From fedc581dcb6cf26d9114ef33ac75f416f3505cd7 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Thu, 16 Mar 2023 15:54:02 +1100 Subject: Further tweaks and improvements to the ChangeLog --- ChangeLog | 52 ++++++++++++++++++++++++---------------------------- 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/ChangeLog b/ChangeLog index edbf177..71fd38e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,44 +33,40 @@ LibreSSL Portable Release Notes: * Internal improvements - Initial overhaul of the BIGNUM code: - Added a new framework that allows architecture-dependent - replacement implementations for bignum primitives - - Imported s2n-bignum's constant time assembly primitives. - Use them for amd64 and arm64. - - Lots of cleanup, simplification and bug fixes - - Fixed Perl assembly generators to move constants into .rodata. - This allows code to run with execute-only permissions. - - ASN1 parsing rework and improvements - - Make UI_destroy_method() NULL safe. - - Various improvements to nc - - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). - - Cap the number of iterations in ECDSA signing,DSA signing, and other - DSA sanity checks. + replacement implementations for bignum primitives. + - Imported various s2n-bignum's constant time assembly primitives + and switched amd64 to them. + - Lots of cleanup, simplification and bug fixes. + - Changed Perl assembly generators to move constants into .rodata, + allowing code to run with execute-only permissions. + - Capped the number of iterations in DSA and ECDSA signing (avoiding + infinite loops), added additional sanity checks to DSA. + - ASN.1 parsing improvements. + - Made UI_destroy_method() NULL safe. + - Various improvements to nc(1). - Always clear EC groups and points on free. - - Cleanup and improvements in EC code + - Cleanup and improvements in EC code. - Various openssl(1) improvements. * Bug fixes - Fixed a memory leak, a double free and various other issues in - BIO_new_NDEF() - - Avoid infinite loops in DSA and ECDSA signing. - - Check DSA parameter sanity + BIO_new_NDEF(). - Fixed various crashes in the openssl(1) testing utility. - Do not check policies by default in the new X.509 verifier. - - Avoid -0 in BN_div_word(). - - Fix an off-by-one in dsa_check_key(). - Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse. - - Add missing error checking in PKCS7. + - Added missing error checking in PKCS7. + - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). * Compatibility changes - Correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3). - - Provide UI_null() - - Expose various X509_STORE_*check_issued() - - Expose X509_CRL_get0_sigalg() and X509_get0_uids - - Expose the EVP_CIPHER_meth_* API (setter only) in evp.h - - Introduce X509_get0_uids() accessor function + * New features + - Added UI_null() + - Added X509_STORE_*check_issued() + - Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors. + - Added EVP_CIPHER_meth_*() setter API. * Documentation improvements - - Mark BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), + - Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. - - Merge documentation of UI_null() from OpenSSL 1.1 + - Merged documentation of UI_null() from OpenSSL 1.1 - Document BIO_number_read(3), BIO_number_written(3), BIO_set_retry_read(3), BIO_set_retry_write(3), BIO_set_retry_special(3), BIO_clear_retry_flags(3), @@ -90,11 +86,11 @@ LibreSSL Portable Release Notes: - Various spelling and other documentation improvements. * Testing and Proactive Security - As always, new test coverage is added as bugs are fixed and subsystems - are cleaned up + are cleaned up. - New Wycheproof tests added. - OpenSSL 3.0 Interop tests added. - Many old tests rewritten, cleaned up and extended. - * Security fix + * Security fixes - A malicious certificate revocation list or timestamp response token would allow an attacker to read arbitrary memory. -- cgit v1.2.3-55-g6feb