[openssl] openssl-3.0.0-alpha6 create

Matt Caswell matt at openssl.org
Fri Aug 7 08:50:47 UTC 2020

The annotated tag openssl-3.0.0-alpha6 has been created
        at  ac5406985bb7d130814a755c793d00995c2c23e7 (tag)
   tagging  e3ec8020b433f9bccebb547889e43c4691eb8713 (commit)
  replaces  openssl-3.0.0-alpha5
 tagged by  Matt Caswell
        on  Thu Aug 6 14:00:24 2020 +0100

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha6 release tag


David Woodhouse (4):
      Make SSL_set1_host() and SSL_add1_host() take IP addresses
      Fix certificate validation for IPv6 literals in sconnect demo
      Disallow setting more than one IP address with SSL_add1_host()
      Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals

Dimitri John Ledkov (1):
      man3: Drop warning about using security levels higher than 1.

Dr. David von Oheimb (27):
      Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber
      x509_vfy.c: Improve key usage checks in internal_verify() of cert chains
      test/run_tests.pl: In parallel runs, start those tests first that run longest
      99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily
      check-format.pl: Allow comment start '/*' after opening '(','[','{'
      check-format.pl: Add check for multiples essentially empty lines in a row
      check-format.pl: Add check for essentially empty line at beginning of file
      check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used
      check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md
      Skip test_cmp_cli if 'lsof' or 'kill' command is not available
      81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof'
      Fix UI method setup, which should be independent of (deprecated) engine use
      Deprecate -nodes in favor of -noenc in pkcs12 and req app
      Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq()
      Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM()
      apps/cmp.c: Improve documentation of -recipient option
      Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c
      Add OSSL_CMP_MSG_write(), use it in apps/cmp.c
      81-test_cmp_cli.t: Skip tests with mock server if server cannot be started
      apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
      Correct misleading diagnostics of OBJ_txt2obj on unknown object name
      Correct confusing X509V3 conf error output by removing needless 'section:<NULL>' etc.
      Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME
      Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate
      apps: Correct and extend diagnostics of parse_name()
      Fix error message on setting cert validity period in apps/cmp.c
      openssl-cmp.pod.in: Update and extend example using Insta Demo CA

Dr. Matthias St. Pierre (3):
      test/drbgtest.c: Remove error check for large generate requests
      test/drbgtest.c: set the correct counter to trigger reseeding
      Fix: uninstantiation breaks the RAND_DRBG callback mechanism

Gustaf Neumann (1):
      Align documentation with recommendations of Linux Documentation Project

Jean-Christophe Fillion-Robin (1):
      Fix linking against non-system zlib on macOS

Matt Caswell (8):
      Fix no-dh and no-dsa
      Fix no-ec2m
      Fix a test_verify failure
      Don't fallback to legacy in DigestSignInit/DigestVerifyInit too easily
      Fix test_cmp_cli for extended tests
      Fix an ENGINE leak in asn1_item_digest_with_libctx
      Update copyright year
      Prepare for release of 3.0 alpha 6

Nicola Tuveri (2):
      [test] Vertically test explicit EC params API patterns
      [test][ectest] Minor touches to custom_generator_test

Nihal Jere (1):
      fixed swapped parameter descriptions for x509

Norman Ashley (1):
      Coverity Fixes for issue #12531

Pauli (13):
      rand: detect if FIPS approved randomness sources are being used.
      install: add notes about ignored seed sources in the FIPS provider.
      doc: Fix documentation of EVP_EncryptUpdate().
      mac: always pass a non-NULL output size pointer to providers.
      evp_test: use correct deallocation for EVP_MD
      evp_test: use correct deallocation for EVP_CIPHER
      engines: fixed to work with EVP_*_meth calls deprecated
      EVP: deprecate the EVP_X_meth_ functions.
      document the deprecation of the '-public-key-methods' option to list
      namemap: fix threading issue
      unify spelling of serialize
      serialisation: Add a built-in base provider.
      deserialisation: add deserialisation to the base provider

Peter Eisentraut (1):
      Mark an argument of an inline function as unused

Read Hughes (1):
      Update EVP_EncodeInit.pod

Richard Levitte (39):
      Prepare for 3.0 alpha 6
      Remove util/openssl-update-copyright
      Fix typo for SSL_get_peer_certificate()
      util/find-doc-nits: read full declarations as one line in name_synopsis()
      util/find-doc-nits: relax some SYNOPSIS checks
      PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a
      util/find-doc-nits: Relax check of function declarations in name_synopsis()
      DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod
      EVP KEYMGMT utils: Make a few more utility functions available
      KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load()
      DESERIALIZER: Add foundation for deserializers
      SERIALIZER: Add functions to deserialize into an EVP_PKEY
      CORE: Add upcalls for BIO_gets() and BIO_puts()
      PROV: Implement DER to RSA deserializer
      PROV: Implement PEM to DER deserializer
      TEST: Add new serializer and deserializer test
      SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb()
      DESERIALIZER: Implement decryption of password protected objects
      PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8
      TEST: Update the serialization/deserialization test with encryption
      PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM
      TEST: Update the serialization/deserialization test with legacy PEM encryption
      EVP: Fix key type check logic in evp_pkey_cmp_any()
      DER to RSA deserializer: fix inclusion
      EVP, PROV: Add misc missing bits for RSA-PSS
      PROV: Add a DER to RSA-PSS deserializer implementation
      TEST: Add RSA-PSS cases in test/serdes_test.c
      PROV: Fix small logic error in ec_kmgmt.c matching function
      DER writer: Make context-specific tags constructed (i.e. explicit)
      RSA: Better synchronisation between ASN1 PSS params and RSA_PSS_PARAMS_30
      DESERIALIZER: Rethink password handling
      DESERIALIZER: Make it possible to deserialize public keys too
      DESERIALIZER: Add deserializers for the rest of our asymmetric key types
      TEST: Add testutil tests to compare unterminated strings of different lengths
      DESERIALIZER: Refactor the constructor setting API
      DESERIALIZER: Make OSSL_DESERIALIZER_from_{bio,fp} use BIO_tell() / BIO_seek()
      DESERIALIZER: Small bugfix in the deser_process()
      PROV: Make the DER to KEY deserializer decode parameters too
      DESERIALIZER: Fix EVP_PKEY construction by export

Shane Lontis (10):
      Fix trailing whitespace mismatch error when running 02-test_errstr.
      Added missing ';' after methods in the synopsis section of pod files
      Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params
      Add ERR_raise() errors to fips OSSL_provider_init and self tests.
      Fix provider cipher reinit issue
      Cleanup fips provider init
      Test RSA oaep in fips mode
      Add X509 related libctx changes.
      Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo
      Fix provider cipher reinit after init/update with a partial update block.

Viktor Dukhovni (1):
      Avoid errors with a priori inapplicable protocol bounds

Vitezslav Cizek (2):
      test/drbgtest.c: Fix error check test
      Fix DRBG reseed counter condition.

gujinqiang (1):
      Specific the engine pointer


More information about the openssl-commits mailing list