[openssl] openssl-3.0.0-alpha15 create

Matt Caswell matt at openssl.org
Thu Apr 22 14:02:45 UTC 2021

The annotated tag openssl-3.0.0-alpha15 has been created
        at  a09d1cc08fe83d3793e55c5263261e0d0cede43d (tag)
   tagging  b07412ef80ebbcdb8ce2c9fbf714802288fc7ee4 (commit)
  replaces  openssl-3.0.0-alpha14
 tagged by  Matt Caswell
        on  Thu Apr 22 14:44:13 2021 +0100

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha15 release tag


Armin Fuerst (1):
      apps: fix warning about size_t / int conversion

Christian Heimes (1):
      Inherit hostflags verify params even without hosts

Dave Coombs (1):
      crl2pkcs7 shouldn't include empty optional sets

Dr. David von Oheimb (20):
      PEM_X509_INFO_read,{_bio}_ex(): Complete documentation in PEM_X509_INFO_read_bio_ex.pod
      d2i_PrivateKey{,_ex}() and PEM_X509_INFO_read_bio_ex(): Fix handling of RSA/DSA/EC private key
      PEM_X509_INFO_read_bio_ex(): Generalize to allow parsing any type of private key
      d2i_PrivateKey_decoder(): Fix premature exit on unsuccessful OSSL_DECODER_CTX_new_for_pkey()
      APPS: make apps strict on app_RAND_load() and app_RAND_write() failure
      APPS and TEST: Make sure prog name is set for usage output
      cmp_util.c: Fix OSSL_CMP_log_open() in case OPENSSL_NO_TRACE
      openssl-cmp.pod.in: Fix missing provider options description
      apps/cmp: Add generic random state options, e.g., for nonce generation
      80-test_cmp_http.t: Fix resumption when skipping after mock server launch failed
      80-test_cmp_http.t: Silence check for availability of 'kill' and 'lsof' commands
      80-test_cmp_http.t: Extend diagnostics of mock server launch
      OSSL_CMP_CTX_new(): Fix distinction of out-of-memory and other errors
      apps/cmp.c: Fix TLS hostname checking in case -server provides more than hostname
      PKCS12 etc.: Add hints on using -legacy and -provider-path options
      Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
      apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure
      DOC: Clarify EVP_MAC_init() params vs. EVP_MAC_CTX_set_params()
      tasn_dec.c: Add checks for it == NULL arguments; improve coding style
      ASN.1: Add some sanity checks for input len <= 0; related coding improvements

Dr. Matthias St. Pierre (1):
      util/wrap.pl: use the apps/openssl.cnf from the source tree

FdaSilvaYY (2):
      nits: fix a few typo in template code
      crypto: raise error on malloc failure clean a few style nits.

Jakub Wilk (1):
      doc: Fix formatting

Juergen Christ (1):
      Fix compile errors on s390.

Matt Caswell (17):
      Prepare for 3.0 alpha 15
      Only enable KTLS if it is explicitly configured
      Update KTLS documentation
      Remove the function EVP_PKEY_set_alias_type
      Remove a TODO(3.0) from X509_PUBKEY_set
      Store some FIPS global variables in the FIPS_GLOBAL structure
      Sanity check provider up-calls
      Change the default MANSUFFIX
      Fix some TODO(3.0) occurrences in ssl/t1_lib.c
      Don't worry about magic in the Makefile for 3.0
      Remove a TODO(3.0) from keymgmt_lib.c
      Change the semantics of OSSL_LIB_CTX_set0_default() NULL handling
      Add the function OSSL_LIB_CTX_get0_global_default()
      Add a test for OSSL_LIB_CTX_set0_default
      Avoid the need for Configure time 128-bit int detection
      Update copyright year
      Prepare for release of 3.0 alpha 15

MichaM (1):
      Fix typos

Nan Xiao (4):
      Fix typo in statem_clnt.c
      Fix typos in x509.pod
      demos: Add clean target for bio/Makefile
      Fix typo in aesccm.c

Nicola Tuveri (1):
      Add missing argname for keymgmt_gettable_params and keymgmt_settable_params prototypes

Pauli (26):
      apps: fix Camellia CBC performance loop
      Add additional KMAC error
      kmac: add long customisation string example
      kmac: fix customistation string overflow bug
      kmac: update the documention for the customisation string maximum length
      Note deprecated function/macros with no replacement.
      bio: add a malloc failed error to BIO_print
      bio: note that BIO_sprintf null terminates on insufficient space.
      bio_printf: add \0 terminators for error returns in floating point conversions.
      changes: note that some ctrl calls have a different error return.
      SipHash: Fix CTRL API for the digest size.
      lifecycle: correct [sg]ettable to [sg]et
      lifecycle: update master lifecycle transition spreadsheet fixing the ettable issue
      Fix naming for EVP_RAND_CTX_gettable functions.
      params_dup: fix off by one error that allows array overreach.
      srp: fix double free,
      ts: fix double free on error path.
      engine: fix double free on error path.
      test: fix double free problems.
      x509: remove most references to EVP_sha1()
      cms: remove most references to EVP_sha1()
      ocsp: remove references to EVP_sha1()
      pem: remove references to EVP_sha1()
      srp: remove references to EVP_sha1()
      dsa: remove unused macro
      asn1: fix indentation

Petr Gotthard (2):
      apps: call ERR_print_errors when OSSL_PROVIDER_load fails
      Fix memory leak in X509_REQ

Rich Salz (7):
      Standard style for all EVP_xxx_free routines
      Add "origin" field to EVP_CIPHER, EVP_MD
      Remove extra trailing semicolon
      Fetch and free cipher and md's
      Fetch before get-by-name
      Flip ordering back
      Use build.info not file-wide ifndef

Richard Levitte (13):
      Github workflows: re-implement a no-shared build
      PROV: Add OIDs we know to all provider applicable algorithms
      TEST: Modify test/evp_fetch_prov_test.c to also fetch by OID
      TEST: Modify testutil's run_tests to display NOSUBTEST cases individually
      TEST: Modify how the retrieved digest name for SM2 digestsign is checked
      Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()
      CORE: Register all legacy "names" when generating the initial namemap
      TEST: Use OSSL_MAX_NAME_SIZE instead of arbitrary number of mdname
      CORE: pre-populate the namemap with legacy OIDs too
      ENCODER & DECODER: Allow decoder implementations to specify "carry on"
      Adapt our decoder implementations to the new way to indicate succes / failure
      TEST: Adapt the EVP test
      STORE: Discard the error report filter in crypto/store/store_result.c

Shane Lontis (8):
      Add OSSL_PARAM_dup() and OSSL_PARAM_merge().
      Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free().
      Add FIPS Self test for AES_ECB decrypt
      Fix windows compiler error in kmac_prov.c
      Add domain parameter match check for DH and ECDH key exchange.
      Add some additional NULL checks to prevent segfaults.
      Add EVP_PKEY_todata() and EVP_PKEY_export() functions.
      Add more negative checks for integers passed to OPENSSL_malloc().

Tanzinul Islam (21):
      Avoid "&&" in windows-makefile.tmpl
      Move VS Tools configuration to VC-common target
      Avoid space between "-I" and include directory
      Generalize delimiter in archiver response file
      Avoid quoting dependency filepaths in build tree
      Ensure at least one command if no dependencies
      Generalize link rule in windows-makefile.tmpl
      Avoid redirection to quoted filename
      Resurrect and modernize C++Builder config
      Use cmd.exe to export env vars before commands
      Add explanation + bugtracker link for quoted dependency workarounds
      Replace "ld_wildcard_args" with "bin_lflags"
      Document C++Builder usage in NOTES-WINDOWS.md
      Ensure cw32mt.lib and import32.lib are linked to in no-sock mode
      Support DLL builds + Fix C RTL variants
      Build resource files
      Avoid more MSVC-specific C runtime library functions
      Generate dependency information
      Link with .def files
      Link with uplink module
      Remove crypt32.lib from C++Builder configuration

Todd Short (1):
      Handle set_alpn_protos inputs better.

Tomas Mraz (17):
      provider-decoder.pod: Documentation of provider side decoder API
      Small fixes and cleanups of provider API documentation
      Always reset IV for CBC, OFB, and CFB mode on cipher context reinit
      X509_NAME_cmp: if canon_enclen is 0 for both names return 0
      Document the invariants for the empty X509_NAME encoding
      Implement provider-side keymgmt_dup function
      Add selection support to the provider keymgmt_dup function
      Remove keymgmt_copy function from the provider API
      Do not allow creating empty RSA keys by duplication
      Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name
      Add OID for mdc2WithRSASignature and remove related TODO 3.0
      Add DHX FIPS 186-4 domain parameter validation example
      Do IV reset also for DES and 3DES implementations
      Add test for the IV handling of DES based ciphers
      Detect low-level engine and app method based keys
      Update krb5 module to latest release
      Fix build failure with MSVC


More information about the openssl-commits mailing list