| version 1.55, 2018/10/14 16:26:29 |
version 1.56, 2018/10/14 16:30:58 |
|
|
| |
|
| <li>LibreSSL 2.x.x |
<li>LibreSSL 2.x.x |
| <ul> |
<ul> |
| <li> Extensive documentation updates and additional API history. |
<li> |
| <li>Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry |
|
| <li> Tighten up checks for various X509_VERIFY_PARAM functions, |
|
| 'poisoning' parameters so that an unverified certificate cannot be |
|
| used if it fails verification. |
|
| <li> Fixed a potential memory leak on failure in ASN1_item_digest |
|
| <li> Fixed a potential memory alignment crash in asn1_item_combine_free |
|
| <li> Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and |
|
| SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO paths. |
|
| <li> Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds. |
|
| <li> Made ENGINE_finish and ENGINE_free succeed on NULL and simplify callers |
|
| and matching OpenSSL behavior, rewrote ENGINE_* documentation. |
|
| <li> Added const annotations to many existing APIs from OpenSSL, making |
|
| interoperability easier for downstream applications. |
|
| <li> Fixed small timing side-channels in ecdsa_sign_setup and |
|
| dsa_sign_setup. |
|
| <li> Documented security pitfalls with BN_FLG_CONSTTIME and constant-time |
|
| operation of BN_* functions. |
|
| <li> Updated BN_clear to use explicit_bzero. |
|
| <li> Added a missing bounds check in c2i_ASN1_BIT_STRING. |
|
| <li> More CBS conversions, including simplifications to RSA key exchange, |
|
| and converted code to use dedicated buffers for secrets. |
|
| <li> Removed three remaining single DES cipher suites. |
|
| <li>Fixed a potential leak/incorrect return value in DSA signature |
|
| generation. |
|
| <li> Added a blinding value when generating DSA and ECDSA signatures, in |
|
| order to reduce the possibility of a side-channel attack leaking the |
|
| private key. |
|
| <li> Added ECC constant time scalar multiplication support. |
|
| From Billy Brumley and his team at Tampere University of Technology. |
|
| <li> Revised the implementation of RSASSA-PKCS1-v1_5 to match the |
|
| specification in RFC 8017. Based on an OpenSSL commit by David |
|
| Benjamin. |
|
| <li> Cleaned up BN_* implementations following changes made in OpenSSL by |
|
| Davide Galassi and others. |
|
| <li> Added Wycheproof test vectors for ECDH, RSASSA-PSS, AES-GCM, |
|
| AES-CMAC, AES-CCM, AES-CBC-PKCS5, DSA, ChaCha20-Poly1305, ECDSA, |
|
| X25519, and applied appropriate fixes for errors uncovered by tests. |
|
| <li> Simplified key exchange signature generation and verification. |
|
| <li> Fixed a one-byte buffer overrun in callers of EVP_read_pw_string |
|
| <li> Converted more code paths to use CBB/CBS. All handshake messages are |
|
| now created by CBB. |
|
| <li> Fixed various memory leaks found by Coverity. |
|
| <li> Simplfied session ticket parsing and handling, inspired by |
|
| BoringSSL. |
|
| <li> Modified signature of CRYPTO_mem_leaks_* to return -1. This function |
|
| is a no-op in LibreSSL, so this function returns an error to not |
|
| indicate the (non-)existence of memory leaks. |
|
| <li> SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate, BIO_set_cipher, |
|
| X509_OBJECT_up_ref_count now return an int for error handling, |
|
| matching OpenSSL. |
|
| <li> Converted a number of #defines into proper functions, matching |
|
| OpenSSL's ABI. |
|
| <li> Added X509_get0_serialNumber from OpenSSL. |
|
| <li> Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while adding |
|
| PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs, matching |
|
| OpenSSL. |
|
| <li> Removed broken pkcs8 formats from openssl(1). |
|
| <li> Converted more functions in public API to use const arguments. |
|
| <li> Stopped handing AES-GCM in ssl_cipher_get_evp, since they use the |
|
| EVP_AEAD interface. |
|
| <li>Stopped using composite EVP_CIPHER AEADs. |
|
| <li> Added timing-safe compares for checking results of signature |
|
| verification. There are no known attacks, this is just inexpensive |
|
| prudence. |
|
| <li> Correctly clear the current cipher state, when changing cipher state. |
|
| This fixed an issue where renegotion of cipher suites would fail |
|
| when switched from AEAD to non-AEAD or vice-versa. |
|
| Issue reported by Bernard Spil. |
|
| <li> Added more cipher tests to appstest.sh, including all TLSv1.2 |
|
| ciphers. |
|
| <li> Added RSA_meth_get_finish() RSA_meth_set1_name() from OpenSSL. |
|
| <li> Added new EVP_CIPHER_CTX_(get|set)_iv() API that allows the IV to be |
|
| retrieved and set with appropriate validation. |
|
| </ul> |
</ul> |
| <p> |
<p> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to 64.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www