[openssl] openssl-3.0.0-alpha5 create

Richard Levitte levitte at openssl.org
Thu Jul 16 13:29:33 UTC 2020

The annotated tag openssl-3.0.0-alpha5 has been created
        at  b603e202bab26e1c099839a78871047e2fe9de10 (tag)
   tagging  e70a2d9f139e69f0f8a0846a170623256e424dea (commit)
  replaces  openssl-3.0.0-alpha4
 tagged by  Richard Levitte
        on  Thu Jul 16 15:22:46 2020 +0200

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha5 release tag


Attila Szakacs (1):
      Configuration: do not overwrite BASE_unix ex_libs in AIX

Benjamin Kaduk (1):
      Providerized libssl fallout: cleanup init

Benny Baumann (1):
      Force ssl/tls protocol flags to use stream sockets

Billy Brumley (1):
      [test] ectest: check custom generators

Daniel Bevenius (2):
      Configurations: make Makefile tmpl files non-links
      Configure: fix minor typo in apitable comment

Dr. David von Oheimb (20):
      Move test-related info from INSTALL.md to new test/README.md, updating references
      INSTALL.md and NOTES.VALGRIND: Further cleanup of references and code/symbol quotation layout
      Improve documentation, layout, and code comments regarding self-issued certs etc.
      Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c}
      Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert
      Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs
      Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x'
      Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()
      Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod
      Add X509_self_signed(), extending and improving documenation and tests
      X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL'
      test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF)
      test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes
      test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP
      81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting
      81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
      util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
      Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
      Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
      ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h

Glenn Strauss (1):
      improve SSL_CTX_set_tlsext_ticket_key_cb ref impl

Gustaf Neumann (1):
      Fix typos and repeated words

Jakub Wilk (1):
      doc: Remove stray backtick

Jon Spillett (1):
      Fix up build issue when running cpp tests

Kurt Roeckx (2):
      Fix syntax of cipher string
      Reduce the security bits for MD5 and SHA1 based signatures in TLS

Martin Elshuber (1):
      Add support to zeroize plaintext in S3 record layer

Matt Caswell (29):
      Prepare for 3.0 alpha 5
      Make the ASYNC code default libctx aware
      Add a test to make sure ASYNC aware code gets the right default libctx
      Fix a typo on the SSL_dup page
      Don't forget our provider ctx when resetting
      Ensure a string is properly terminated in http_client.c
      If an empty password is supplied still try to use it
      Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
      Fix a typo in the i2d_TYPE_fp documentation
      Move MAC removal responsibility to the various protocol "enc" functions
      Split the padding/mac removal functions out into a separate file
      Remove SSL dependencies from tls_pad.c
      Add provider support for TLS CBC padding and MAC removal
      Make libssl start using the TLS provider CBC support
      Change ChaCha20-Poly1305 to be consistent with out ciphers
      Make the NULL cipher TLS aware
      Ensure cipher_generic_initkey gets passed the actual provider ctx
      Ensure GCM "update" failures return 0 on error
      Ensure the sslcorrupttest checks all errors on the queue
      Decreate the length after decryption for the stitched ciphers
      Ensure any allocated MAC is freed in the provider code
      Convert SSLv3 handling to use provider side CBC/MAC removal
      Ensure TLS padding is added during encryption on the provider side
      Fix OSSL_PROVIDER_get_capabilities()
      Fix an incorrect error flow in add_provider_groups
      Add a test to check having a provider loaded without a groups still works
      Ensure we excluse ec2m curves if ec2m is disabled
      Revert "The EVP_MAC functions have been renamed for consistency.  The EVP_MAC_CTX_*"
      Revert "kdf: make function naming consistent."

Miłosz Kaniewski (1):
      Free pre_proc_exts in SSL_free()

Nicola Tuveri (8):
      Test genpkey app for EC keygen with various args
      Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY
      Run tests in parallel
      Travis: default to HARNESS_JOBS=4
      [test/README.md] minor fix of examples missing the test target
      [EC][ASN1] Detect missing OID when serializing EC parameters and keys
      [apps/genpkey] exit status should not be 0 on output errors
      [test][15-test_genec] Improve EC tests with genpkey

Pauli (35):
      rand: fix CPU and timer sources.
      rand: include the CPU source in a build.
      doc: remove reference to the predecessor of SHA-1.
      rand: fix recursive locking issue.
      Refactor the EVP_RAND code to make locking issues less likely
      rand: avoid caching RNG parameters.
      coverity: CID 1464987: USE AFTER FREE
      cmp: remove NULL check.
      coverity 1464984: Null pointer dereferences
      coverity 1464983: null pointer dereference
      apps: remove NULL check imn release_engine since ENGINE_free also does it.
      DRBG: rename the DRBG taxonomy.
      deprecate engines in 3.0
      apps/list: deprecate engine support
      engine: document the engine app as deprecated
      apps: document the deprecation of the -engine option
      doc: deprecate ENGINE documentation
      Fix indentation for engine.h
      deprecate engines
      deprecate engines in SSL
      deprecate engine tests
      deprecate engine from public header files
      apps: deprecate engines
      deprecate engines in libcrypto
      deprecate engines in provider code
      doc: document that the engine initialisation options are deprecated.
      ENGINESDIR: document that this configuration is deprecated.
      RAND: document that the ENGINE RAND override is deprecated.
      Document that the ENGINE_[sg]_ex_data() calls are reprecated.
      Document that exdata for ENGINES is deprecated.
      Document that ENGINE_add_conf_module() was deprecated.
      trace: condition out engine related tracing
      doc: remove unused engine tracing option
      libcrypto.num: engine deprecation updates
      capabilities: make capability selection case insensitive.

Rich Salz (4):
      Initial rewrite of config as a Perl module
      Add --fips-key configuration parameter to fipsinstall application.
      Use defaults FIPSKEY if not given on command line
      Make -provider_name and -section_name optional

Richard Levitte (40):
      TEST: Add TODO segments in test/recipes/15-test_genec.t
      INSTALL.md: Restore $ as command prompt indicator
      CORE: Add OPENSSL_CTX_set0_default(), to set a default library context
      Update NEWS and CHANGES
      TEST: Add test to exercise OPENSSL_CTX_set0_default()
      CORE: Add an internal function to distinguish the global default context
      util/perl/OpenSSL/config.pm: Don't detect removed directories in
      util/perl/OpenSSL/config.pm: Prefer POSIX::uname() over piping the command
      Remove OpenSSL::config::main(), it's not necessary
      util/perl/OpenSSL/config.pm: Rework determining compiler information
      util/perl/OpenSSL/config.pm, Configure: move check of target with compiler
      util/perl/OpenSSL/config.pm: refactor map_guess()
      config: Turn into a simple wrapper
      util/perl/OpenSSL/config.pm: remove expand() and use eval
      util/perl/OpenSSL/config.pm: refactor guess_system()
      Configure: pick up options from older 'config'
      DOC: Mention Configure consistently
      Configurations: drop toolchain from configuration targets
      apps/openssl: clean-up of unused fallback code
      Configure: Check source and build dir equality a little more thoroughly
      Configure: fix handling of build.info attributes with value
      util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries
      NOTE.WIN: suggest the audetecting configuration variant as well
      util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/
      Configuration and build:  Fix solaris tags
      CORE: perform post-condition in algorithm_do_this() under all circumstances
      ERR: refactor global error codes
      ERR: special case system errors
      TEST: fix test/errtest.c
      SSL: fix misuse of ERR_LIB_SYS
      TEST: update 02-test_errstr.t to have better tests
      Makefile template: fix incorrect treatment of produced document files
      DOC: install documentation without execution permissions.
      Add and use internal header that implements endianness check
      BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad()
      Add latest changes and news in CHANGES.md and NEWS.md
      DRBG: Fix the renamed functions after the EVP_MAC name reversal
      Update copyright year
      util/mktar.pl: Change 'VERSION' to 'VERSION.dat'
      Prepare for release of 3.0 alpha 5

Shane Lontis (12):
      Fix CID-1464802
      Fix CID #1465216 Resource leak in property_fetch
      Fix CID 1465215 : Explicit null dereferenced (in test)
      Fix CID 1465214 Resource leak (in file_load.c)
      Fix CID 1463883 Dereference after null check (in ess_find_cert_v2())
      Fix CID 1465213: Integer handling issues (evp_extra_test.c)
      Fix CID 1454806:   NEGATIVE_RETURNS (cms_enc.c)
      Fix CID 1454808:  Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode())
      Add multiple fixes for ffc key generation using invalid p,q,g parameters.
      Fix wrong fipsinstall key used in test
      Add AES_CBC_CTS ciphers to providers
      Add FIPS related configuration data to the default openssl application configuration file

Todd Short (1):
      Add SSL_get[01]_peer_certificate()

aSoujyuTanaka (4):
      Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition.
      Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
      To generate makefile with correct parameters for WinCE.
      Enable WinCE build without deceiving _MSC_VER.

pedro martelletto (1):
      doc/man3: fix types taken by HMAC(), HMAC_Update()


More information about the openssl-commits mailing list