version 1.3, 2018/11/11 17:39:54 |
version 1.4, 2018/11/11 17:57:14 |
|
|
<li>OpenSMTPD |
<li>OpenSMTPD |
<p> |
<p> |
|
|
li>LibreSSL 2.9.X> |
<li>LibreSSL 2.9.X |
<li>API and Documentation Enhancements |
<ul> |
<ul> |
<li>API and Documentation Enhancements |
<li>CRYPTO_LOCK is now automatically initialized, with the |
<ul> |
legacy callbacks stubbed for compatibility |
<li> |
<li>Added SM3 hash function support |
CRYPTO_LOCK is now automatically initialized, with the legacy |
</ul> |
callbacks stubbed for compatibility |
<li>Testing and Proactive Security |
<li> |
<ul> |
Added the SM3 hash function from the Chinese standard GB/T 32905-2016. |
<li>Added interperability tests between LibreSSL and OpenSSL |
</ul> |
1.0 and 1.1 |
|
</ul> |
|
|
|
<li>Internal Improvements |
<li>Testing and Proactive Security |
<ul> |
<ul> |
<li>Simplified sigalgs option processing and handshake signing algorithm |
<li> |
selection. |
Added interperability tests between LibreSSL and OpenSSL 1.0 and 1.1 |
<li>Added the ability to use the RSA PSS algorithm for |
</ul> |
handshake signatures. |
|
<li>Added bn_rand_interval() and use it in code needing |
|
ranges of random bn values |
|
<li>Added functionaly to derive early, handshake, and |
|
application secrets as per RFC8446 |
|
<li>Added handshake state machine from RFC8446 |
|
</ul> |
|
|
|
<li>Bug Fixes |
<li>Internal Improvements |
<ul> |
<ul> |
<li> Fix timing vulnerability in ECDSA signature generation |
<li> |
(CVE-2018-0735) |
Simplified sigalgs option processing and handshake signing algorithm |
<li> Fix for Portsmash vulnerability originally by Brumley, |
selection |
ul Hassan and Tuveri |
<li> |
<li> |
Added the ability to use the RSA PSS algorithm for handshake signatures |
</ul> |
<li> |
</ul> |
Added bn_rand_interval() and use it in code needing ranges of random bn |
|
values |
|
<li> |
|
Added functionality to derive early, handshake, and application secrets |
|
as per RFC8446 |
|
<li> |
|
Added handshake state machine from RFC8446, TLS 1.3 |
|
</ul> |
|
|
|
<li>Bug Fixes |
|
<ul> |
|
<li> |
|
Fix timing vulnerability in ECDSA signature generation (CVE-2018-0735) |
|
<li> |
|
Fix for Portsmash vulnerability originally by Brumley, ul Hassan and |
|
Tuveri |
|
<li> |
|
Ensure transcript handshake is always freed with TLS 1.2 |
|
</ul> |
|
</ul> |
<p> |
<p> |
|
|
<li>Mandoc |
<li>Mandoc |
|
|
<p> |
<p> |
|
|
<li>The system includes the following major components from outside suppliers: |
<li>The system includes the following major components from outside suppliers: |
<p> |
<p> |
|
|
</ul> |
</ul> |
|
|