[openssl] openssl-3.0.0-alpha4 create
Matt Caswell
matt at openssl.org
Thu Jun 25 14:13:11 UTC 2020
The annotated tag openssl-3.0.0-alpha4 has been created
at 87cf17259c59f5276de4bc4ef8cce3cc59b77572 (tag)
tagging 38778b78e02e7eb721880ee9e33e0c398e1e677f (commit)
replaces openssl-3.0.0-alpha3
tagged by Matt Caswell
on Thu Jun 25 14:58:27 2020 +0100
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha4 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl70rYMRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHAOAgAmWPq5DAKsvM5j4MztQSkErjz5zwcNLAk
yBnXRhfUtNYOn/OkY4XN6LKZaJ26yEIPK+6jYuCPvI1f4cwdK/lkfzXzwwJrre5V
1W5wAjrZB3NA6M8ec3GpWHG+nd5cWktBBtUmDDhbWsF21UBncRseAN8HpN8/acdz
Xx93L2HIqq10yOIm9UjQ1sSQPXo/p6a4ThCdW1hu5A8w+vj2HsP+lY3GOl3nKT0W
sJsPeNV4uXtW9wU//nPVeOlBeMo5CIby/CiPJ1rcrSPsKUB0qwrq/GJUycUdQ20a
5lRNZA6WU/sfSZb+Pwaadv4gxka4ixCO4ak6RJ7NFp9kuqUDqrKoQg==
=ImEY
-----END PGP SIGNATURE-----
Aaron Thompson (1):
Fix missed fields in EVP_PKEY_meth_copy.
Benjamin Kaduk (4):
Fix a typo in SSL_CTX_set_session_ticket_cb.pod
Fix logic error for building x86 CAST assembly
Set cipher IV as octet string and pointer from providers
Allow oversized buffers for provider cipher IV fetch
Benny Baumann (1):
Add missing section on asymmetric ciphers
Billy Brumley (1):
[doc/man3] finish EC_GROUP_get_field_type documentation
Dmitry Belyavskiy (3):
Update gost-engine submodule to match EVP_MAC renaming
CMS print should support string conversion
CMS print should support string conversion: docs
Dr. David von Oheimb (49):
Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md
Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake()
Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l
Add chain to PKCS#12 test file generation in 90-test_store.t
Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12()
Fix documentation of OSSL_STORE
Fix 90-test_store.t for latest config, limits, providers, and disabled algos
Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c
Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c
Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA
Make error output of dhparams and dsaparams app more consistent
run_tests.pl: Add options for focussing output on failed (sub-)tests
Fix too strict checks of ossl_cmp_calc_protection()
Streamline the approach to set CMP message recipient and expected sender
Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options
Check expected sender not only for signature-protected CMP messages
Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c
Allow subject of CMP -oldcert as sender unless protection cert is given
Add request URL path checking and status responses to HTTP server
Fix use of -no-proxy option of CMP app
Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers
Extend error output of apps/opt_format() to all error cases
Correct error reason of verify_signature() in cmp_vfy.c
Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg()
Improve cert checking diagnostics of OSSL_CMP_validate_msg()
Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update()
Fill in transactionID on any error in OSSL_CMP_SRV_process_request()
Make CMP server use same protection for response as for request
Improve description of CMP untrusted certs and msg 'sender' field
Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack
Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender
Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update()
Remove extra newline from CMP mock server error and add TODO on using request template
Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests
Update and extend NOTES.WIN, adding 'Quick start' subsection
Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address
Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c
Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs
Add documentation of OSSL_CRMF_CERTID_dup()
Fix CMP -days option range checking and test failing with enable-ubsan
81-test_cmp_cli.t: Do connections to 127.0.0.1 (e.g., Mock server) without proxy
81-test_cmp_cli.t: Disable CLI-based tests in case fuzzing is enabled
Disable tests in cmp_vfy_test.c that make no sense if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
Speed-up for tests in 81-test_cmp_cli_data/test_connection.csv
test/run_tests.pl: Improve newline output for VFO and VFP mode
test/run_tests.pl: Improve indentation parsing workaround for VFO and VFP mode
test/run_tests.pl: Document new VFO and VFP modes in INSTALL.md
apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by Coverity
apps/cmp.c: Add workaround for Coverity false positive; rename e -> engine
Dr. Matthias St. Pierre (5):
rand: move rand_{unix,vms,vxworks,win}.c without change to preserve history
rand: move drbg_{ctr,hash,hmac}.c without change to preserve history
Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h>
Make the naming scheme for dispatched functions more consistent
evp_generic_fetch.pod: fix documentation error
FdaSilvaYY (2):
Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules.
Fix one typo in a comment.
Hubert Kario (2):
fix doc typo in bn_dh.c
use safe primes in ssl_get_auto_dh()
Jaimee Brown (1):
Minor doc fix for EVP_PKEY_CTX_new_from_pkey
Jean-Christophe Fillion-Robin (1):
DOC: Fix link to test/README.external in INSTALL.md
John Baldwin (1):
Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs.
Kurt Roeckx (1):
Add github sponsor button
Matt Caswell (42):
Prepare for 3.0 alpha 4
Check that Signature Algorithms are available before using them
Enable applications to directly call a provider's query operation
Implement OSSL_PROVIDER_get0_provider_ctx()
Implement a Filtering Provider
Implement a test for sigalgs not being present
Fix error path in int create_ssl_ctx_pair()
Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys
Always create a key when importing
When asked if an ECX key has parameters we should answer "true"
Don't downgrade keys in libssl
Ensure we never use a partially initialised CMAC_CTX
Correctly handle the return value from EVP_Cipher() in the CMAC code
Add a CMAC test
Make it clear that you can't use all ciphers for CMAC
Add the concept of "Capabilities" to the default and fips providers
Add the OSSL_PROVIDER_get_capabilities() API function
Modify libssl to discover supported groups based on available providers
Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic
Make EVP_PKEY_CTX_[get|set]_group_name work for DH too
Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too
Add documentation about Capabilities
Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation
Update the various SSL group getting and setting functions
Write a test provider to test the TLS-GROUPS capability
Make sure we save the copy function when registering a new Keymgmt
Provider a better error message if we fail to copy parameters
Don't send supported groups if no-ec and we're doing DTLS
Create defines for TLS Group Ids
Add more complete support for libctx/propq in the EC code
Ensure creating an EC public key uses the libctx
Add a test for d2i_AutoPrivateKey_ex with a non-default libctx
Add evp_extra_test2 to .gitignore
Fix the DTLS1_COOKIE_LENGTH value
Return the cookie_len value from generate_cookie_callback
Ensure that SSL_dup copies the min/max protocol version
Update the SSL_dup documentation to match reality
Don't attempt to duplicate the BIO state in SSL_dup
Add an SSL_dup test
Fix some man page typos
Update copyright year
Prepare for release of 3.0 alpha 4
Matthias Kraft (1):
Configure DEPs for FIPS provider on AIX.
Nicola Tuveri (4):
[crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation
Fix nits detected by make cmd-nits
Refactor BN_R_NO_INVERSE logic in internal functions
Flag RSA secret BNs as consttime on keygen and checks
Otto Hollmann (1):
Add cipher list ciphersuites which using encryption algorithm in mode CBC.
Patrick Steuer (1):
Print CPUINFO also for s390 processors
Pauli (32):
fips: add additional algorithms to the FIPS provider.
kdf: make function naming consistent.
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names.
Fix two additional instances of the old EVP_MAC_CTX_ functions being used.
Guard new header mac.h against C++isms.
coverity 1464212, 1464214 & 1464215: Resource leaks
coverity 1464213: API usage errors (PRINTF_ARGS)
doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified.
namemap: change ossl_namemap_empty() to do what the documentation says.
serialization: break the provider locating code to avoid deadlock.
property: Move global default properties to the library context.
property: correctly set the has optional flag when merging property lists
rand: core APIs for provider friendly random.
core: add OSSL_INOUT_CALLBACK
Move CRNG test to providers
rand: set up EVP and DRBG infrastructure for RAND from providers.
app/list: add RNG list option
provider: add RAND algorithm tables
CRNGT: continuous DRBG tests for providers
test: add a test RNG.
params: add OSSL_PARAM helpers for time_t.
rand: add seeding sources to providers.
share rand_pool between libcrypto and providers
CTR, HASH and HMAC DRBGs in provider
update drbgtest to the provider model
fips rand: DRBG KAT self test updates to provider model.
evp_rand: documentation
include source root directory via -I for libnonfips.a
NIST DRBG set data
test: update EVP tests to include DRBG testing
test: add test for generation of random data in chunks.
apps: avoid memory overrun.
Richard Levitte (17):
TEST: Add provider_fallback_test, to test aspects of fallback providers
CORE: make sure activated fallback providers stay activated
APPS: Drop interactive mode in the 'openssl' program
APPS: Make it possible to load_cert() from stdin again
APPS: Remove unnecessary NULL check of uri in load_cert_pass()
TESTUTIL: Separate TAP output and other output by BIO filter
TESTUTIL: Adjust the rest of testutil
TEST: Adjust test/bioprinttest.c to behave like the testutil routines
EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info
APPS: Fix 'openssl dsaparam -genkey'
APPS: Fix 'openssl dhparam'
EVP: allow empty strings to EVP_Decode* functions
Build: Remove faulty DES assembler spec
util/find-doc-nits: Do not read "missing" files when -u is given
util/find-doc-nits: Modernise printem()
Missing documentation missing, let's note that down
DOCS: Add documentation for EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name()
Sebastian Andrzej Siewior (7):
APPS: Exclude legacy algorighms from speed
APPS: Use a second EVP_MD_CTX for EdDSA verify
doc: Add a hint to man3/EVP_$hash that it is legacy
DOC: Spelling fixes
APPS: Fix invoking openssl without a command
APPS: Properly pass -no-CAstore
TEST: Pass -no-CAstore in 80-test_ocsp.t
Shane Lontis (4):
Update RSA keygen to use sp800-56b by default
Add ACVP fips module tests
Fix segfault in openssl app called with no args.
Fix potential double free in rsa_keygen pairwise test.
Tomas Mraz (2):
Do not allow dropping Extended Master Secret extension on renegotiaton
Add a test for renegotiation with EXTMS dropped
Tristan Bauer (1):
Fix wrong return value check of mmap function
Vadim Fedorenko (7):
kTLS: make ktls_start type independed
kTLS: add new algo definitions
kTLS: add Linux-specific kTLS helpers
kTLS: add support for AES_CCM128 and AES_GCM256
TLSv13: add kTLS support
test: TLS1.3 and new ciphers for kTLS
TLSv1.3: additional checks in SSL_set_record_padding_callback
haykam821 (1):
Remove whitespace from 'white space'
olszomal (1):
CMS_get0_signers() description
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list