[openssl] openssl-3.0.0-alpha6 create
Matt Caswell
matt at openssl.org
Fri Aug 7 08:50:47 UTC 2020
The annotated tag openssl-3.0.0-alpha6 has been created
at ac5406985bb7d130814a755c793d00995c2c23e7 (tag)
tagging e3ec8020b433f9bccebb547889e43c4691eb8713 (commit)
replaces openssl-3.0.0-alpha5
tagged by Matt Caswell
on Thu Aug 6 14:00:24 2020 +0100
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha6 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl8r/ugRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJEucwgAjfgFIjhx+0bTh2kNXmk+7DJyHWd9eao3
w3auRIJ0LGC0G4gbygBtD+wS9Bj9+B55uWagVKG8c/jmi0jL6GMC25wQiLiD7Uy5
Oqc6pFgky5wzYyTIwoF76RLolDUgOccJm2OZbmJySoYSZKejPEzc+2eHQWNsGc9A
EluHWqPq3K+QeAicGC4cn4H20qnziw8VmhWmxTGck5HfnL2SIJmRXvVGXdHjpHhc
amY5ZFRTS1yh3zoD6pXeQT0iu0g/l7BXcM8IOsJhG7VBlFug8FzKd98SqSic7rtx
GbnmCGN50SCa2f5Lb5V90mIsoINI5w7OCMjzeRZ9cm3k0YHMvRG+NQ==
=vP2T
-----END PGP SIGNATURE-----
David Woodhouse (4):
Make SSL_set1_host() and SSL_add1_host() take IP addresses
Fix certificate validation for IPv6 literals in sconnect demo
Disallow setting more than one IP address with SSL_add1_host()
Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals
Dimitri John Ledkov (1):
man3: Drop warning about using security levels higher than 1.
Dr. David von Oheimb (27):
Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber
x509_vfy.c: Improve key usage checks in internal_verify() of cert chains
test/run_tests.pl: In parallel runs, start those tests first that run longest
99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily
check-format.pl: Allow comment start '/*' after opening '(','[','{'
check-format.pl: Add check for multiples essentially empty lines in a row
check-format.pl: Add check for essentially empty line at beginning of file
check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used
check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md
Skip test_cmp_cli if 'lsof' or 'kill' command is not available
81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof'
Fix UI method setup, which should be independent of (deprecated) engine use
Deprecate -nodes in favor of -noenc in pkcs12 and req app
Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq()
Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM()
apps/cmp.c: Improve documentation of -recipient option
Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c
Add OSSL_CMP_MSG_write(), use it in apps/cmp.c
81-test_cmp_cli.t: Skip tests with mock server if server cannot be started
apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
Correct misleading diagnostics of OBJ_txt2obj on unknown object name
Correct confusing X509V3 conf error output by removing needless 'section:<NULL>' etc.
Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME
Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate
apps: Correct and extend diagnostics of parse_name()
Fix error message on setting cert validity period in apps/cmp.c
openssl-cmp.pod.in: Update and extend example using Insta Demo CA
Dr. Matthias St. Pierre (3):
test/drbgtest.c: Remove error check for large generate requests
test/drbgtest.c: set the correct counter to trigger reseeding
Fix: uninstantiation breaks the RAND_DRBG callback mechanism
Gustaf Neumann (1):
Align documentation with recommendations of Linux Documentation Project
Jean-Christophe Fillion-Robin (1):
Fix linking against non-system zlib on macOS
Matt Caswell (8):
Fix no-dh and no-dsa
Fix no-ec2m
Fix a test_verify failure
Don't fallback to legacy in DigestSignInit/DigestVerifyInit too easily
Fix test_cmp_cli for extended tests
Fix an ENGINE leak in asn1_item_digest_with_libctx
Update copyright year
Prepare for release of 3.0 alpha 6
Nicola Tuveri (2):
[test] Vertically test explicit EC params API patterns
[test][ectest] Minor touches to custom_generator_test
Nihal Jere (1):
fixed swapped parameter descriptions for x509
Norman Ashley (1):
Coverity Fixes for issue #12531
Pauli (13):
rand: detect if FIPS approved randomness sources are being used.
install: add notes about ignored seed sources in the FIPS provider.
doc: Fix documentation of EVP_EncryptUpdate().
mac: always pass a non-NULL output size pointer to providers.
evp_test: use correct deallocation for EVP_MD
evp_test: use correct deallocation for EVP_CIPHER
engines: fixed to work with EVP_*_meth calls deprecated
EVP: deprecate the EVP_X_meth_ functions.
document the deprecation of the '-public-key-methods' option to list
namemap: fix threading issue
unify spelling of serialize
serialisation: Add a built-in base provider.
deserialisation: add deserialisation to the base provider
Peter Eisentraut (1):
Mark an argument of an inline function as unused
Read Hughes (1):
Update EVP_EncodeInit.pod
Richard Levitte (39):
Prepare for 3.0 alpha 6
Remove util/openssl-update-copyright
Fix typo for SSL_get_peer_certificate()
util/find-doc-nits: read full declarations as one line in name_synopsis()
util/find-doc-nits: relax some SYNOPSIS checks
PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a
util/find-doc-nits: Relax check of function declarations in name_synopsis()
DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod
EVP KEYMGMT utils: Make a few more utility functions available
KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load()
DESERIALIZER: Add foundation for deserializers
SERIALIZER: Add functions to deserialize into an EVP_PKEY
CORE: Add upcalls for BIO_gets() and BIO_puts()
PROV: Implement DER to RSA deserializer
PROV: Implement PEM to DER deserializer
TEST: Add new serializer and deserializer test
SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb()
DESERIALIZER: Implement decryption of password protected objects
PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8
TEST: Update the serialization/deserialization test with encryption
PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM
TEST: Update the serialization/deserialization test with legacy PEM encryption
EVP: Fix key type check logic in evp_pkey_cmp_any()
DER to RSA deserializer: fix inclusion
EVP, PROV: Add misc missing bits for RSA-PSS
PROV: Add a DER to RSA-PSS deserializer implementation
TEST: Add RSA-PSS cases in test/serdes_test.c
PROV: Fix small logic error in ec_kmgmt.c matching function
DER writer: Make context-specific tags constructed (i.e. explicit)
RSA: Better synchronisation between ASN1 PSS params and RSA_PSS_PARAMS_30
DESERIALIZER: Rethink password handling
DESERIALIZER: Make it possible to deserialize public keys too
DESERIALIZER: Add deserializers for the rest of our asymmetric key types
TEST: Add testutil tests to compare unterminated strings of different lengths
DESERIALIZER: Refactor the constructor setting API
DESERIALIZER: Make OSSL_DESERIALIZER_from_{bio,fp} use BIO_tell() / BIO_seek()
DESERIALIZER: Small bugfix in the deser_process()
PROV: Make the DER to KEY deserializer decode parameters too
DESERIALIZER: Fix EVP_PKEY construction by export
Shane Lontis (10):
Fix trailing whitespace mismatch error when running 02-test_errstr.
Added missing ';' after methods in the synopsis section of pod files
Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params
Add ERR_raise() errors to fips OSSL_provider_init and self tests.
Fix provider cipher reinit issue
Cleanup fips provider init
Test RSA oaep in fips mode
Add X509 related libctx changes.
Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo
Fix provider cipher reinit after init/update with a partial update block.
Viktor Dukhovni (1):
Avoid errors with a priori inapplicable protocol bounds
Vitezslav Cizek (2):
test/drbgtest.c: Fix error check test
Fix DRBG reseed counter condition.
gujinqiang (1):
Specific the engine pointer
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list