[openssl] openssl-3.0.0-alpha3 create

Matt Caswell matt at openssl.org
Thu Jun 4 14:20:54 UTC 2020 

The annotated tag openssl-3.0.0-alpha3 has been created
        at  8e83bafcf6ab0dfa91e3e9ca6d01a7343bee45bf (tag)
   tagging  3952c5a312bde6479578dcbc162ec6ce77318924 (commit)
  replaces  openssl-3.0.0-alpha2
 tagged by  Matt Caswell
        on  Thu Jun 4 14:56:41 2020 +0100

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha3 release tag
-----BEGIN PGP SIGNATURE-----

iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl7Y/ZkRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHQIAgAg4V42IVDiESjOaAGQk3qtMez8Vt3B7HE
v3J5SOl3O45MoK/QDkyAxGqqUIZQJelwE2j4Ahv3YPddstOPZ0DjwO5/ommuZCn1
bHnci4a6hUJNWq9+qoSFLWIlrWp4r/BaUNRtytbw9zRP73dhqkFcjdrEZQ3u019r
ukhK9b9QbkCoquZq4SQiV7DBWWoqEJp8wXyV8ofID3ucgIQOq6oLeTDmEjPToRlb
8O5MaDzmpCAVRGwN5GC3t3MWISD+KP2puQzAsdrqegtkCBHKzbqg4PK1P+aHjtaU
O2DUc2ePaCbKhOdh3VcUgu/6s7HCkcZ15/UdAY6xmAN2PIooB/tZhg==
=hQhl
-----END PGP SIGNATURE-----

Benjamin Kaduk (3):
      test HKDF with empty IKM
      params: do not ignore zero-length strings
      RSA: Do not set NULL OAEP labels

Bernd Edlinger (9):
      Fix some places where X509_up_ref is used without error handling.
      Fix egd and devrandom source configs
      Fix the parameter types of the CRYPTO_EX_dup function type.
      Avoid undefined behavior with unaligned accesses
      bio printf: Avoid using rounding errors in range check
      Revert the check for NaN in %f format
      Remove getenv(OPENSSL_FIPS) in openssl command
      Prevent extended tests run unexpectedly in appveyor
      Fix a buffer overflow in drbg_ctr_generate

Billy Brumley (4):
      deprecate EC_POINTs_mul function
      deprecate EC precomputation functionality
      deprecate EC_POINT_make_affine and EC_POINTs_make_affine
      Move EC_METHOD to internal-only

David von Oheimb (1):
      Add 'methods' parameter to setup_engine() in apps.c for individual method defaults

Dmitry Belyavskiy (8):
      Constants for new GOST TLS 1.2 ciphersuites
      GOST-related objects changes
      New Russian TLS 1.2 implementation
      Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF
      Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option
      GOST external tests
      Update the gost-engine submodule
      Update gost-engine commit to match the API changes

Dr. David von Oheimb (9):
      Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c
      Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning
      Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c
      Clean up macro definitions of openssl_fdset() in apps.h and sockets.h
      Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h
      Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()
      Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it
      Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq()
      Make BIO_do_connect() and friends handle multiple IP addresses

Dr. Matthias St. Pierre (1):
      doc: fix trace category names

FdaSilvaYY (1):
      crypto/cms: add CAdES-BES signed attributes validation

Hubert Kario (1):
      add FFDH to speed command

Jack O'Connor (1):
      fix a docs typo

Marc (3):
      s_client: Show cert algorithms & validity period
      Use _get0_ functions instead of _get_.
      s_client: Fix -proxy flag regression

Matt Caswell (9):
      Prepare for 3.0 alpha 3
      Ignore some auto-generated DER files
      Maintain strict type discipline between the core and providers
      Update documentation following changes of various types
      Delete the sslprovider test
      Fail if we fail to fetch the EVP_KEYMGMT
      Add a test for fetching EVP_PKEY style algs without a provider
      Update copyright year
      Prepare for release of 3.0 alpha 3

Maxim Zakharov (1):
      TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux)

Nicola Tuveri (2):
      Adjust length of some strncpy() calls
      Fix coverity issues in EC after #11807

Nikolay Morozov (1):
      Fix small documentation issues

Norm Green (1):
      Add missing pragma weak declaration to lhash.h

Patrick Steuer (1):
      EVP_EncryptInit.pod: fix example

Pauli (11):
      Coverity 1463258: Incorrect expression (EVALUATION_ORDER)
      Coverity 1463576: Error handling issues (CHECKED_RETURN)
      Coverity 1463574: Null pointer dereferences (REVERSE_INULL)
      Coverity 1463571: Null pointer dereferences (FORWARD_NULL)
      Coverity 1463830: Resource leaks (RESOURCE_LEAK)
      ossl_shim: add deprecation guards around the -use-ticket-callback option.
      fips: add AES CFB mode ciphers to FIPS provider.
      fips: add AES OFB mode ciphers to FIPS provider.
      ossl_shim: use the correct ticket key call back.
      ossl_shim: include core_names.h to resolve undeclared symbols
      ossl_shim: const cast the param arguments to avoid errors

Rich Salz (10):
      Add "md-nits" make target
      Fix all MD036 (emphasis used instead of heading)
      Revise fips_config.pod
      Revise x509v3_config.pod
      Revise fips_install.pod
      Use {module,install}-mac, not -checksum
      Fix auto-gen names in .gitignore
      Clean up some doc nits
      Cleanup cert config files for tests
      Update manpage to fix examples, other minor tweaks

Richard Levitte (18):
      SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys
      Build: make apps/progs.c depend on configdata.pm
      CORE: Fix a couple of bugs in algorithm_do_this()
      CORE: query for operations only once per provider (unless no_store is true)
      Add OSSL_PROVIDER_do_all()
      Refactor the provider side DER constants and writers
      rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|
      STORE: Make try_decode_PrivateKey() ENGINE aware
      Re-introduce legacy EVP_PKEY types for provided keys
      Fix omissions in providers/common/der/build.info
      PROV: Fix RSA-OAEP memory leak
      PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP
      util/mkpod2html.pl: Fix unbalanced quotes
      DOCS: add openssl-core_numbers.h(7)
      DOCS: add openssl-core_names.h(7)
      APPS: Remove make_config_name, use CONF_get1_default_config_file instead
      PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs
      TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey()

Shane Lontis (3):
      Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod
      Update core_names.h fields and document most fields.
      Fix errtest for older compilers

Tim Hudson (1):
      undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations

Tomas Mraz (6):
      Cast the unsigned char to unsigned int before shifting left
      Avoid potential overflow to the sign bit when shifting left 24 places
      t1_trce: Fix remaining places where the 24 bit shift overflow happens
      Prevent use after free of global_engine_lock
      Revert "Guard use of struct tms with #ifdef __TMS"
      Drop special case of time interval calculation for VMS

mettacrawler (1):
      There is no -signreq option in CA.pl

raja-ashok (4):
      Fix crash in early data send with out-of-band PSK using AES CCM
      Test TLSv1.3 out-of-band PSK with all 5 ciphersuites
      Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3
      Update early data exchange scenarios in doc

-----------------------------------------------------------------------

More information about the openssl-commits mailing list