[openssl] openssl-3.0.0-alpha9 create
Matt Caswell
matt at openssl.org
Thu Nov 26 15:12:15 UTC 2020
The annotated tag openssl-3.0.0-alpha9 has been created
at 74413e120fec693be1b394358bf1bbbb568344e6 (tag)
tagging 68ec3d4730a52d32edb35cb602f6580f27d64e8b (commit)
replaces openssl-3.0.0-alpha8
tagged by Matt Caswell
on Thu Nov 26 14:53:15 2020 +0000
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha9 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl+/wVsRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHLpQgAgyurZ1CxpXoYNeyFg0TQbUH6uYGernrX
1P2bE+jyiHFHnTwBpk1v7ITawIMOhx9btBwiR047BUypNf7ff9ZlEjM38XIwwMM9
8R+Lap+Xs13j8j1dlIAWNYO5deFaAW7NbfnbWH4mP9g6YeJ7815JPViwUaNPQ0cz
ZIKsXU4rTXmJBaZNcoK330qSd0vk0R5HbAFWaZdJHBuiDZwh5JwQcuBe4Prhoi+C
gkE1FG985yTlBP9vOQY6myf46F2NeI0GqPD2aBmNFTCbvQ1nhEGK/VHWMABPlwcp
d5zvk2eWtuelmQNTUMrLfHelj9OKRbHG9bySLEfvNtaBG+XNKCujiw==
=61Bl
-----END PGP SIGNATURE-----
Ankita Shetty (1):
x509_vfy.c: Remove superfluous assignment to 'ret' in check_chain()
Bernd Edlinger (1):
This should fix a lock-order-inversion
Daniel Bevenius (2):
Fix REF_PRINT_COUNT argument in ecx_key_free
REF_PRINT: cast pointer to void to avoid warnings
David Carlier (3):
DragonFlyBSD build fix and update.
NetBSD build fix.
Haiku system build fix.
David von Oheimb (7):
Improve doc of X509_verify_cert(), also in openssl.pod
CHANGES.md: Mention (strict) checks recently added to X509_verify_cert()
x509_vfy.c: Introduce CHECK_CB macro simplifying use of cert verification cb function
x509_vfy.c: Call verification callback individually per strict check in check_chain()
apps/ca: Minor code and doc cleanup
Minor cleanup of error output for various apps
apps/pkcs12: Retain test output files
Dmitry Belyavskiy (1):
Check the configuration file by default
Dr. David von Oheimb (23):
apps/cmp.c: Improve order of -path option: just after -server
openssl-cmp.pod.in: Align order of options with apps/cmp.c; improve structuring of SYNOPSIS
openssl-*.pod.in: Prevent newlines on empty engine_synopsis causing layout errors
openssl.pod: Improve doc of -verify_email, -verify_hostname, and -verify_ip
openssl-cmp.pod.in: Clean up doc of -verify_email, -verify_hostname, and -verify_ip
cmp_msg.c: Use issuer of reference cert as default issuer entry in certTemplate
25-test_x509.t: Re-add and improve a test on non-existence of ASN.1 parse errors
Minor improvements of doc for ca and x509 app
apps/pkcs12: Do not prompt for password in case -nomac and -noenc/-nodes
apps/pkcs12: Really do not perform MAC in case -nomac
apps/storeutl: Add error output in case of parse/decryption/mac errors in input files
e_loader_attic.c: Remove redundant 'pass phrase' sub-string from try_decode_PKCS12()
Allow for PKCS#12 input without MAC in p12_kiss.c and e_loader_attic.c
e_loader_attic.c: Improve result handling of file_load_try_decode()
apps/pkcs12: Clean up the order in which many options are presented
apps.c: re-enable loading single certs and CRLs over HTTP
apps/cmp.c: Add diagnostics on config file section(s) used
apps/cmp.c: Improve diagnostics on -server URL parse error
CMP: prevent misleading PKIStatusInfo output if not response available
ossl_cmp_certreq_new(): Fix POPO key mismatch in case newPkey is just public key
re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC (avoiding DES)
apps/cmp.c: Improve description of key loaded due to -newkew option
apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
Fred Hornsey (1):
Support for Android NDK r22-beta1
Matt Caswell (45):
Prepare for 3.0 alpha 9
Don't clear errors on failure in CONF_modules_load_file_ex()
Don't clear the whole error stack when loading engines
Don't complain about uninitialized values when running Configure
Correct system guessing for solaris64-x86_64-* targets
Fix the reading of DSA parameters files using the dsaparam app
Remove some redundant error messages in the apps
Convert TLS auto DH parameters to use EVP_PKEY
Convert TLS ServerKeyExchange processing to use an EVP_PKEY
Deprecate SSL_CTRL_SET_TMP_DH and other related ctrls
Avoid the use of a DH object in tls_construct_cke_dhe()
Remove DH usage in tls_construct_server_key_exchange()
Remove DH usage from tls_process_cke_dhe
Disable the DHParameters config option in a no-deprecated build
Remove deprecated functionality from s_server
Implement a replacement for SSL_set_tmp_dh()
Only disabled what we need to in a no-dh build
Return sensible values for some SSL ctrls
Document some SSL DH related functions/macros
Add a test for the various ways of setting temporary DH params
Add a CHANGES.md entry for the "tmp_dh" functions/macros
Add some additional test certificates/keys
Extend the auto DH testing to check DH sizes
Adapt ssltest_old to not use deprecated DH APIs
Swap to DH_PARAMGEN_TYPE_GENERATOR as the default outside of the FIPS module
Swap to FIPS186-2 DSA generation outside of the FIPS module
Allow multiple nested marks
Add a test for setting, popping and clearing error marks
Convert dhparam to be fully based on EVP
Add encoder support to dhparam
Remove some unneeded variables from dhparam
Add a test for the dhparam CLI application
Move some libssl global variables into SSL_CTX
Turn on Github CI
Undeprecate the -dsaparam option in the dhparam app
Don't forget the datatype when decoding a PEM file
Test various deprecated PEM_read_bio_* APIs
Test that OSSL_STORE can load various types of params
Ensure Stream ciphers know how to remove a TLS MAC
Fix RC4-MD5 based ciphersuites
Re-enable testing of ciphersuites
Remove deprecation warning suppression from genpkey
Fix no-rc2
Update copyright year
Prepare for release of 3.0 alpha 9
Nicola Tuveri (1):
[test/recipes] Split test_fuzz into separate recipes
Pali Rohár (1):
Document pkcs12 alg NONE
Pauli (17):
rsa_test: add return value check
apps/passwd: remove the -crypt option.
Document the provider KDF API.
Rename md5_sha1_* ossl_md5_sha1_*
rename md5_block_asm_data_order to ossl_md5_block_asm_data_order
rename mac_key_* to ossl_mac_key_*
Provide side RNG functions renamed to have an ossl_ prefix.
rename sha1_ctrl to ossl_sha1_ctrl.
Rename SHA3 internal functions so they have an ossl_ prefix
Rename internal drbg_ functions so they have an ossl_ prefix.
Fix some warnings from clang 10 in params.c
doc: Documentation changes for moving the entropy source out of the fips provider
rand: move the entropy source out of the FIPS provider
test: changes resulting from moving the entropy source out of the FIPS provider
prov: move the entropy source out of the FIPS provider
disassociate test RNG from the DRBGs
test RNG: set state to uninitialised as part of uninstantiate call.
Petr Gotthard (1):
Fix double-free in decoder_pkey.c
Rich Salz (2):
Remove -C from dhparam,dsaparam,ecparam
Remove -C option from x509 command
Richard Levitte (57):
Fix test/recipes/80-test_ca.t to skip_all properly in a subtest
EVP: Have all EVP_PKEY check functions export to provider if possible
test/evp_extra_test.c: Modify to reflect provider support in test_EVP_PKEY_check
UI: Use OPENSSL_zalloc() in general_allocate_prompt()
PEM: Always use PEM_def_callback() when cb == NULL in pem_read_bio_key()
DECODER: Add support for specifying the outermost input structure
DECODER: Add support for OSSL_FUNC_decoder_does_selection()
DECODER: Add input structure support for EVP_PKEY decoding
DECODER: Add tracing
PROV: Re-implement all the keypair decoders
Adapt libcrypto functionality to specify the desired input structure
DH: Move the code to set the DH sub-type
TEST: Adapt test/endecoder_test.c
Restore the legacy implementation of PEM_read_bio_DHparams()
PEM: Have pem_read_bio_key() set the OSSL_STORE expected type
OSSL_STORE: Make sure the called OSSL_DECODER knows what to expect
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call
SSL: refactor ossl_statem_fatal() and SSLfatal()
SSL: refactor all SSLfatal() calls
Convert all {NAME}err() in providers/ to their corresponding ERR_raise() call
CORE: Add support for specifying the outermost object structure
ENCODER: Add support for specifying the outermost output structure
ENCODER: Add support for OSSL_FUNC_encoder_does_selection()
ENCODER: Add output structure support for EVP_PKEY encoding
ENCODER: Add tracing
PROV: Re-implement all the keypair encoders
Adapt libcrypto functionality to specify the desired output structure
test/endecode_test.c: Update to specify output structures
test/evp_libctx_test.c: use OSSL_ENCODER instead of i2d_PublicKey()
test/recipes/30-test_evp_libctx.t: use fips-and-base.cnf
EVP: Adapt EVP_PKEY2PKCS8() to better handle provider-native keys
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()
crypto/provider_core.c: fix a couple of faulty ERR_raise_data() calls
BIO: Undefine UNICODE in b_addr.c to get POSIX declaration of gai_strerror()
Fix a few github file references
Fix SUPPORT.md for better readability
test/endecoder_legacy_test.c: new test for legacy comparison
DOC: Fixup the description of the -x509_strict option
util/mkrc.pl: Make sure FILEVERSION and PRODUCTVERSION have four numbers
util/find-doc-nits: check podchecker() return value
Really deprecate the old NAMEerr() macros
Simplify util/err-to-raise
CONF: Convert one last CONFerr() to ERR_raise()
DOC: Rewrite the section on reporting errors in doc/man3/ERR_put_error.pod
DOC: Fix example in OSSL_PARAM_int.pod
Deprecate RSA harder
SSL: Change SSLerr() to ERR_raise()
util/fix-deprecation: DEPRECATEDIN conversion util for public headers
RSA: Fix guard mixup
TEST: Make our test data binary
ERR: Modify util/mkerr.pl to produce internal err string loaders
Modify the ERR init functions to use the internal ERR string loaders
ERR: Rebuild all generated error headers and source files
Add missing ERR_load_KDF_strings(3) to util/missingcrypto111.txt as well.
APPS: Guard use of IPv6 functions and constants with a check of AF_INET6
DOC: Add note on how to terminate an OSSL_PARAM array
Shane Lontis (7):
Remove test that breaks on AIX.
Add support for making all of KBKDF FixedInput fields optional.
Remove unused helper functions EVP_str2ctrl() & EVP_hex2ctrl().
Fixup EVP-MAC-KMAC documentation
Add documentation for EVP_PKEY2PKCS8/EVP_PKCS82PKEY
Fix dsa securitycheck for fips.
Fix crash in genpkey app when -pkeyopt digest:name is used for DH or DSA.
Tomas Mraz (3):
Avoid duplicate ends_with_dirsep functions
Add ossl_is_absolute_path function to detect absolute paths
Do not prepend $OPENSSL_CONF_INCLUDE to absolute include paths
XiaokangQian (1):
Optimize AES-XTS mode in OpenSSL for aarch64
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list