Contributed by pitrh on from the puffy hugged a dropbear dept.
So, I wasn't going to do this one, but I had enough fun sitting next to jsing@ in Toulouse in November working on LibreSSL, I did a bunch of stuff this time:
- I went through LibreSSL and attacked all the constant time functions in the bignum library, and changed these functions as used internally to always use the safe constant time mode of operation, to somewhat mitigate timing attacks.
- jsing@ and I bumped the LibreSSL majors and started moving a lot of the bits out of the SSL/TLS structures into private locations, removing publicly accessible API that is not used (or should not be used unless you are a crack addled rhesus monkey) We are still dealing with the ports fallout (ensuring that most ports still build) and we have had to move a few things back that we got too aggressive with, but largely this has been a success and will let us move forward at unifying more of the libssl code to make our lives easier going forward (I'll let jsing@ talk about that.)
- I did a bunch of fixes to ftp, as well as the ftp cgi's on www.openbsd.org used by the installer to support TLS in the installer and new awesomeness to be done by rpe@.
- I wrote and committed ocspcheck(8) so we have a command in base to use for OCSP stapling on servers, replacing the need to use a lot of nasty "openssl x509' and 'openssl ocsp' to accomplish the same thing.
Thanks very much to dlg@ jono, and the University of Queensland for hosting! it was very productive
Thanks for the report, Bob! Judging from recent commits, other devs will be queueing up with interesting reports over the next few days too, and we're looking forward to hearing from them all.
(Comments are closed)