LibreSSL 2.9.0 released
16 December, 2018 by busterb@gmail.com | openbsd
We have released LibreSSL 2.9.0, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is the first development release from the 2.9 series, which will eventually be part of OpenBSD 6.5. It includes the following changes: * CRYPTO_LOCK is now automatically initialized, with the legacy callbacks stubbed for compatibility. * Added the SM3 hash function from the Chinese standard GB/T 32905-2016. * Added more OPENSSL_NO_* macros for compatibility with OpenSSL. * Added extensive interoperability tests between LibreSSL and OpenSSL 1.0 and 1.1. * Added additional wycheproof tests and related bug fixes. * Simplified sigalgs option processing and handshake signing algorithm * Added the ability to use the RSA PSS algorithm for handshake signatures. * Added bn_rand_interval() and use it in code needing ranges of random bn values. * Added functionality to derive early, handshake, and application secrets as per RFC8446. * Added handshake state machine from RFC8446. * Removed some ASN.1 related code from libcrypto that had not been used since around 2000. * Unexported internal symbols and internalized more record layer structs. * Added support for assembly optimizations on 32-bit ARM ELF targets. * Improved protection against timing side channels in ECDSA signature generation. * Coordinate blinding was added to some elliptic curves. This is the last bit of the work by Brumley et al. to protect against the Portsmash vulnerability. * Ensure transcript handshake is always freed with TLS 1.2. * Fixed warnings about clock_gettime on Windows Visual Studio builds. * Fixed CMake builds on systems where getpagesize is defined as an inline function. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.