[openssl] openssl-3.0.0-alpha5 create
Richard Levitte
levitte at openssl.org
Thu Jul 16 13:29:33 UTC 2020
The annotated tag openssl-3.0.0-alpha5 has been created
at b603e202bab26e1c099839a78871047e2fe9de10 (tag)
tagging e70a2d9f139e69f0f8a0846a170623256e424dea (commit)
replaces openssl-3.0.0-alpha4
tagged by Richard Levitte
on Thu Jul 16 15:22:46 2020 +0200
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha5 release tag
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCXxBUpgAKCRCnr5549wlF
OyjRAJ9VbSPhdUmpeg0yNxs00Mq3xEs1NQCffMSROJG9Pr+OKasjPYYRD6pdiQk=
=GnBK
-----END PGP SIGNATURE-----
Attila Szakacs (1):
Configuration: do not overwrite BASE_unix ex_libs in AIX
Benjamin Kaduk (1):
Providerized libssl fallout: cleanup init
Benny Baumann (1):
Force ssl/tls protocol flags to use stream sockets
Billy Brumley (1):
[test] ectest: check custom generators
Daniel Bevenius (2):
Configurations: make Makefile tmpl files non-links
Configure: fix minor typo in apitable comment
Dr. David von Oheimb (20):
Move test-related info from INSTALL.md to new test/README.md, updating references
INSTALL.md and NOTES.VALGRIND: Further cleanup of references and code/symbol quotation layout
Improve documentation, layout, and code comments regarding self-issued certs etc.
Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c}
Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert
Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs
Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x'
Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()
Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod
Add X509_self_signed(), extending and improving documenation and tests
X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL'
test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF)
test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes
test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP
81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting
81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use
util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h
Glenn Strauss (1):
improve SSL_CTX_set_tlsext_ticket_key_cb ref impl
Gustaf Neumann (1):
Fix typos and repeated words
Jakub Wilk (1):
doc: Remove stray backtick
Jon Spillett (1):
Fix up build issue when running cpp tests
Kurt Roeckx (2):
Fix syntax of cipher string
Reduce the security bits for MD5 and SHA1 based signatures in TLS
Martin Elshuber (1):
Add support to zeroize plaintext in S3 record layer
Matt Caswell (29):
Prepare for 3.0 alpha 5
Make the ASYNC code default libctx aware
Add a test to make sure ASYNC aware code gets the right default libctx
Fix a typo on the SSL_dup page
Don't forget our provider ctx when resetting
Ensure a string is properly terminated in http_client.c
If an empty password is supplied still try to use it
Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
Fix a typo in the i2d_TYPE_fp documentation
Move MAC removal responsibility to the various protocol "enc" functions
Split the padding/mac removal functions out into a separate file
Remove SSL dependencies from tls_pad.c
Add provider support for TLS CBC padding and MAC removal
Make libssl start using the TLS provider CBC support
Change ChaCha20-Poly1305 to be consistent with out ciphers
Make the NULL cipher TLS aware
Ensure cipher_generic_initkey gets passed the actual provider ctx
Ensure GCM "update" failures return 0 on error
Ensure the sslcorrupttest checks all errors on the queue
Decreate the length after decryption for the stitched ciphers
Ensure any allocated MAC is freed in the provider code
Convert SSLv3 handling to use provider side CBC/MAC removal
Ensure TLS padding is added during encryption on the provider side
Fix OSSL_PROVIDER_get_capabilities()
Fix an incorrect error flow in add_provider_groups
Add a test to check having a provider loaded without a groups still works
Ensure we excluse ec2m curves if ec2m is disabled
Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*"
Revert "kdf: make function naming consistent."
Miłosz Kaniewski (1):
Free pre_proc_exts in SSL_free()
Nicola Tuveri (8):
Test genpkey app for EC keygen with various args
Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY
Run tests in parallel
Travis: default to HARNESS_JOBS=4
[test/README.md] minor fix of examples missing the test target
[EC][ASN1] Detect missing OID when serializing EC parameters and keys
[apps/genpkey] exit status should not be 0 on output errors
[test][15-test_genec] Improve EC tests with genpkey
Pauli (35):
rand: fix CPU and timer sources.
rand: include the CPU source in a build.
doc: remove reference to the predecessor of SHA-1.
rand: fix recursive locking issue.
Refactor the EVP_RAND code to make locking issues less likely
rand: avoid caching RNG parameters.
coverity: CID 1464987: USE AFTER FREE
cmp: remove NULL check.
coverity 1464984: Null pointer dereferences
coverity 1464983: null pointer dereference
apps: remove NULL check imn release_engine since ENGINE_free also does it.
DRBG: rename the DRBG taxonomy.
deprecate engines in 3.0
apps/list: deprecate engine support
engine: document the engine app as deprecated
apps: document the deprecation of the -engine option
doc: deprecate ENGINE documentation
Fix indentation for engine.h
deprecate engines
deprecate engines in SSL
deprecate engine tests
deprecate engine from public header files
apps: deprecate engines
deprecate engines in libcrypto
deprecate engines in provider code
doc: document that the engine initialisation options are deprecated.
ENGINESDIR: document that this configuration is deprecated.
RAND: document that the ENGINE RAND override is deprecated.
Document that the ENGINE_[sg]_ex_data() calls are reprecated.
Document that exdata for ENGINES is deprecated.
Document that ENGINE_add_conf_module() was deprecated.
trace: condition out engine related tracing
doc: remove unused engine tracing option
libcrypto.num: engine deprecation updates
capabilities: make capability selection case insensitive.
Rich Salz (4):
Initial rewrite of config as a Perl module
Add --fips-key configuration parameter to fipsinstall application.
Use defaults FIPSKEY if not given on command line
Make -provider_name and -section_name optional
Richard Levitte (40):
TEST: Add TODO segments in test/recipes/15-test_genec.t
INSTALL.md: Restore $ as command prompt indicator
CORE: Add OPENSSL_CTX_set0_default(), to set a default library context
Update NEWS and CHANGES
TEST: Add test to exercise OPENSSL_CTX_set0_default()
CORE: Add an internal function to distinguish the global default context
util/perl/OpenSSL/config.pm: Don't detect removed directories in
util/perl/OpenSSL/config.pm: Prefer POSIX::uname() over piping the command
Remove OpenSSL::config::main(), it's not necessary
util/perl/OpenSSL/config.pm: Rework determining compiler information
util/perl/OpenSSL/config.pm, Configure: move check of target with compiler
util/perl/OpenSSL/config.pm: refactor map_guess()
config: Turn into a simple wrapper
util/perl/OpenSSL/config.pm: remove expand() and use eval
util/perl/OpenSSL/config.pm: refactor guess_system()
Configure: pick up options from older 'config'
DOC: Mention Configure consistently
Configurations: drop toolchain from configuration targets
apps/openssl: clean-up of unused fallback code
Configure: Check source and build dir equality a little more thoroughly
Configure: fix handling of build.info attributes with value
util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries
NOTE.WIN: suggest the audetecting configuration variant as well
util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/
Configuration and build: Fix solaris tags
CORE: perform post-condition in algorithm_do_this() under all circumstances
ERR: refactor global error codes
ERR: special case system errors
TEST: fix test/errtest.c
SSL: fix misuse of ERR_LIB_SYS
TEST: update 02-test_errstr.t to have better tests
Makefile template: fix incorrect treatment of produced document files
DOC: install documentation without execution permissions.
Add and use internal header that implements endianness check
BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad()
Add latest changes and news in CHANGES.md and NEWS.md
DRBG: Fix the renamed functions after the EVP_MAC name reversal
Update copyright year
util/mktar.pl: Change 'VERSION' to 'VERSION.dat'
Prepare for release of 3.0 alpha 5
Shane Lontis (12):
Fix CID-1464802
Fix CID #1465216 Resource leak in property_fetch
Fix CID 1465215 : Explicit null dereferenced (in test)
Fix CID 1465214 Resource leak (in file_load.c)
Fix CID 1463883 Dereference after null check (in ess_find_cert_v2())
Fix CID 1465213: Integer handling issues (evp_extra_test.c)
Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c)
Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode())
Add multiple fixes for ffc key generation using invalid p,q,g parameters.
Fix wrong fipsinstall key used in test
Add AES_CBC_CTS ciphers to providers
Add FIPS related configuration data to the default openssl application configuration file
Todd Short (1):
Add SSL_get[01]_peer_certificate()
aSoujyuTanaka (4):
Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition.
Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
To generate makefile with correct parameters for WinCE.
Enable WinCE build without deceiving _MSC_VER.
pedro martelletto (1):
doc/man3: fix types taken by HMAC(), HMAC_Update()
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list