deadsimple BSD Security Advisories and Announcements

LibreSSL 3.7.1 Released

We have released LibreSSL 3.7.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the final
development release for the 3.7.x branch, and we appreciate additional testing
and feedback before the stable release coming soon with OpenBSD 7.3

It includes the following changes:

 * Internal improvements
   - Initial overhaul of the BIGNUM code:
     - Added a new framework that allows architecture-dependent
       replacement implementations for bignum primitives.
     - Imported various s2n-bignum's constant time assembly primitives
       and switched amd64 to them.
     - Lots of cleanup, simplification and bug fixes.
   - Changed Perl assembly generators to move constants into .rodata,
     allowing code to run with execute-only permissions.
   - Capped the number of iterations in DSA and ECDSA signing (avoiding
     infinite loops), added additional sanity checks to DSA.
   - ASN.1 parsing improvements.
   - Made UI_destroy_method() NULL safe.
   - Various improvements to nc(1).
   - Always clear EC groups and points on free.
   - Cleanup and improvements in EC code.
   - Various openssl(1) improvements.
 * Bug fixes
   - Fixed a memory leak, a double free and various other issues in
   - Fixed various crashes in the openssl(1) testing utility.
   - Do not check policies by default in the new X.509 verifier.
   - Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.
   - Added missing error checking in PKCS7.
   - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
 * Compatibility changes
   - Correct the prototypes of BIO_get_conn_ip(3) and
 * New features
   - Added UI_null()
   - Added X509_STORE_*check_issued()
   - Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors.
   - Added EVP_CIPHER_meth_*() setter API.
 * Documentation improvements
   - Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
     BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
   - Merged documentation of UI_null() from OpenSSL 1.1
   - Document BIO_number_read(3), BIO_number_written(3),
     BIO_set_retry_read(3), BIO_set_retry_write(3),
     BIO_set_retry_special(3), BIO_clear_retry_flags(3),
     BIO_get_retry_flags(3), BIO_dup_chain(3), BIO_set_flags(3),
     BIO_clear_flags(3), BIO_test_flags(3), BIO_get_flags(3).
     BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3),
     BIO_callback_fn(3), and the BIO_FLAGS_* constants
   - Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
   - Document EVP_PKEY_new_raw_private_key(3),
     EVP_PKEY_new_raw_public_key(3), EVP_PKEY_get_raw_private_key(3), and
   - Document ASN1_buf_print(3).
   - Document ECDSA_SIG_get0_{r,s}().
   - Document DH_get0_* for individual DH members.
   - Document DSA_get0_* for individual DSA members
   - Document RSA_get0_* for individual RSA members.
   - Various spelling and other documentation improvements.
 * Testing and Proactive Security
   - As always, new test coverage is added as bugs are fixed and subsystems
     are cleaned up.
   - New Wycheproof tests added.
   - OpenSSL 3.0 Interop tests added.
   - Many old tests rewritten, cleaned up and extended.
 * Security fixes
   - A malicious certificate revocation list or timestamp response token
     would allow an attacker to read arbitrary memory.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.