1. Forum
  2. Usenet
  3. COMP.UNIX.BSD.OPENBSD.ANN

  • LibreSSL 2.8.2 Released

    From Brent Cook@21:1/5 to All on Wed Oct 24 06:40:02 2018
    Copy: libressl@openbsd.org

    We would like to announce that we have released LibreSSL 2.8.2, which is available in the LibreSSL directory of your local OpenBSD mirror. This announcement comes a few days after it was first available on October
    18th, 2018, along with OpenBSD 6.4. This is the first stable release from
    the 2.8 series.

    It includes the following changes from 2.8.1

    * Added Wycheproof support for ECDH and ECDSA Web Crypto test vectors,
    along with test harness fixes.

    * Fixed memory leak in nc(1)

    LibreSSL 2.8.2 also includes:

    * Added Wycheproof support for ECDH, RSASSA-PSS, AES-GCM,
    AES-CMAC, AES-CCM, AES-CBC-PKCS5, DSA, ChaCha20-Poly1305, ECDSA, and
    X25519 test vectors. Applied appropriate fixes for errors uncovered by tests.

    * Simplified key exchange signature generation and verification.

    * Fixed a one-byte buffer overrun in callers of EVP_read_pw_string

    * Converted more code paths to use CBB/CBS. All handshake messages are
    now created by CBB.

    * Fixed various memory leaks found by Coverity.

    * Simplified session ticket parsing and handling, inspired by
    BoringSSL.

    * Modified signature of CRYPTO_mem_leaks_* to return -1. This function
    is a no-op in LibreSSL, so this function returns an error to not
    indicate the (non-)existence of memory leaks.

    * SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate, BIO_set_cipher,
    X509_OBJECT_up_ref_count now return an int for error handling,
    matching OpenSSL.

    * Converted a number of #defines into proper functions, matching
    OpenSSL's ABI.

    * Added X509_get0_serialNumber from OpenSSL.

    * Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while adding
    PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs, matching
    OpenSSL.

    * Removed broken pkcs8 formats from openssl(1).

    * Converted more functions in public API to use const arguments.

    * Stopped handing AES-GCM in ssl_cipher_get_evp, since they use the
    EVP_AEAD interface.

    * Stopped using composite EVP_CIPHER AEADs.

    * Added timing-safe compares for checking results of signature
    verification. There are no known attacks, this is just inexpensive
    prudence.

    * Correctly clear the current cipher state, when changing cipher state.
    This fixed an issue where renegotiation of cipher suites would fail
    when switched from AEAD to non-AEAD or vice-versa.
    Issue reported by Bernard Spil.

    * Added more cipher tests to appstest.sh, including all TLSv1.2
    ciphers.

    * Added RSA_meth_get_finish() RSA_meth_set1_name() from OpenSSL.

    * Added new EVP_CIPHER_CTX_(get|set)_iv() API that allows the IV to be
    retrieved and set with appropriate validation.

    * Extensive documentation updates and additional API history.

    * Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry

    * Tighten up checks for various X509_VERIFY_PARAM functions,
    'poisoning' parameters so that an unverified certificate cannot be
    used if it fails verification.

    * Fixed a potential memory leak on failure in ASN1_item_digest

    * Fixed a potential memory alignment crash in asn1_item_combine_free

    * Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and
    SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO paths.

    * Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.

    * Made ENGINE_finish and ENGINE_free succeed on NULL and simplify callers
    and matching OpenSSL behavior, rewrote ENGINE_* documentation.

    * Added const annotations to many existing APIs from OpenSSL, making
    interoperability easier for downstream applications.

    * Fixed small timing side-channels in ecdsa_sign_setup and
    dsa_sign_setup.

    * Documented security pitfalls with BN_FLG_CONSTTIME and constant-time
    operation of BN_* functions.

    * Updated BN_clear to use explicit_bzero.

    * Added a missing bounds check in c2i_ASN1_BIT_STRING.

    * More CBS conversions, including simplifications to RSA key exchange,
    and converted code to use dedicated buffers for secrets.

    * Removed three remaining single DES cipher suites.

    * Fixed a potential leak/incorrect return value in DSA signature
    generation.

    * Added a blinding value when generating DSA and ECDSA signatures, in
    order to reduce the possibility of a side-channel attack leaking the
    private key.

    * Added ECC constant time scalar multiplication support.
    From Billy Brumley and his team at Tampere University of Technology.

    * Revised the implementation of RSASSA-PKCS1-v1_5 to match the
    specification in RFC 8017. Based on an OpenSSL commit by David
    Benjamin.

    * Cleaned up BN_* implementations following changes made in OpenSSL by
    Davide Galassi and others.

    The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)