[openssl] openssl-3.0.0-alpha14 create
Matt Caswell
matt at openssl.org
Thu Apr 8 12:25:45 UTC 2021
The annotated tag openssl-3.0.0-alpha14 has been created
at 448d9b589ad9a6dba838844dfcbd33efb7db2ac0 (tag)
tagging f510d614a7e981cbf69f11ae186c97d3fa00dda9 (commit)
replaces openssl-3.0.0-alpha13
tagged by Matt Caswell
on Thu Apr 8 13:15:49 2021 +0100
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha14 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmBu8/URHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJEccQgAsw0cOHoaYy9uueJKVSP7fq3KZWP9x1HX
VSca2orAoGYaWinSGcOPX2W6wQsATsupqaUXFM+SDVBJl11VQmTUCgZJ4mGqmzri
dDC+ps2pW0kJIldvO8S7JSVlBqcuGWRGWtmS46fTmsJEWFlvU3dSeJGKO/IrsJ5A
rE0KHQ1BbayjkO7WYyWz8sfhxFzBKO0+0sPh4UdECZOkcl3xeKYQVuKFqRtRP87l
bfALVNjnCwvg1ApBl667vq+ie4C7ozi50KoJbbrisBvBQGvyNH1nGpSXXOEzoFsP
bR53Rl7ePRiwo2KwhIR03yQ0/edPurzqdzR/+DBzhhpgH2Atwe+63A==
=CM6J
-----END PGP SIGNATURE-----
Alex Yursha (1):
Print correct error message in utils/mkdir-p.pl
Alexander Traud (1):
ssl/ssl_ciph.c: update format string, again
Amitay Isaacs (12):
numbers: Define 128-bit integers if compiler supports
Use numbers definition of int128_t and uint128_t
curve448: Use relative includes to avoid explicit dependencies
Partially Revert "Remove curve448 architecture specific files"
curve448: Rename arch_ref64 to arch_64
curve448: Modernise reference 64-bit code
curve448: Use NLIMBS where appropriate to simplify the code
curve448: Remove the unrolled loop version
Add a constant time zero check function for 64-bit integers
curve448: Use constant time zero check function
Configure: Check if 128-bit integers are supported by compiler
curve448: Integrate 64-bit reference implementation
Andrey Matyukov (4):
Dual 1024-bit exponentiation optimization for Intel IceLake CPU with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key operations. It uses 256-bit registers to avoid CPU frequency scaling issues. The performance speedup for RSA2k signature on ICL is ~2x.
Rearranged .pdata entries in rsaz-avx512.pl to make them properly ordered.
Moved build instructions from the man page
Increase minimum clang version requirement for rsaz-avx512.pl
Anthony Hu (1):
Increase the upper limit on group name length
Arthur Gautier (1):
EVP_KDF-KB man page: fixup ABI/API change
Beat Bolli (4):
ASN1: add an internal header to validate Unicode ranges
ASN1: limit the Unicode code point range in UTF8_getc() and UTF8_putc()
ASN1: check the Unicode code point range in ASN1_mbstring_copy()
Add tests for the limited Unicode code point range
Benjamin Kaduk (1):
Increase HKDF_MAXBUF from 1024 to 2048
David Benjamin (1):
Merge OFB encrypt and decrypt test vectors.
Dr. David von Oheimb (16):
openssl-cmp.pod.in and apps/cmp.c: Various minor do improvements
TS ESS: Let TS_RESP_verify_signature() make use of untrusted certs also from token response
apps/ts.c: Allow -untrusted arg to refer to multiple sources
apps.c: Fix missing newline in warn_cert_msg() output
TS ESS: Invert the search logic of ts_check_signing_certs() to correctly cover cert ID list
ts_check_signing_certs(): Make sure both ESSCertID and ESSCertIDv2 are checked
TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func
APPS: fix load_certs_multifile() interpreting backslashes
HTTP: Rename OSSL_HTTP_REQ_CTX_i2d() to OSSL_HTTP_REQ_CTX_set1_req()
HTTP: Fix mem leak of OSSL_HTTP_REQ_CTX_transfer(), rename to ossl_http_req_ctx_transfer()
HTTP: Fix method_POST param by moving it to OSSL_HTTP_REQ_CTX_set_request_line()
http_client.c: Prevent spurious error queue entry on NULL mem argument
80-test_cmp_http.t: Add diagnostic info on starting/stopping mock server
OSSL_parse_url(): Improve handling of IPv6 addresses
OSSL_HTTP_REQ_CTX_transfer(): improve distinction of send error vs. receive error
CHANGES.md: reflect OSSL_HTTP_REQ_CTX_i2d renamed to OSSL_HTTP_REQ_CTX_set1_req
Fangming.Fang (1):
Fix AES-CBC perf test failure issue
FdaSilvaYY (1):
Fix a windows build break
Jakub Zelenka (1):
Update CHANGES with info about AuthEnvelopedData addition
Jon Spillett (4):
Add testing for non-default library context into evp_extra_test
Fix up issues found when running evp_extra_test with a non-default library context
Remove TODO comment. Resolves #14396
endecode_test: Add file and line arguments to test callbacks
Juergen Christ (1):
Fix compilation under -Werror
Kevin Cadieux (1):
Fixing stack buffer overflow error caused by incorrectly sized array.
Matt Caswell (25):
Prepare for 3.0 alpha 14
Don't crash if the pkeyopt doesn't have a value
Remove a TODO from async_delete_thread_state()
Convert a TODO(3.0) in OPENSSL_thread_stop_ex to a comment
Add a CHANGES entry for the cosmetic differences in textual output
Ensure that ECX keys pass EVP_PKEY_param_check()
Add a CHANGES entry for EVP_PKEY_public_check() and EVP_KEY_param_check()
Fix a TODO(3.0) in the siphash code
Remove a TODO(3.0) from EVP_PKEY_derive_set_peer()
Convert some TODO(3.0) comments in init.c to normal comments
Ensure we deregister thread handlers even after a failed init
Update README-FIPS.md
Be more selective about copying libcrypto symbols into legacy.so
Teach TLSProxy how to encrypt <= TLSv1.2 ETM records
Add a test for CVE-2021-3449
Ensure buffer/length pairs are always in sync
Update CHANGES.md and NEWS.md for new release
Fix change in behaviour of EVP_PKEY_CTRL_RSA_KEYGEN_BITS
Expand the libcrypto documentation
Add additional glossary entries
Update provider.pod
Update the algorithm fetching documentation links
Remove a TODO in EVP_set_default_properties
Update copyright year
Prepare for release of 3.0 alpha 14
Mohamed Akram (1):
doc: fix enc -z option documentation
Nan Xiao (9):
Fix typo in bio.h.in
Fix BIO_new_ssl_connect() to not leak memory
Fix typo in BIO_push.pod
Fix typos in bio.pod
Remove unnecessary BIO_do_handshake()s
Fix typos in ssl_lib.c
Fix potential double free in sslapitest.c
Remove unnecessary setting SSL_MODE_AUTO_RETRY
Fix typo in store_meth.c
Pauli (140):
test: add params argument to key manager's gen_init call
evp: add params argument to key manager's gen_init call
provider: add params argument to key manager's gen_init call
core: add params argument to key manager's gen_init call
doc: add params argument to key manager's gen_init call
prov: asym ciphers take an extra init() params argument
core: add params arguments to init calls
evp: add params arguments to init functions
doc: update PKEY documentation to include the new init functions with params
misc: other init function param additions
prov: update exchange algorithms to support params on the init call
prov: update KEM to support params on init()
apps: support param argument to init functions
ssl: support params arguments to init functions
test: support params arguments to init functions
doc: document param argument to cipher init calls
doc: document param argument to RSA calls
prov: support param argument to digest init calls
doc: update digest documentation to include the new init functions with params
prov: update digests to support modified ctx params
prov: support params arguments to signature init calls
prov: support params argument to RCx ciphers
prov: support params argument to CHACHA20 ciphers
prov: support param argument to null cipher init calls
prov: support param argument to DES cipher init calls
prov: support params argument to common cipher init calls
doc: update cipher documentation to include the new init functions with params
support params argument to AES cipher init calls
doc: document the additional params argument to the various init() calls
doc: note that get_params and set_params calls should return true if the param array is null
prov: add extra params argument to KDF implementations
update set_ctx_param MAC calls to return 1 for a NULL params
update set_ctx_param DRBG calls to return 1 for a NULL params
update set_ctx_param store management calls to return 1 for a NULL params
core: modify ossl_provider_forall_loaded() to avoid locking for the callbacks
doc: describe the return from ossl_provider_forall_loaded()
rename ossl_provider_forall_loaded to ossl_provider_doall_activated
ssl: fix format specifier for size_t argument to BIO_printf
property: default queries create the property values.
prov: remove TODO in der_rsa_key.c
prov: remove todos in rsa_keymgmt.c
doc: remove TODOs about redesigning the AEAD API
params: clean up TODO
Remove TODOs from digest.c
ci: add a no-legacy build
modes: fix coverity 1449851: overlapping memory copy
modes: fix coverity 1449860: overlapping memory copy
ssl: fix coverity 1451515: out of bounds memory access
apps: fix coverity 966560: division by zero
test: fix Coverity 1454818: use after free
test: fix coverity 1451553: resource leak
test: fix coverity 1451562: resource leak
test: fix coverity 1454040: resource leak
test: fix coverity 1414445: resource leak
test: fix coverity 1414449 & 1414471: resource leak
ssl: fix coverity 1451495: resource leak
test: fix coverity 1455330, 1455332, 1455334, 1455342, 1455344 : resource leak
test: fix coverity 1470559: resource leak
evp: fix coverity 1470561: resource leak
rsa: fix coverity 1472658: resource leak
apps: fix Coverity 1472670 & 1472685: resource leaks
decoder: fix Coverity 1473236 & 1473386: resource leaks
evp: fix coverity 1445872 - dereference after null check
async: coverity 1446224 - dereference after null check
test: coverity 1455747 - dereference after null check
test: coverity 1455749 - dereference after null check
ssl: coverity 1465527 - dereference after null check
test: coverity 1469426 - dereference after null check
x509: coverity 1472673 & 1472693 - dereference after null checks
evp: fix coverity 1473381 - dereference after null check
sslapitest: fix problem in cleanup on failure path
evp: fix coverity 1473380: copy into fixed size buffer
pem: fix coverity 1474426: uninitialised scalar variable.
err: fix coverity 1452768: dereference after null check
apps: fix coverity 271258: improper use of negative value
test: fix coverity 1371689 & 1371690: improper use of negative values
enc: fix coverity 1451499, 1451501, 1451506, 1451507, 1351511, 1451514, 1451517, 1451523, 1451526m 1451528, 1451539, 1451441, 1451549, 1451568 & 1451572: improper use of negative value
test: fix coverity 1451574: improper use of negative value
test: fix coverity 1454812: improper use of negative value
test: fix coverity 1469427: impropery use of negative value
test: fix coverity 1451534: improper use of negative value
apps: fix coverity 1451544: improper use of negative value
dh: fix coverty 1474423: resource leak
ec_keymgmt: fix coverity 1474427: resource leak
x509: fix coverity 1461225: data race condition
x509: fix coverity 1474424: data race condition
rand: fix coverity 1473636: data race condition
rsa: fix coverity 1463571: explicit null dereference
sm2: fix coverity 1467503: explicit null dereference
apps: fix coverity 1470781: explicit null dereference
encoder: fix coverity 1473235: null dereference
test: fix coverity 1338157: unchecked return value
apps: fix coverity 1358776, 1451513, 1451519, 1451531 & 1473387: unchecked return values
test: fix coverity 1414451: unchecked return value
test: fix coverity 1416888: unchecked return value
test: fix coverity 1429210: unchecked return value
test: fix coverity 1451550: unchecked return value
apps: fix coverity 1455340: unchecked return value
evp: fix coverity 1467500 & 1467502: unchecked return values
params: fix coverity 1473069: unchecked return values
evp: fix coverity 1473378: unchecked return value
test: fix coverity 1473609 & 1473610: unchecked return values
doc: add life-cycle source files
doc: note that KDF/PRF transitions will be enforced at some future point
doc: life-cycle description for KDFs/PRFs
doc: note that RAND lifecycle transitions will be enforced at some point
doc: life-cycle descritpion for RANDs
doc: note that MAC lifecycle transitions will be enforced at some point
doc: life-cycle descritpion for MACs
doc: add documentation for the X509_PUBKEY_dup() function
test: add test case for X508_PUBKEY_dup() function
Fix X509_PUBKEY_dup() to not leak memory
doc: fix style problems with this man page
x509: fix coverity 1474471: NULL pointer dereference
x509: fix coverity 1474470: NULL pointer dereference
evp: fix coverity 1474469: negative return
test: fix coverity 1474468: resource leak
apps: fix coverity 1474463, 1474465 & 1474467: resource leaks
ssl: fix problem where MAC IDs were globally cached.
Check for integer overflow in i2a_ASN1_OBJECT and error out if found.
Ensure that the negative flag is correct set for ASN1 integer types.
Make the lock in CRYPTO_secure_allocated() a read lock
Remove locking in CRYPTO_secure_allocated()
Disallow ASN.1 enumerated types to be treated as strings.
test: fix coverity 1475941: resource leak
test: fix coverity 1475940: negative return
test: fix coverity 1473234 & 1473239: argument cannot be negative
evp: fix coverity 1472682: argument cannot be negative
evp: fix coverity 1451510: argument cannot be negative
evp: fix coverity 1451509: argument cannot be negative
evp: fix coverity 1473631: argument cannot be negative
dh: fix coverity 1473238: argument cannot be negative
fix coverity 1466710: resource leak
apps: fix AES CBC performance loop
property: check return values from the property locking calls.
test: fix problem with threads test using default library context.
property: lock the lib ctx when updating the property definition cache
Revert "Fix AES-CBC perf test failure issue"
param_build: check for the usage of secure memory better.
test: add extra secure memory test case.
Peter Kaestle (1):
ssl sigalg extension: fix NULL pointer dereference
Randall S. Becker (6):
Disable fips-securitychecks if no-fips is configured.
Add $(PERL) to util/wrap.pl execution to avoid env incompatibilities
Add explicit support in util/shlib_wrap.sh.in for NonStop DLL loading.
Added guarding #ifndef/#define to avoid duplicate include of crypto/types.h
Split Makefile clean recipe for document sets into individual lines.
Corrected missing definitions from NonStop SPT build.
Rich Salz (4):
Fix error-checking compiles for mutex
Always check CRYPTO_LOCK_{read,write}_lock
Make fipsinstall -out flag optional
Add a local perl module to get year last changed
Richard Levitte (29):
PROV: use EVP_CIPHER_CTX_set_params() rather than EVP_CIPHER_CTX_ctrl()
TEST: Stop the cleanup in test/recipes/20-test_mac.t
Fix a missing rand -> ossl_rand rename
Configure: check all DEPEND values against GENERATE, not just .h files
PROV: Refactor DER->key decoder
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders
PROV: Add RSA-PSS specific OSSL_FUNC_KEYMGMT_LOAD function
PROV: Add type specific PKCS#8 decoding to the DER->key decoders
PROV: Add type specific MSBLOB and PVK decoding for the MS->key decoders
TEST: Modify test/endecode_test.c to give the decoder callback the structure
STORE: Use the same error avoidance criteria as for the DER->key decoder
TEST: Clarify and adjust test/recipes/30-test_evp.t
Make evp_privatekey_from_binary() completely libcrypto internal
Make ossl_d2i_PUBKEY_legacy() completely libcrypto internal
ASN1: Reset the content dump flag after dumping
RSA-PSS: When printing parameters, always print the trailerfield ASN.1 value
TEST: Cleanup test recipes
Unix build file template: symlink "simple" to "full" shlib selectively
Android config targets: don't include the SO version in the shlib file name
Re-implement ANSI C building with a Github workflow
EVP: One stray comma removed in crypto/evp/ctrl_params_translate.c
CORE: Add an algorithm_description field to OSSL_ALGORITHM
Add OSSL_DECODER_description() and OSSL_ENCODER_description()
Add OSSL_STORE_LOADER_description()
EVP: Add EVP_<TYPE>_description()
APPS: Replace the use of OBJ_nid2ln() with name or description calls
Refactor CPUID code
Include BN assembler alongside CPUID code
test/recipes/02-test_errstr.t: Do not test negative system error codes
Sahana Prasad (2):
Allocates and initializes pubkey in X509_PUBKEY_dup()
Adds a new lock to read default_path and uses a strdup() on default_path before using it Fixes #14483 Signed-off-by: Sahana Prasad <sahana at redhat.com>
Shane Lontis (39):
Remove TODO in test/acvp_test.c related to setting AES-GCM iv.
Remove TODO in rsa_ameth.c
Fix DSA EVP_PKEY_param_check() when defaults are used for param generation.
Fix external symbols for crypto_*
Fix misc external ossl_ symbols.
Add ossl_rand symbols
Add ossl_asn1 symbols
Add ossl_encode symbols
Add ossl_rsa symbols
Add ossl_v3 symbols
Add ossl_ ecx symbols
Add ossl_ conf symbols
Add ossl_aria symbols
Add ossl_siv symbols
Add ossl_ symbols for sm3 and sm4
Add ossl_sa symbols
Add ossl_bn_group symbols
Add ossl_ symbol to x509 policy
Add ossl_lhash symbols
Add ossl_gost symbols
Add ossl_ x509 symbols
Add ossl_pem_check_suffix symbol
Add ossl_pkcs5_pbkdf2_hmac_ex symbol
Add ossl_is_partially_overlapping symbol
rename err_get_state_int() to ossl_err_get_state_int()
Rename CMS_si_check_attributes to ossl_cms_si_check_attributes
Add ossl_provider symbols
Fix windows build compiler issue.
Fix DER reading from stdin for BIO_f_readbuffer
Fix usages of const EVP_MD.
Add coveralls to CI
Disable cmp_http test on AIX
Fix Build issue on Oracle Linux x64
Update deprecated API's in the documentation.
Fix DH gettable OSSL_PKEY_PARAM_DH_PRIV_LEN so that it has the correct type.
Add a range check (from SP800-56Ar3) to DH key derivation.
Test miminal windows build using Github actions
Add macosx build
Fix more certificate related lib_ctx settings.
Tobias Nießen (1):
Fix option description for PKCS#12 export
Tomas Mraz (32):
Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto
Remove the RAND_get0_public() from fips provider initialization
acvp_test: Do not expect exact number of self tests
keymgmt_meth: remove two TODO 3.0
apps: Add maybe_stdin argument to load_certs and set it in pkcs12
apps: Make load_key_certs_crls to read only what is expected
Use --debug with no-caching build as sanitizers need it
decoder_process: data_structure can be NULL
provider_core: Remove two TODO 3.0
core_get_libctx: use assert() instead of ossl_assert()
property_test: use property values that are not used elsewhere
p_lib.c: Remove TODO comments
Add some encoder and decoder code examples
apps/crl: Print just the hash value if printing just hash
evp_keymgmt_util_copy: Fix possible leak on copy failure
Make EVP_PKEY_missing_parameters work properly on provided RSA keys
Added functions for printing EVP_PKEYs to FILE *
ASYNC_start_job: Reset libctx when async_fibre_swapcontext fails
EVP_PKEY_get_*_param should work with legacy
EVP_PKCS82PKEY: Create provided keys if possible
Remove the external BoringSSL test
Make the SM2 group the default group for the SM2 algorithm
Remove RSA bignum_data that is not used anywhere
Implement EVP_PKEY_dup() function
EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256
Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
EVP_CIPHER_type: fix misleading argument name
Avoid going through NID when unnecessary
Add "save-parameters" encoder parameter
DSA_generate_parameters_ex: use the old method for all small keys
Deprecate the EVP_PKEY controls for CMS and PKCS#7
div2016bit (1):
Tiny clarification of comment for RSA_sign
luyahan (1):
Add riscv64 target
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list