diff options
author | Bob Beck <beck@openbsd.org> | 2023-03-15 18:45:21 -0600 |
---|---|---|
committer | Bob Beck <beck@openbsd.org> | 2023-03-15 18:45:21 -0600 |
commit | 3fab19adc4e5b5754566c3ee2b936cb37b906e5f (patch) | |
tree | 34ed14108139d14f283c7d025ca66144c9c30009 /ChangeLog | |
parent | 047fddbee9f34c16a82e66ecbe1058bb8810e82f (diff) | |
download | portable-3fab19adc4e5b5754566c3ee2b936cb37b906e5f.tar.gz portable-3fab19adc4e5b5754566c3ee2b936cb37b906e5f.tar.bz2 portable-3fab19adc4e5b5754566c3ee2b936cb37b906e5f.zip |
3.7.1. ChangeLog
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 62 |
1 files changed, 62 insertions, 0 deletions
@@ -28,6 +28,7 @@ history is also available from Git. | |||
28 | 28 | ||
29 | LibreSSL Portable Release Notes: | 29 | LibreSSL Portable Release Notes: |
30 | 30 | ||
31 | <<<<<<< HEAD | ||
31 | 3.7.1 - Development release | 32 | 3.7.1 - Development release |
32 | 33 | ||
33 | * Internal improvements | 34 | * Internal improvements |
@@ -56,7 +57,68 @@ LibreSSL Portable Release Notes: | |||
56 | would allow an attacker to read arbitrary memory. | 57 | would allow an attacker to read arbitrary memory. |
57 | 58 | ||
58 | 3.7.0 - Development release | 59 | 3.7.0 - Development release |
60 | ======= | ||
61 | 3.7.1 - Stable release | ||
62 | * Internal improvements | ||
63 | - Extensive reworking of bignum and montgomery multiplication support (BN_). | ||
64 | - Transition to using s2n-bignum assembly implementation for bignum on amd64 | ||
65 | - ASN1 parsing rework and improvements, including infinite loop avoidance. | ||
66 | - Make UI_destroy_method() NULL safe. | ||
67 | - Various improvements to nc | ||
68 | - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). | ||
69 | - Various internal EC improvements. | ||
70 | - Various openssl(1) improvements. | ||
71 | - Cap the number of iterations in ECDSA signing | ||
72 | - Cap the number of iterations in DSA signing, and other DSA sanity checks. | ||
73 | - Always clear EC groups and points on free. | ||
74 | - Various other internal cleanups | ||
75 | * Compatibility changes | ||
76 | - correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3) | ||
77 | * Bug fixes | ||
78 | - Avoid -0 in BN_div_word(). | ||
79 | - Fix an off-by-one in dsa_check_key() | ||
80 | - openssl(1) asn1parse: avoid crash with ASN.1 BOOLEANS | ||
81 | - Add missing error checking in PKCS7 | ||
82 | * Documentation improvements | ||
83 | - Mark BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), | ||
84 | BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. | ||
85 | - Document BIO_number_read(3) and BIO_number_written(3) | ||
86 | - Merge documentation of UI_null() from OpenSSL 1.1 | ||
87 | - Document BIO_set_retry_read(3), BIO_set_retry_write(3), BIO_set_retry_special(3), | ||
88 | BIO_clear_retry_flags(3), BIO_get_retry_flags(3), and the BIO_FLAGS_* constants | ||
89 | - Document BIO_dup_chain(3). | ||
90 | - Document BIO_set_flags(3), BIO_clear_flags(3), BIO_test_flags(3), and BIO_get_flags(3). | ||
91 | - Document BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3), | ||
92 | and BIO_callback_fn(3). | ||
93 | - Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). | ||
94 | - Document EVP_PKEY_new_raw_private_key(3), EVP_PKEY_new_raw_public_key(3), | ||
95 | EVP_PKEY_get_raw_private_key(3), and EVP_PKEY_get_raw_public_key(3). | ||
96 | - Document ASN1_buf_print(3). | ||
97 | - Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). | ||
98 | - Document ECDSA_SIG_get0_{r,s}(). | ||
99 | - Document DH_get0_* for individual DH members. | ||
100 | - Document DSA_get0_* for individual DSA members | ||
101 | - Document RSA_get0_* for individual RSA members. | ||
102 | - Various spelling and other documentation improvements. | ||
103 | * Testing and Proactive Security | ||
104 | - As always, new test coverage is added as bugs are fixed and | ||
105 | subsystems are cleaned up | ||
106 | - New Wycheproof tests added. | ||
107 | - OpenSSL 3.0 Interop tests added. | ||
108 | - Many old tests rewritten, cleaned up and extended. | ||
109 | * New features | ||
110 | - Modifications to perlasm and assembly code to move constants out of | ||
111 | executable memory to rodata memory, thus supportinf execute only | ||
112 | memory | ||
113 | - import a copy of OpenSSL 1.1's cmeth_lib.c | ||
114 | - Provide UI_null() | ||
115 | - Expose various X509_STORE_*check_issued() | ||
116 | - Expose X509_CRL_get0_sigalg() and X509_get0_uids | ||
117 | - Expose the EVP_CIPHER_meth_* API (setter only) in evp.h | ||
118 | - Introduce X509_get0_uids() accessor function | ||
119 | >>>>>>> 788c39a (3.7.1. ChangeLog) | ||
59 | 120 | ||
121 | 3.7.0 - Development release | ||
60 | * Internal improvements | 122 | * Internal improvements |
61 | - Remove dependency on system timegm() and gmtime() by replacing | 123 | - Remove dependency on system timegm() and gmtime() by replacing |
62 | traditional Julian date conversion with POSIX epoch-seconds date | 124 | traditional Julian date conversion with POSIX epoch-seconds date |