aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorBrent Cook <bcook@openbsd.org>2018-08-02 09:26:15 -0500
committerBrent Cook <bcook@openbsd.org>2018-08-02 09:26:15 -0500
commit29fe12a73285d859ed068f1433bf5006f1da54f3 (patch)
tree11d13fa1390bf8439f4cbf7e71f5ec9763304ee2 /ChangeLog
parenta6db5d445d2fc53a4578e6f675f14c7aaff592c6 (diff)
downloadportable-29fe12a73285d859ed068f1433bf5006f1da54f3.tar.gz
portable-29fe12a73285d859ed068f1433bf5006f1da54f3.tar.bz2
portable-29fe12a73285d859ed068f1433bf5006f1da54f3.zip
Update changelog for 2.8.0
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog54
1 files changed, 54 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 06e5999..48da1e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,60 @@ history is also available from Git.
28 28
29LibreSSL Portable Release Notes: 29LibreSSL Portable Release Notes:
30 30
312.8.0 - Bug fixes and improvements
32
33 * Extensive documentation updates and additional API history.
34
35 * Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry
36
37 * Tighten up checks for various X509_VERIFY_PARAM functions,
38 'poisoning' parameters so that an unverified certificate cannot be
39 used if it fails verification.
40
41 * Fixed a potential memory leak on failure in ASN1_item_digest
42
43 * Fixed a potential memory alignment crash in asn1_item_combine_free
44
45 * Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and
46 SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO paths.
47
48 * Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.
49
50 * Made ENGINE_finish and ENGINE_free succeed on NULL and simplify callers
51 and matching OpenSSL behavior, rewrote ENGINE_* documentation.
52
53 * Added const annotations to many existing APIs.
54
55 * Fixed small timing side-channels in ecdsa_sign_setup and
56 dsa_sign_setup.
57
58 * Documented security pitfalls with BN_FLG_CONSTTIME and constant-time
59 operation of BN_* functions.
60
61 * Updated BN_clear to use explicit_bzero.
62
63 * Added a missing bounds check in c2i_ASN1_BIT_STRING.
64
65 * More CBS conversions, including simplifications to RSA key exchange,
66 and converted code to use dedicated buffers for secrets.
67
68 * Removed three remaining single DES cipher suites.
69
70 * Fixed a potential leak/incorrect return value in DSA signature generation.
71
72 * Added a blinding value when generating DSA and ECDSA signatures, in
73 order to reduce the possibility of a side-channel attack leaking the
74 private key.
75
76 * Added ECC constant time scalar multiplication support.
77 From Billy Brumley and his team.
78
79 * Implemented RSASSA-PKCS1-v1_5 as specified in RFC 8017.
80 Based on an OpenSSL commit by David Benjamin.
81
82 * Cleaned up BN_* implementations following changes made in OpenSSL by
83 Davide Galassi and others.
84
312.7.4 - Security fixes 852.7.4 - Security fixes
32 86
33 * Avoid a timing side-channel leak when generating DSA and ECDSA 87 * Avoid a timing side-channel leak when generating DSA and ECDSA