From 0d7d4ec2267bd1b4a49e86cdd251a01f2dc385f1 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Tue, 13 Apr 2021 14:53:35 +0200 Subject: Fix a number of typos and expand a few entries --- ChangeLog | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 41bc6cd..8654509 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,10 +30,10 @@ LibreSSL Portable Release Notes: 3.3.2 - Development release - * This release adds support for DTLSv1.2 and continued the record layer - rewrite for the legacy stack. Numerous bugs and interoperability - issues were fixed in the new verifier. The OpenSSL 1.1 TLSv1.3 API - is not yet available. + * This release adds support for DTLSv1.2 and continues the rewrite + of the record layer for the legacy stack. Numerous bugs and + interoperability issues were fixed in the new verifier. The + OpenSSL 1.1 TLSv1.3 API is not yet available. * Switch finish{,_peer}_md_len from an int to a size_t. @@ -54,7 +54,8 @@ LibreSSL Portable Release Notes: these could leak if SSL_shutdown() or tls_close() were called after closing the underlying socket(). - * Free struct members in their natural order for reviewability. + * Free struct members in tls13_record_layer_free() in their natural + order for reviewability. * Gracefully handle root certificates being both trusted and untrusted. @@ -64,7 +65,7 @@ LibreSSL Portable Release Notes: * Use the legacy verifier when building auto chains. - * Use consistent namesin tls13_{client,server}_finished_{recv,send}(). + * Use consistent names in tls13_{client,server}_finished_{recv,send}(). * Add tls13_secret_{init,cleanup}() and use them throughout the TLSv1.3 code base. @@ -97,26 +98,27 @@ LibreSSL Portable Release Notes: * Clean up dtls1_reset_seq_numbers(). - * Factor out code for explicit IV length, block size and MAC length. + * Factor out code for explicit IV length, block size and MAC length + from tls12_record_layer_open_record_protected_cipher(). * Provide record layer overhead for DTLS. * Provide functions to determine if TLSv1.2 record protection is engaged. - * Add code to handle change of cipehr state in the new TLSv1.2 record + * Add code to handle change of cipher state in the new TLSv1.2 record layer. * Mop up unused dtls1_build_sequence_numbers() function. * Allow setting a keypair on a tls context without specifying the - private key and fake it internally in libtls. This removes the need - for privsep engines like relayd to use bogus keys. + private key, and fake it internally in libtls. This removes the + need for privsep engines like relayd to use bogus keys. * Skip the private key check for fake private keys. - * Move the private key setup to a helper function with proper error - checking. + * Move the private key setup from tls_configure_ssl_keypair() to a + helper function with proper error checking. * Change the internal tls_configure_ssl_keypair() function to return -1 instead of 1 on failure. @@ -138,7 +140,7 @@ LibreSSL Portable Release Notes: * Correct handshake MAC/PRF for various TLSv1.2 cipher suites which were originally added with the default handshake MAC and PRF rather - than hte SHA256 handshake MAC and PRF. + than the SHA256 handshake MAC and PRF. * Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). @@ -170,8 +172,8 @@ LibreSSL Portable Release Notes: zero if the minimum or maximum has been set to zero to match OpenSSL's behavior. - * Rename the "truncated" label into "decode_err" and "f_err" into - "fatal_err". + * Rename the "truncated" label into "decode_err" and the "f_err" + label into "fatal_err". * Factor out and change some of the legacy client version code. @@ -321,7 +323,7 @@ LibreSSL Portable Release Notes: * Document SSL_set_hostflags(3) and SSL_get0_peername(3). - * Update SSL_get_version.3 manualf or DTLSv.1.2 support. + * Update SSL_get_version.3 manual for DTLSv.1.2 support. 3.3.1 - Security fix -- cgit v1.2.3-55-g6feb