[openssl] openssl-3.0.0-alpha2 create

Matt Caswell matt at openssl.org
Sat May 16 09:22:05 UTC 2020

The annotated tag openssl-3.0.0-alpha2 has been created
        at  7ada644fb969b94b096f2bbe0ced03c9d10398f7 (tag)
   tagging  9e8604b891483e2d06bb994460ca18b93011fdde (commit)
  replaces  openssl-3.0.0-alpha1
 tagged by  Matt Caswell
        on  Fri May 15 14:33:29 2020 +0100

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha2 release tag


Arne Schwabe (1):
      Fix type cast in SSL_CTX_set1_groups macro

Beat Bolli (1):
      doc: fix two invalid <B> tags

Benjamin Kaduk (7):
      sslapitest: only compile test when it will be used
      Fix whitespace nit in ossl_statem_server_pre_work
      Add SSL_new_session_ticket() API
      Add test for SSL_new_session_ticket()
      make update for SSL_new_session_ticket
      Fix up whitespace nits introduced by PR #11416
      Fix FreeBSD build with --strict-warnings

Bernd Edlinger (1):
      Fix rsa8192.pem

Christian Heimes (1):
      Use fips=yes consistently in documentation

Christian Hohnstaedt (1):
      i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success

David von Oheimb (3):
      Add function load_csr(file,format,desc) to apps/lib/apps.c
      Improve feedback on wrong format with new print_format_error() in apps/lib/opt.c
      Remove a bad 'goto end' and a few superfluous ones in apps/lib/apps.c

Dirk-Willem van Gulik (1):
      Add support for unusal 'othername' subjectAltNames

Dmitry Belyavskiy (1):
      s_server normal shutdown

Dr. David von Oheimb (13):
      Clean up the use of ERR_print_errors() in apps.c and in four apps
      Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc.
      Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal
      Constify 'req' parameter of OSSL_HTTP_post_asn1()
      Fix bio_wait() in crypto/bio/bio_lib.c in case OPENSSL_NO_SOCK
      Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c
      Reflect constifications of 62dcd2aa in doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
      Improve description of algorithm NIDs in doc/man3/OSSL_CMP_CTX_new.pod
      Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733
      Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface
      Improve CMP documentation regarding use of untrusted certs
      Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID()
      Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert()

Dr. Matthias St. Pierre (1):
      Fix use-after-free in BIO_C_SET_SSL callback

Jakub Zelenka (1):
      Add documentation for CMS_EnvelopedData_create()

Kurt Roeckx (1):
      Improve SSL_shutdown documentation.

Leo Neat (1):
      CIFuzz turning dry_run off

Mat Berchtold (2):
      When a private key is validated and there is no private key, return early.
      Add a test for EVP_PKEY_*_check functions for "DSA" keys

Matt Caswell (20):
      Prepare for 3.0 alpha 2
      Update README.ssltests.md
      Make EVP_new_raw_[private|public]_key provider aware
      Ensure OSSL_PARAM_BLD_free() can accept a NULL
      Add the ability to ECX to import keys with only the private key
      Add the library ctx into an ECX_KEY
      Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys
      Don't export ECX key data twice
      Fix the KEYNID2TYPE macro
      Implement key match functionality for ECX keys
      Document the new raw private/public key functions
      Add some tests for the newly added raw private/public key functions
      Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer
      Centralise Environment Variables for the tests
      Fix a memory leak in CONF .include handling
      Don't offer or accept ciphersuites that we can't support
      Extend test_ssl_get_shared_ciphers
      Correct alignment calculation in ssl3_setup_write
      Update copyright year
      Prepare for release of 3.0 alpha 2

Maximilian Blenk (1):
      Fix PEM certificate loading that sometimes fails

Nicola Tuveri (2):
      Fix typo from #10631
      Fix links in CONTRIBUTING.md

Nicolas Vigier (1):
      If SOURCE_DATE_EPOCH is defined, use it for copyright year

Nikolay Morozov (4):
      Code cleanup in X509v3 String Extentions
      Fix GOST curve sec bits
      SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation
      Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free()

Orgad Shaneh (1):
      Configure: Avoid SIXTY_FOUR_BIT for linux-mips64

Pauli (36):
      params: handle the modified sentinel.
      evp: convert existing code to use the new modified sentinel for params.
      params: change OSSL_PARAM_set_unmodified() to operate on a params array
      keymgmt: convert to use the params modification detection.
      travis: add GENERATE=yes no-makedepend to the ARM64 build.
      travis: remove GENERATE=yes from some non no-deprecated builds
      Undeprecate DH, DSA and RSA _bits() functions.
      param bld: avoid freeing the param builder structure on error paths.
      coverity 1462577: Incorrect expression
      coverity 1462565: Null pointer dereferences
      coverity 1462550 Resource leak
      coverity 1462541 Dereference after null check
      coverity 1462543 Logically dead code
      coverity: 1462544 Dereference after null check
      coverity 1462545 Dereference after null check
      coverity 1462546 Dereference after null check
      coverity 1462548 Resource leak
      coverity 1462549 Dereference before null check
      coverity 1462554 Dereference after null check
      coverity 1462556 Resource leak
      coverity 1462560 Resource leak
      coverity 1462561 Uninitialized scalar variable
      coverity 1462562 Dereference before null check
      coverity 1462564 Improper use of negative value
      coverity 1462566 Resource leak
      coverity 1462570 Resource leak
      coverity 1462571 Dereference after null check
      coverity 1462572 Dereference after null check
      coverity 1462573 Dereference after null check
      coverity 1462574 Resource leak
      coverity 1462567: Null pointer dereferences
      coverity 1462576 Resource leak
      coverity 1462578 Resource leak
      coverity 1462580 Improper use of negative value
      coverity 1462581 Dereference after null check
      doc: remove deprecation notes for apps that are staying.

Rich Salz (7):
      Update some nits around the FIPS module
      Rename fipsinstall.cnf->fipsmodule.cnf
      SSL_CTX_config.pod: Remove needless "NOTE" heading
      Rewrite man5/config.pod and related conf code cleanup
      In OpenSSL builds, declare STACK for datatypes ...
      travis: enable markdownlint checks
      Fix issues reported by markdownlint

Richard Levitte (50):
      Fix dev/release-aux-openssl-announce-pre-release.tmpl
      Configure: Allow quoted values in VERSION
      Configurations/windows-makefile.tmpl: Fix template code for INSTALL_MODULES
      crypto/x509/v3_alt.c: make 'othername' a bit bigger
      fuzz/asn1.c: Add missing #include
      Configurations/unix-Makefile.tmpl: fix typo
      Configure: change all references to INSTALL to INSTALL.md
      include/openssl/x509v3.h: restore previous stack definition arrangement
      include/openssl/ts.h: clean away a misplaced EVP_MD stack definition
      EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL
      util/perl/OpenSSL/OID.pm: remove the included unit test
      Fix reason code clash
      WPACKET: don't write DER length when we don't want to
      Configure: avoid perl regexp bugs
      EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up!
      Fix CHANGES.md issues reported by markdownlint
      Fix d2i_PrivateKey_ex() to work as documented
      CORE: Fix the signature of OSSL_provider_query_operation_fn
      Fix some misunderstandings in our providers' main modules
      CORE: Attach the provider context to the provider late
      Remove explicit dependency on configdata.pm when processing .in files
      PROV: Add a proper provider context structure for OpenSSL providers
      PROV: Adapt all our providers to use the new PROV_CTX structure
      OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO
      OSSL_STORE: Better information when prompting for pass phrases
      OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files
      EVP: Only use the engine when one is defined, in pkey_mac_ctrl()
      test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine
      RSA: Add RSA key types
      RSA: Extract much of the rsa_pkey_export_to() code to a separate function
      RSA: Add rsa_schemes.c, to store scheme data and translator functions
      RSA: Add a less loaded PSS-parameter structure
      RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions
      DER writer: Add the possibility to abandon empty SEQUENCEs
      PROV: Refactor the RSA DER support
      PROV: Refactor the RSA SIGNATURE implementation for better param control
      PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation
      PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters
      EVP: For SIGNATURE operations, pass the propquery early
      PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters
      EVP: Refactor the RSA-PSS key generation controls for providers
      PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters
      test/evp_pkey_provided_test.c: Display first, compare after
      test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests
      test/recipes/15-test_rsapss.t: Add test with unrestricted signature
      .travis.yml: never use -Werror, use --strict-warnings instead
      PROV: make some DER AID arrays non-static, to avoid clang complaints
      test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test
      dev/release.sh: Add --reviewer to set reviewers

Sebastian Andrzej Siewior (2):
      doc: Random spellchecking
      Configurations: Identify the shell variables around MANSUFFIX

Shane Lontis (10):
      Fix snprintf missing for windows build
      Add default property API's to enable and test for fips
      Add solaris assembler fixes for legacy provider
      Fix incorrect default keysize for CAST ofb and cfb modes.
      Fix aix compile error in cmp_ctx_test.c
      Remove cipher table lookup from EVP_CipherInit_ex
      Remove gen_get_params & gen_gettable_params from keygen operation
      Add OIDS for md4 and ripemd160 to der_rsa
      Add RSA SHA512 truncated digest support
      Remove legacy FIPS_mode functions

Shourya Shukla (1):
      Amend references to "OpenSSL license"

Thomas Dwyer III (1):
      Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers).

Tomas Mraz (2):
      The synthesized OPENSSL_VERSION_NUMBER must be long
      Replace misleading error message when loading PEM

nia (3):
      rand_unix.c: Include correct headers for sysctl() on NetBSD
      rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD
      rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes.

opensignature (1):
      Update EVP_PKEY_fromdata.pod


More information about the openssl-commits mailing list