BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 3.0.0 Released

We have released LibreSSL 3.0.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This is the first development release from the 3.0.x series, which will
eventually be part of OpenBSD 6.6. It includes the following changes:

  * Completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API.

  * Documented undescribed options and removed unfunctional options
    description in openssl(1) manual.

  * A plethora of small fixes due to regular oss-fuzz testing.

  * Various side channels in DSA and ECDSA were addressed.  These are some of
    the many issues found in an extensive systematic analysis of bignum usage
    by Samuel Weiser, David Schrammel et al.

  * Enabled openssl(1) speed subcommand on Windows platform.

  * Enabled performance optimizations when building with Visual Studio on Windows.

  * Fixed incorrect carry operation in 512 addition for Streebog.

  * Fixed -modulus option with openssl(1) dsa subcommand.

  * Fixed PVK format output issue with openssl(1) dsa and rsa subcommand.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.