diff --git a/ChangeLog b/ChangeLog index 4fe0e02..fbfdacb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,7 @@ history is also available from Git. LibreSSL Portable Release Notes: +<<<<<<< HEAD 3.7.1 - Development release * Internal improvements @@ -56,7 +57,68 @@ LibreSSL Portable Release Notes: would allow an attacker to read arbitrary memory. 3.7.0 - Development release +======= +3.7.1 - Stable release + * Internal improvements + - Extensive reworking of bignum and montgomery multiplication support (BN_). + - Transition to using s2n-bignum assembly implementation for bignum on amd64 + - ASN1 parsing rework and improvements, including infinite loop avoidance. + - Make UI_destroy_method() NULL safe. + - Various improvements to nc + - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). + - Various internal EC improvements. + - Various openssl(1) improvements. + - Cap the number of iterations in ECDSA signing + - Cap the number of iterations in DSA signing, and other DSA sanity checks. + - Always clear EC groups and points on free. + - Various other internal cleanups + * Compatibility changes + - correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3) + * Bug fixes + - Avoid -0 in BN_div_word(). + - Fix an off-by-one in dsa_check_key() + - openssl(1) asn1parse: avoid crash with ASN.1 BOOLEANS + - Add missing error checking in PKCS7 + * Documentation improvements + - Mark BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), + BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. + - Document BIO_number_read(3) and BIO_number_written(3) + - Merge documentation of UI_null() from OpenSSL 1.1 + - Document BIO_set_retry_read(3), BIO_set_retry_write(3), BIO_set_retry_special(3), + BIO_clear_retry_flags(3), BIO_get_retry_flags(3), and the BIO_FLAGS_* constants + - Document BIO_dup_chain(3). + - Document BIO_set_flags(3), BIO_clear_flags(3), BIO_test_flags(3), and BIO_get_flags(3). + - Document BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3), + and BIO_callback_fn(3). + - Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). + - Document EVP_PKEY_new_raw_private_key(3), EVP_PKEY_new_raw_public_key(3), + EVP_PKEY_get_raw_private_key(3), and EVP_PKEY_get_raw_public_key(3). + - Document ASN1_buf_print(3). + - Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). + - Document ECDSA_SIG_get0_{r,s}(). + - Document DH_get0_* for individual DH members. + - Document DSA_get0_* for individual DSA members + - Document RSA_get0_* for individual RSA members. + - Various spelling and other documentation improvements. + * Testing and Proactive Security + - As always, new test coverage is added as bugs are fixed and + subsystems are cleaned up + - New Wycheproof tests added. + - OpenSSL 3.0 Interop tests added. + - Many old tests rewritten, cleaned up and extended. + * New features + - Modifications to perlasm and assembly code to move constants out of + executable memory to rodata memory, thus supportinf execute only + memory + - import a copy of OpenSSL 1.1's cmeth_lib.c + - Provide UI_null() + - Expose various X509_STORE_*check_issued() + - Expose X509_CRL_get0_sigalg() and X509_get0_uids + - Expose the EVP_CIPHER_meth_* API (setter only) in evp.h + - Introduce X509_get0_uids() accessor function +>>>>>>> 788c39a (3.7.1. ChangeLog) +3.7.0 - Development release * Internal improvements - Remove dependency on system timegm() and gmtime() by replacing traditional Julian date conversion with POSIX epoch-seconds date