factotum/libressl-portable
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ChangeLog for 3.7.0

Browse Source
This commit is contained in:
Theo Buehler 2022-12-09 13:01:57 +01:00
parent 75e2fa0a9e
commit e36a976a2b
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
ChangeLog
View File

@ -28,6 +28,48 @@ history is also available from Git.
LibreSSL Portable Release Notes:
3.7.0 - Development release
* Internal improvements
- Replace Julian date calculations with a rewrite from BoringSSL.
- Clean old and unused BN code dealing with primes.
- Start rewriting name constraints code using CBS.
- Remove support for the HMAC PRIVATE KEY.
- Rework DSA signing and verifying internals.
- First few passes on cleaning up the BN code.
- Internal headers coming from OpenSSL are all called *_local.h now.
- Rewrite TLSv1.2 key exporter.
- Cleaned up and refactored various aspects of the legacy TLS stack.
* Compatibility changes
- BIO_read() and BIO_write() now behave more closely to OpenSSL 3 in
various corner cases. More work is needed here.
* Bug fixes
- Add EVP_chacha20_poly1305() to the list of all ciphers.
- Fix potential leaks of EVP_PKEY in various printing functions
- Fix potential leak in OBJ_NAME_add().
- Avoid signed overflow in i2c_ASN1_BIT_STRING().
- Clean up EVP_PKEY_ASN1_METHOD related tables and code.
- Fix long standing bugs BN_GF2m_poly2arr() and BN_GF2m_mod().
- Fix segfaults in BN_{dec,hex}2bn().
- Fix NULL dereference in x509_constraints_uri_host() reachable only
in the process of generating certificates.
- Fixed a variety of memory corruption issues in BIO chains coming
from poor old and new API: BIO_push(), BIO_pop(), BIO_set_next().
* Documentation improvements
- Numerous improvements and additions for ASN.1, BIO, BN, and X.509.
- The BN documentation is now considered to be complete.
* Testing and Proactive Security
- As always, new test coverage is added as bugs are fixed and
subsystems are cleaned up.
- Many old tests rewritten, cleaned up and extended.
* New features
- Added Ed25519 support both as a primitive and via OpenSSL's EVP
interfaces.
- X25519 is now also supported via EVP.
- The OpenSSL 1.1 raw public and private key API is available with
support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519.
Poly1305 is not currently supported via this interface.
3.6.1 - Stable release
* Bug fixes