diff options
author | Theo Buehler <tb@openbsd.org> | 2021-04-13 14:53:35 +0200 |
---|---|---|
committer | Theo Buehler <tb@openbsd.org> | 2021-04-13 14:53:48 +0200 |
commit | 0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1 (patch) | |
tree | e1690636f9c5e64af1c020aebc4cb03873fe06b5 /ChangeLog | |
parent | 2509d58f8af80e7967c53aa80e9a650d7b464ad2 (diff) | |
download | portable-0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1.tar.gz portable-0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1.tar.bz2 portable-0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1.zip |
Fix a number of typos and expand a few entries
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 34 |
1 files changed, 18 insertions, 16 deletions
@@ -30,10 +30,10 @@ LibreSSL Portable Release Notes: | |||
30 | 30 | ||
31 | 3.3.2 - Development release | 31 | 3.3.2 - Development release |
32 | 32 | ||
33 | * This release adds support for DTLSv1.2 and continued the record layer | 33 | * This release adds support for DTLSv1.2 and continues the rewrite |
34 | rewrite for the legacy stack. Numerous bugs and interoperability | 34 | of the record layer for the legacy stack. Numerous bugs and |
35 | issues were fixed in the new verifier. The OpenSSL 1.1 TLSv1.3 API | 35 | interoperability issues were fixed in the new verifier. The |
36 | is not yet available. | 36 | OpenSSL 1.1 TLSv1.3 API is not yet available. |
37 | 37 | ||
38 | * Switch finish{,_peer}_md_len from an int to a size_t. | 38 | * Switch finish{,_peer}_md_len from an int to a size_t. |
39 | 39 | ||
@@ -54,7 +54,8 @@ LibreSSL Portable Release Notes: | |||
54 | these could leak if SSL_shutdown() or tls_close() were called | 54 | these could leak if SSL_shutdown() or tls_close() were called |
55 | after closing the underlying socket(). | 55 | after closing the underlying socket(). |
56 | 56 | ||
57 | * Free struct members in their natural order for reviewability. | 57 | * Free struct members in tls13_record_layer_free() in their natural |
58 | order for reviewability. | ||
58 | 59 | ||
59 | * Gracefully handle root certificates being both trusted and | 60 | * Gracefully handle root certificates being both trusted and |
60 | untrusted. | 61 | untrusted. |
@@ -64,7 +65,7 @@ LibreSSL Portable Release Notes: | |||
64 | 65 | ||
65 | * Use the legacy verifier when building auto chains. | 66 | * Use the legacy verifier when building auto chains. |
66 | 67 | ||
67 | * Use consistent namesin tls13_{client,server}_finished_{recv,send}(). | 68 | * Use consistent names in tls13_{client,server}_finished_{recv,send}(). |
68 | 69 | ||
69 | * Add tls13_secret_{init,cleanup}() and use them throughout the | 70 | * Add tls13_secret_{init,cleanup}() and use them throughout the |
70 | TLSv1.3 code base. | 71 | TLSv1.3 code base. |
@@ -97,26 +98,27 @@ LibreSSL Portable Release Notes: | |||
97 | 98 | ||
98 | * Clean up dtls1_reset_seq_numbers(). | 99 | * Clean up dtls1_reset_seq_numbers(). |
99 | 100 | ||
100 | * Factor out code for explicit IV length, block size and MAC length. | 101 | * Factor out code for explicit IV length, block size and MAC length |
102 | from tls12_record_layer_open_record_protected_cipher(). | ||
101 | 103 | ||
102 | * Provide record layer overhead for DTLS. | 104 | * Provide record layer overhead for DTLS. |
103 | 105 | ||
104 | * Provide functions to determine if TLSv1.2 record protection is | 106 | * Provide functions to determine if TLSv1.2 record protection is |
105 | engaged. | 107 | engaged. |
106 | 108 | ||
107 | * Add code to handle change of cipehr state in the new TLSv1.2 record | 109 | * Add code to handle change of cipher state in the new TLSv1.2 record |
108 | layer. | 110 | layer. |
109 | 111 | ||
110 | * Mop up unused dtls1_build_sequence_numbers() function. | 112 | * Mop up unused dtls1_build_sequence_numbers() function. |
111 | 113 | ||
112 | * Allow setting a keypair on a tls context without specifying the | 114 | * Allow setting a keypair on a tls context without specifying the |
113 | private key and fake it internally in libtls. This removes the need | 115 | private key, and fake it internally in libtls. This removes the |
114 | for privsep engines like relayd to use bogus keys. | 116 | need for privsep engines like relayd to use bogus keys. |
115 | 117 | ||
116 | * Skip the private key check for fake private keys. | 118 | * Skip the private key check for fake private keys. |
117 | 119 | ||
118 | * Move the private key setup to a helper function with proper error | 120 | * Move the private key setup from tls_configure_ssl_keypair() to a |
119 | checking. | 121 | helper function with proper error checking. |
120 | 122 | ||
121 | * Change the internal tls_configure_ssl_keypair() function to | 123 | * Change the internal tls_configure_ssl_keypair() function to |
122 | return -1 instead of 1 on failure. | 124 | return -1 instead of 1 on failure. |
@@ -138,7 +140,7 @@ LibreSSL Portable Release Notes: | |||
138 | 140 | ||
139 | * Correct handshake MAC/PRF for various TLSv1.2 cipher suites which | 141 | * Correct handshake MAC/PRF for various TLSv1.2 cipher suites which |
140 | were originally added with the default handshake MAC and PRF rather | 142 | were originally added with the default handshake MAC and PRF rather |
141 | than hte SHA256 handshake MAC and PRF. | 143 | than the SHA256 handshake MAC and PRF. |
142 | 144 | ||
143 | * Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). | 145 | * Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). |
144 | 146 | ||
@@ -170,8 +172,8 @@ LibreSSL Portable Release Notes: | |||
170 | zero if the minimum or maximum has been set to zero to match | 172 | zero if the minimum or maximum has been set to zero to match |
171 | OpenSSL's behavior. | 173 | OpenSSL's behavior. |
172 | 174 | ||
173 | * Rename the "truncated" label into "decode_err" and "f_err" into | 175 | * Rename the "truncated" label into "decode_err" and the "f_err" |
174 | "fatal_err". | 176 | label into "fatal_err". |
175 | 177 | ||
176 | * Factor out and change some of the legacy client version code. | 178 | * Factor out and change some of the legacy client version code. |
177 | 179 | ||
@@ -321,7 +323,7 @@ LibreSSL Portable Release Notes: | |||
321 | 323 | ||
322 | * Document SSL_set_hostflags(3) and SSL_get0_peername(3). | 324 | * Document SSL_set_hostflags(3) and SSL_get0_peername(3). |
323 | 325 | ||
324 | * Update SSL_get_version.3 manualf or DTLSv.1.2 support. | 326 | * Update SSL_get_version.3 manual for DTLSv.1.2 support. |
325 | 327 | ||
326 | 3.3.1 - Security fix | 328 | 3.3.1 - Security fix |
327 | 329 | ||