OpenBSD Journal

New versions of LibreSSL released

Contributed by rueda on from the scrambled and liberated dept.

The LibreSSL project has announced the release of versions 3.6.3 and 3.7.3, and (development) version 3.8.0 of the software.

The announcement for versions 3.6.3 and 3.7.3 reads:

We have released LibreSSL 3.6.3 and 3.7.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

They include the following fixes:

  * Bug fix
    - Hostflags in the verify parameters would not propagate from an
      SSL_CTX to newly created SSL.
  * Reliability fix
    - A double free or use after free could occur after SSL_clear(3).

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

The announcement for version 3.8.0 reads:

We have released LibreSSL 3.8.0, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is a development
release for the 3.8.x branch, so we appreciate early testing and
feedback.

It includes the following changes:

  * Portable changes
    - Extended the endian.h compat header with hto* and *toh macros.
    - Adapted more tests to the portable framework.
  * Internal improvements
    - Improved sieve of Eratosthenes script used for generating a table
      of small primes.
    - Started cleaning up and rewriting SHA internals.
    - Replace internal use of BN_copy() with bn_copy() for consistency.
    - Rewrote and improved BN_exp() and BN_copy().
    - Add branch target information (BTI) support to arm64 assembly.
    - Replaced BN_mod_sqrt() with a new implementation.
    - Removed incomplete and dangerous BN_RECURSION code.
    - Added endbr64 instructions to amd64 assembly.
    - Imported RFC 5280 policy checking code from BoringSSL and used it
      to replace the old exponential time code.
    - Converted more of libcrypto to use CBB/CBS.
    - Cleaned up and simplified the code dealing with builtin curves.
  * New features
    - Added support for truncated SHA-2 and for SHA-3.
    - The BPSW primality test performs additional Miller-Rabin rounds
      with random bases to reduce the likelihood of composites passing.
    - Allow testing of ciphers and digests using badly aligned buffers
      in openssl speed.
    - Added a workaround for a poorly thought-out change in OpenSSL 3 that
      broke privilege separation support in libtls.
  * Compatibility changes
    - Support for GF2m was removed: BIGNUM no longer supports binary extension
      field arithmetic and all binary elliptic builtin curves were removed.
    - Removed dangerous, "fast" NIST prime and elliptic curve implementations.
      In particular, EC_GFp_nist_method() is no longer available.
    - Removed most public symbols that were deprecated in OpenSSL 0.9.8.
    - Removed the public X9.31 API (RSA_X931_PADDING is still available).
    - Removed Cipher Text Stealing mode.
    - Removed SXNET and NETSCAPE_CERT_SEQUENCE support including the
      openssl(1) nseq command.
    - Dropped proxy certificate (RFC 3820) support.
    - The POLICY_TREE and its related structures and API were removed.
    - The explicitText user notice uses UTF8String instead of VisibleString
      to reduce the risk of emitting certificates with invalid DER-encoding.
    - Initial fixes for RSA-PSS support to make the TLSv1.3 stack more
      compliant with RFC 8446.
  * Bug fixes
    - Correctly handle negative input to various BIGNUM functions.
    - Ensure ERR_load_ERR_strings() does not set errno unexpectedly.
    - Fix error checking of i2d_ECDSA_SIG() in ossl_ecdsa_sign().
    - Fixed detection of extended operations (XOP) on AMD hardware.
    - Ensure Montgomery exponentiation is used for the initial RSA blinding.
    - Policy is always checked in X509 validation. Critical policy extensions
      are no longer silently ignored.
    - Fixed error handling in tls_check_common_name().
    - Add missing pointer invalidation in SSL_free().
    - Fixed X509err() and X509V3err() and their internal versions.
    - Ensure that OBJ_obj2txt() always returns a C string again.
    - In X509_VERIFY_PARAM_inherit() copy hostflags independently of the
      host list.
  * Documentation improvements
    - Improved documentation of BIO_ctrl(3), BIO_set_info_callback(3),
      BIO_get_info_callback(3), BIO_method_type(3), and BIO_method_name(3).
    - Marked BIO_CB_return(), BIO_cb_pre(), and BIO_cb_post() as intentionally
      undocumented.
  * Testing and Proactive Security
    - Significantly improved test coverage of BN_mod_sqrt() and GCD.
    - As always, new test coverage is added as bugs are fixed and subsystems
      are cleaned up.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

(Comments are closed)


Comments
  1. By Peter J. Philipp (pjp) nospam@delphinusdns.org on

    This is great news. Does this mean that -portable is fixed too, because last week I tried to compile it on Linux and it was broke and I had to git switch to an older version tag. The commands I used was just to clone it and build the standard way.

    Best Regards,

    Comments
    1. By Peter J. Philipp (pjp) nospam@delphinusdns.org on

      Just watching it compile now on the master branch, seems OK now. I'm happy about this.

  2. By Peter J. Philipp (pjp) nospam@delphinusdns.org on

    I'm gonna pledge 5 EUR donation to the OpenBSD foundation, if LibreSSL implements Ed448 support. This is a little bit more work than the Ed25519 support that was recently put in.

    As you may know I program on a DNS authoritative server I am on a roll implementing new algorithms and did alg 14 and alg 15 today. I would really like to implement alg 16 too (which is ED448) as is explained in RFC 8080 before december (my release month). This gives roughly a quarter year until the next OpenBSD release for me to support it. If it's released with 7.5 or later I'll have to wait unfortunately.

    I really like what you guys are doing! You've given my program extra value by offering ED25519, since I'm poorish I can only pledge 5 EUR.

    Best Regards,

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]