4fe24eb56db768250b22229b2fe95c8aa9ef345a (diff) | |
| download | portable-35dbed1ae9f69ed6aed40789a7fb5deeb6eb8888.tar.gz portable-35dbed1ae9f69ed6aed40789a7fb5deeb6eb8888.tar.bz2 portable-35dbed1ae9f69ed6aed40789a7fb5deeb6eb8888.zip | |
update Changelog
| -rw-r--r-- | ChangeLog | 59 |
1 files changed, 59 insertions, 0 deletions
| @@ -28,6 +28,65 @@ history is also available from Git. | |||
| 28 | 28 | ||
| 29 | LibreSSL Portable Release Notes: | 29 | LibreSSL Portable Release Notes: |
| 30 | 30 | ||
| 31 | 2.8.1 - Test and compatibility improvements | ||
| 32 | |||
| 33 | * Added Wycheproof test vectors for ECDH, RSASSA-PSS, AES-GCM, | ||
| 34 | AES-CMAC, AES-CCM, AES-CBC-PKCS5, DSA, ChaCha20-Poly1305, ECDSA, | ||
| 35 | X25519, and applied appropriate fixes for errors uncovered by tests. | ||
| 36 | |||
| 37 | * Simplified key exchange signature generation and verification. | ||
| 38 | |||
| 39 | * Fixed a one-byte buffer overrun in callers of EVP_read_pw_string | ||
| 40 | |||
| 41 | * Converted more code paths to use CBB/CBS. All handshake messages are | ||
| 42 | now created by CBB. | ||
| 43 | |||
| 44 | * Fixed various memory leaks found by Coverity. | ||
| 45 | |||
| 46 | * Simplfied session ticket parsing and handling, inspired by | ||
| 47 | BoringSSL. | ||
| 48 | |||
| 49 | * Modified signature of CRYPTO_mem_leaks_* to return -1. This function | ||
| 50 | is a no-op in LibreSSL, so this function returns an error to not | ||
| 51 | indicate the (non-)existence of memory leaks. | ||
| 52 | |||
| 53 | * SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate, BIO_set_cipher, | ||
| 54 | X509_OBJECT_up_ref_count now return an int for error handling, | ||
| 55 | matching OpenSSL. | ||
| 56 | |||
| 57 | * Converted a number of #defines into proper functions, matching | ||
| 58 | OpenSSL's ABI. | ||
| 59 | |||
| 60 | * Added X509_get0_serialNumber from OpenSSL. | ||
| 61 | |||
| 62 | * Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while adding | ||
| 63 | PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs, matching | ||
| 64 | OpenSSL. | ||
| 65 | |||
| 66 | * Removed broken pkcs8 formats from openssl(1). | ||
| 67 | |||
| 68 | * Converted more functions in public API to use const arguments. | ||
| 69 | |||
| 70 | * Stopped handing AES-GCM in ssl_cipher_get_evp, since they use the | ||
| 71 | EVP_AEAD interface. | ||
| 72 | |||
| 73 | * Stopped using composite EVP_CIPHER AEADs. | ||
| 74 | |||
| 75 | * Added timing-safe compares for checking results of signature | ||
| 76 | verification. There are no known attacks, this is just inexpensive | ||
| 77 | prudence. | ||
| 78 | |||
| 79 | * Correctly clear the current cipher state, when changing cipher state. | ||
| 80 | This fixed an issue where renegotion of cipher suites would fail | ||
| 81 | when switched from AEAD to non-AEAD or vice-versa. | ||
| 82 | Issue reported by Bernard Spil. | ||
| 83 | |||
| 84 | * Added more cipher tests to appstest.sh, including all TLSv1.2 | ||
| 85 | ciphers. | ||
| 86 | |||
| 87 | * Added RSA_meth_get_finish() RSA_meth_set1_name(), and | ||
| 88 | EVP_CIPHER_CTX_(get|set)_iv() from OpenSSL. | ||
| 89 | |||
| 31 | 2.8.0 - Bug fixes, security, and compatibility improvements | 90 | 2.8.0 - Bug fixes, security, and compatibility improvements |
| 32 | 91 | ||
| 33 | * Extensive documentation updates and additional API history. | 92 | * Extensive documentation updates and additional API history. |