[openssl] openssl-3.0.0-alpha12 create
Matt Caswell
matt at openssl.org
Thu Feb 18 15:24:18 UTC 2021
The annotated tag openssl-3.0.0-alpha12 has been created
at ba908b36f412d1a4a26aefee3841e276c09b5413 (tag)
tagging b467d394eb11ac94500d9f003426f5fa75d60c3c (commit)
replaces openssl-3.0.0-alpha11
tagged by Matt Caswell
on Thu Feb 18 15:08:54 2021 +0000
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha12 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAugwYRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJEqoggAq+1HjMo/su4rXEcxn6kH3kRMJUNKe887
tky9dlzVjCJH7cWQm8tVGlmcvqmYqXvW0Wj2oImKWlrFifcIhQcrhmtw/hDHLd5l
zaf/yrILs19B8zenw9gCKEQe1TY2JJ6YorvVXE8GtdgaOl+JMM6LSC69Js+m9Ffl
ij7NxZJYGEcdPNlWjdf0kdy5WrrGU7SO4vpKe983LvNWsd8TaOFCghPCruSgpg72
tkFMtoRQeng1ukBivOQf2GTrlzL8OQ9+I7OX4gCh7/WN228uOVaRU23Bot5EP1nR
+qkyox8L32zbvivlzEWB+5kq3VSjbLWf5LRhkc50jumwDM00LkyZuQ==
=oN+j
-----END PGP SIGNATURE-----
Armin Fuerst (1):
apps/ca: Properly handle certificate expiration times in do_updatedb
Beat Bolli (1):
README-ENGINES: fix the link to the provider API README
Benjamin Kaduk (3):
Remove unused 'peer_type' from SSL_SESSION
x509_vfy: remove redundant stack allocation
RSA: avoid dereferencing possibly-NULL parameter in initializers
Daniel Bevenius (1):
EVP: fix keygen for EVP_PKEY_RSA_PSS
Disconnect3d (1):
passwd.c: use the actual ROUNDS_DEFAULT macro
Dmitry Belyavskiy (2):
DH/DHX parameter check using pkeyparam
DSA parameter check using pkeyparam
Dr. David von Oheimb (28):
obj_xref: rsassaPss must map to 'undef rsassaPss' (not 'undef rsaEncryption')
Fix rsa_pss_asn1_meth to refert to rsa_sig_info_set
check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS
OSSL_HTTP_REQ_CTX_nbio(): Revert to having state var that keeps req len still to send
Fix not backwards-compat X509_http_nbio() and X509_CRL_http_nbio()
HTTP: Fix mistakes and unclarities on maxline and max_resp_len params
HTTP: add more error detection to low-level API
Constify OSSL_HTTP_REQ_CTX_get0_mem_bio()
OSSL_HTTP_REQ_CTX.pod and OSSL_HTTP_transfer.pod: various improvements
openssl.pod: Add documentation for using the loader_attic engine
apps/cmp.c: check and exit on engine load error
test/recipes: split 81_test_cmp_cli.t, add test using -engine loader_attic
run_tests.pl: Improve diagnostics on the use of HARNESS_JOBS
Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack
x509_vfy.c: Improve coding style and comments all over the file
Add X509_STORE_CTX_verify(), which takes the first untrusted cert as default target
mknum.pl: Exclude duplicate entries and include source file name in diagnostics
x509_vfy.c: Fix various coding style and documentation style nits
x509_vfy: Clarify relevance of ctx->error also on successful verification
X509_get_pubkey_parameters(): Correct failure behavior and its use
x509_vfy.c: Sort out return values 0 vs. -1 (failure/internal error)
x509_vfy.c: Make chain_build() error diagnostics to the point
X509_STORE_CTX_get1_issuer(): Make preference on expired certs consistent with find_issuer()
X509_STORE_CTX_cleanup(): Use internally so no need to call explicitly
apps/ca.c: Make sure ext_ctx structure gets initialized
apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR
x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068
chain_build(): Call verify_cb_cert() if a preliminary error has become final
Dr. Matthias St. Pierre (6):
Add some missing committers to the AUTHORS list
Revise some renamings of NOTES and README files
Reformat some NOTES and README files
Unify the markdown links to the NOTES and README files
Add deprecation note to the README-ENGINES file
Add a skeleton README-PROVIDERS file
FdaSilvaYY (3):
include/crypto: add a few missing #pragma once directives
include/openssl: add a few missing #pragma once directives
include/internal: add a few missing #pragma once directives
Jay Satiro (1):
NOTES-WINDOWS: fix typo
Job Snijders (2):
Add some PKIX-RPKI objects
Add OID for draft-ietf-opsawg-finding-geofeeds detached CMS signature
Jon Spillett (1):
Switch to BIO_snprintf to avoid missing symbol problems on Windows
Juergen Christ (3):
Fix cipher reinit on s390x if no key is specified
Fix parameter types in sshkdf
Remove superfluous EVP_KDF_CTRL_ defines.
KOBAYASHI Ittoku (1):
Match description with actual output of dgst
Matt Caswell (38):
Ensure EC keys with a private key but without a public key can be created
Test that EC keys without a public key in them work as expected
Add a multi-thread test for shared EVP_PKEYs
Refactor RAND_get0_primary() locking
Avoid races by caching exported ciphers in the init function
Always ensure we hold ctx->lock when calling CRYPTO_get_ex_data()
Ensure access to FIPS_state and rate_limit is appropriately locked
Ensure the EVP_PKEY operation_cache is appropriately locked
Add a CI job to run the threads test with threads sanitizer on
Remove some TODO(OpenSSL1.2) references
Remove a DSA related TODO
Remove OPENSSL_NO_DH guards from libssl
Ensure default supported groups works even with no-ec and no-dh
Make supported_groups code independent of EC and DH
Stop disabling TLSv1.3 if ec and dh are disabled
Check for availability of ciphersuites at run time
Remove compile time guard checking from ssl3_get_req_cert_type
Add the nist group names as aliases for the normal TLS group names
Make sure we don't use sigalgs that are not available
Remove OPENSSL_NO_EC guards from libssl
Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg
Fix the cipher_overhead_test
Deprecate the low level SRP APIs
Deprecate the libssl level SRP APIs
Update documentation following deprecation of SRP
Run DH_check_ex() not DH_check_params_ex() when checking params
Implement EVP_PKEY_param_check_quick() and use it in libssl
Fix the dhparam_check test
Document the newly added function EVP_PKEY_param_check_quick()
Fix Null pointer deref in X509_issuer_and_serial_hash()
Test that X509_issuer_and_serial_hash doesn't crash
Refactor rsa_test
Fix the RSA_SSLV23_PADDING padding type
Fix rsa_test to properly test RSA_SSLV23_PADDING
Don't overflow the output length in EVP_CipherUpdate calls
Update CHANGES and NEWS for new release
Update copyright year
Prepare for release of 3.0 alpha 12
Nicola Tuveri (2):
[doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties
[doc/man3][OSSL_ENCODER] Move NOTES to the bottom
Oleksandr Tymoshenko (1):
Handle partial data re-sending on ktls/sendfile on FreeBSD
Pauli (21):
Fix a use after free issue when a provider context is being used and isn't cached
Fix race condition & allow operation cache to grow.
test: turn off parallel tests in verbose mode.
test: add an option to output timing information from tests.
EVP: fix reference counting for digest operations.
CI: add a non-caching CI loop
Prov: add an option to force provider fetches to not be cached.
EVP: fix reference counting for EVP_CIPHER.
test: fix no-cache problem with the quality comparison for KDFs.
changes: add a CHANGES.md entry for the OSSL_FORCE_NO_CACHE_FETCH option.
test: filter provider honours the no_cache setting.
test: add import and export key management hooks for the TLS provider.
Add a configure time option to disable the fetch cache.
Remove an unnecessary free call.
test: DRBG test with long seed.
err: generated error files
RNG seed: add get_entropy hook for seeding.
RNG test: add get_entropy hook for testing.
core: add get_entropy and clear_entropy calls to RAND
rand: update DRBGs to use the get_entropy call for seeding
doc: document the two new RAND functions
Petr Gotthard (4):
apps/openssl: add -propquery command line option
Enhanced integer parsing in OSSL_PARAM_allocate_from_text
Fix propquery handling in EVP_DigestSignInit_ex
Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client
Randall S. Becker (1):
Enable fipsload test on NonStop x86.
Rich Salz (9):
Deprecate X509_certificate_type
Deprecate EVP_MD_CTX_{set_}update_fn()
Don't make pthreads mutexes recursive.
Fetch algorithm after loading providers
Fetch alg, etc., after loading providers
Load rand state after loading providers
Process digest option after loading providers
Fetch cipher after loading providers
Allow -rand to be repeated
Richard Levitte (27):
Prepare for 3.0 alpha 12
Fix some odd names in our provider source code
PROV: Add SM2 encoders and decoders, as well as support functionality
CORE & PROV: clean away OSSL_FUNC_mac_size()
EVP: Don't find standard EVP_PKEY_METHODs automatically
EVP: Fix evp_pkey_ctx_store_cached_data() to handle provider backed EVP_PKEY_CTX
EC: Reverse the default asn1_flag in a new EC_GROUP
EVP: Make EVP_PKEY_set_params() increment the dirty count
EVP: Adapt the other EVP_PKEY_set_xxx_param() functions
EVP: Modify the checks in EVP_PKEY_{set,get}_xxx_param() functions
EVP: Adapt EVP_PKEY_{set1,get1}_encoded_public_key()
ERR: clean away everything related to _F_ macros from util/mkerr.pl
ERR: Rebuild all generated error headers and source files
Remove the old DEPRECATEDIN macros
dev/release.sh: Fix typo
EVP: use evp_pkey_copy_downgraded() in EVP_PKEY_copy_parameters()
TEST: Add an algorithm ID tester for libcrypto vs provider
DOCS: Remove the "global" dependency on writing .pod files from .pod.in
Makefile template: Allow separate generation of .pod.in -> .pod
PROV: Fix encoding of MDWithRSAEncryption signature AlgorithmID
Configuration: ensure that 'no-tests' works correctly
Use ERR_R_*_LIB instead of ERR_LIB_* as reason code for sub-libraries
DOCS: Update the internal documentation on EVP_PKEY.
Configurations/descrip.mms.tmpl: avoid enormous PIPE commands
VMS documentation fixes
TEST: Add missing initialization
Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i()
Sahana Prasad (1):
DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters
Shane Lontis (10):
Simplify the EVP_PKEY_XXX_fromdata_XX methods.
Change the ASN1 variant of x942kdf so that it can test acvp data.
Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields.
Replace provider cipher flags with separate param fields
Replace provider digest flags with separate param fields
Remove dead code in rsa_pkey_ctrl.
Add docs for ASN1_item_sign and ASN1_item_verify functions
Fix external symbols in the provider cipher implementations.
Fix external symbols in the provider digest implementations.
Fix external symbols related to provider related security checks for keys and digests.
Tomas Mraz (16):
rsa_kmgmt: Return OSSL_PKEY_PARAM_DEFAULT_DIGEST for unrestricted PSS keys
dh_cms_set_peerkey: Pad the public key to p size
Add diacritics to my name in CHANGES.md
apps/ecparam: Avoid crash when parameters fail to load
provider-signature.pod: Fix formatting.
RSA: properly generate algorithm identifier for RSA-PSS signatures
Deprecate BN_pseudo_rand() and BN_pseudo_rand_range()
CHANGES.md: Mention RSA key generation slowdown related changes
Move the PROV_R reason codes to a public header
Various cleanup of PROV_R_ reason codes
Rename internal providercommonerr.h to less mouthful proverr.h
tls_valid_group: Add missing dereference of okfortls13
ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Do not match RFC 5114 groups without q as it is significant
Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY
dsa_check: Perform simple parameter check if seed is not available
zekeevans-mf (1):
Add deep copy of propq field in mac_dupctx to avoid double free
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list