Update changelog for 2.8.0

author: Brent Cook <bcook@openbsd.org> 2018-08-02 09:26:15 -0500
committer: Brent Cook <bcook@openbsd.org> 2018-08-02 09:26:15 -0500
commit: 29fe12a73285d859ed068f1433bf5006f1da54f3 (patch)
tree: 11d13fa1390bf8439f4cbf7e71f5ec9763304ee2 /ChangeLog
parent: a6db5d445d2fc53a4578e6f675f14c7aaff592c6 (diff)
download: portable-29fe12a73285d859ed068f1433bf5006f1da54f3.tar.gz
portable-29fe12a73285d859ed068f1433bf5006f1da54f3.tar.bz2
portable-29fe12a73285d859ed068f1433bf5006f1da54f3.zip
1 files changed, 54 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 06e5999..48da1e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,60 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.8.0 - Bug fixes and improvements
+        * Extensive documentation updates and additional API history.
+        * Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry
+        * Tighten up checks for various X509_VERIFY_PARAM functions,
+          'poisoning' parameters so that an unverified certificate cannot be
+          used if it fails verification.
+        * Fixed a potential memory leak on failure in ASN1_item_digest
+        * Fixed a potential memory alignment crash in asn1_item_combine_free
+        * Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and
+          SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO paths.
+        * Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.
+        * Made ENGINE_finish and ENGINE_free succeed on NULL and simplify callers
+          and matching OpenSSL behavior, rewrote ENGINE_* documentation.
+        * Added const annotations to many existing APIs.
+        * Fixed small timing side-channels in ecdsa_sign_setup and
+          dsa_sign_setup.
+        * Documented security pitfalls with BN_FLG_CONSTTIME and constant-time
+          operation of BN_* functions.
+        * Updated BN_clear to use explicit_bzero.
+        * Added a missing bounds check in c2i_ASN1_BIT_STRING.
+        * More CBS conversions, including simplifications to RSA key exchange,
+          and converted code to use dedicated buffers for secrets.
+        * Removed three remaining single DES cipher suites.
+        * Fixed a potential leak/incorrect return value in DSA signature generation.
+        * Added a blinding value when generating DSA and ECDSA signatures, in
+          order to reduce the possibility of a side-channel attack leaking the
+          private key.
+        * Added ECC constant time scalar multiplication support.
+          From Billy Brumley and his team.
+        * Implemented RSASSA-PKCS1-v1_5 as specified in RFC 8017.
+          Based on an OpenSSL commit by David Benjamin.
+        * Cleaned up BN_* implementations following changes made in OpenSSL by
+          Davide Galassi and others.
 2.7.4 - Security fixes
        * Avoid a timing side-channel leak when generating DSA and ECDSA
author	Brent Cook <bcook@openbsd.org>	2018-08-02 09:26:15 -0500
committer	Brent Cook <bcook@openbsd.org>	2018-08-02 09:26:15 -0500
commit	29fe12a73285d859ed068f1433bf5006f1da54f3 (patch)
tree	11d13fa1390bf8439f4cbf7e71f5ec9763304ee2 /ChangeLog
parent	a6db5d445d2fc53a4578e6f675f14c7aaff592c6 (diff)
download	portable-29fe12a73285d859ed068f1433bf5006f1da54f3.tar.gz portable-29fe12a73285d859ed068f1433bf5006f1da54f3.tar.bz2 portable-29fe12a73285d859ed068f1433bf5006f1da54f3.zip

diff --git a/ChangeLog b/ChangeLog index 06e5999..48da1e0 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,60 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.8.0 - Bug fixes and improvements
		32
		33	* Extensive documentation updates and additional API history.
		34
		35	* Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry
		36
		37	* Tighten up checks for various X509_VERIFY_PARAM functions,
		38	'poisoning' parameters so that an unverified certificate cannot be
		39	used if it fails verification.
		40
		41	* Fixed a potential memory leak on failure in ASN1_item_digest
		42
		43	* Fixed a potential memory alignment crash in asn1_item_combine_free
		44
		45	* Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and
		46	SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO paths.
		47
		48	* Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.
		49
		50	* Made ENGINE_finish and ENGINE_free succeed on NULL and simplify callers
		51	and matching OpenSSL behavior, rewrote ENGINE_* documentation.
		52
		53	* Added const annotations to many existing APIs.
		54
		55	* Fixed small timing side-channels in ecdsa_sign_setup and
		56	dsa_sign_setup.
		57
		58	* Documented security pitfalls with BN_FLG_CONSTTIME and constant-time
		59	operation of BN_* functions.
		60
		61	* Updated BN_clear to use explicit_bzero.
		62
		63	* Added a missing bounds check in c2i_ASN1_BIT_STRING.
		64
		65	* More CBS conversions, including simplifications to RSA key exchange,
		66	and converted code to use dedicated buffers for secrets.
		67
		68	* Removed three remaining single DES cipher suites.
		69
		70	* Fixed a potential leak/incorrect return value in DSA signature generation.
		71
		72	* Added a blinding value when generating DSA and ECDSA signatures, in
		73	order to reduce the possibility of a side-channel attack leaking the
		74	private key.
		75
		76	* Added ECC constant time scalar multiplication support.
		77	From Billy Brumley and his team.
		78
		79	* Implemented RSASSA-PKCS1-v1_5 as specified in RFC 8017.
		80	Based on an OpenSSL commit by David Benjamin.
		81
		82	* Cleaned up BN_* implementations following changes made in OpenSSL by
		83	Davide Galassi and others.
		84
31	2.7.4 - Security fixes	85	2.7.4 - Security fixes
32		86
33	* Avoid a timing side-channel leak when generating DSA and ECDSA	87	* Avoid a timing side-channel leak when generating DSA and ECDSA