update Changelog
This commit is contained in:
Brent Cook
parent
4fe24eb56d
commit
35dbed1ae9
59
ChangeLog
59
ChangeLog
@ -28,6 +28,65 @@ history is also available from Git.
|
||||
|
||||
LibreSSL Portable Release Notes:
|
||||
|
||||
2.8.1 - Test and compatibility improvements
|
||||
|
||||
* Added Wycheproof test vectors for ECDH, RSASSA-PSS, AES-GCM,
|
||||
AES-CMAC, AES-CCM, AES-CBC-PKCS5, DSA, ChaCha20-Poly1305, ECDSA,
|
||||
X25519, and applied appropriate fixes for errors uncovered by tests.
|
||||
|
||||
* Simplified key exchange signature generation and verification.
|
||||
|
||||
* Fixed a one-byte buffer overrun in callers of EVP_read_pw_string
|
||||
|
||||
* Converted more code paths to use CBB/CBS. All handshake messages are
|
||||
now created by CBB.
|
||||
|
||||
* Fixed various memory leaks found by Coverity.
|
||||
|
||||
* Simplfied session ticket parsing and handling, inspired by
|
||||
BoringSSL.
|
||||
|
||||
* Modified signature of CRYPTO_mem_leaks_* to return -1. This function
|
||||
is a no-op in LibreSSL, so this function returns an error to not
|
||||
indicate the (non-)existence of memory leaks.
|
||||
|
||||
* SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate, BIO_set_cipher,
|
||||
X509_OBJECT_up_ref_count now return an int for error handling,
|
||||
matching OpenSSL.
|
||||
|
||||
* Converted a number of #defines into proper functions, matching
|
||||
OpenSSL's ABI.
|
||||
|
||||
* Added X509_get0_serialNumber from OpenSSL.
|
||||
|
||||
* Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while adding
|
||||
PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs, matching
|
||||
OpenSSL.
|
||||
|
||||
* Removed broken pkcs8 formats from openssl(1).
|
||||
|
||||
* Converted more functions in public API to use const arguments.
|
||||
|
||||
* Stopped handing AES-GCM in ssl_cipher_get_evp, since they use the
|
||||
EVP_AEAD interface.
|
||||
|
||||
* Stopped using composite EVP_CIPHER AEADs.
|
||||
|
||||
* Added timing-safe compares for checking results of signature
|
||||
verification. There are no known attacks, this is just inexpensive
|
||||
prudence.
|
||||
|
||||
* Correctly clear the current cipher state, when changing cipher state.
|
||||
This fixed an issue where renegotion of cipher suites would fail
|
||||
when switched from AEAD to non-AEAD or vice-versa.
|
||||
Issue reported by Bernard Spil.
|
||||
|
||||
* Added more cipher tests to appstest.sh, including all TLSv1.2
|
||||
ciphers.
|
||||
|
||||
* Added RSA_meth_get_finish() RSA_meth_set1_name(), and
|
||||
EVP_CIPHER_CTX_(get|set)_iv() from OpenSSL.
|
||||
|
||||
2.8.0 - Bug fixes, security, and compatibility improvements
|
||||
|
||||
* Extensive documentation updates and additional API history.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user