[openssl] openssl-3.0.0-alpha10 create
Matt Caswell
matt at openssl.org
Thu Jan 7 14:07:34 UTC 2021
The annotated tag openssl-3.0.0-alpha10 has been created
at 45817feda8996f2e0812731b9b3e565d2682d694 (tag)
tagging cae118f9382c3790359b3ff050d6e01c11579a7f (commit)
replaces openssl-3.0.0-alpha9
tagged by Matt Caswell
on Thu Jan 7 13:48:21 2021 +0000
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha10 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl/3ESURHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJF8eQgAiULWDjFXQy/pgDxFDB3Z2k3KsiqEFzty
Z7ymUtQTNAyEDsxO6KRCBVPL6HeogGrNZmqD0MxS2QhW6pcAgnaqgeNwIwEYGh8Z
nSsihgXRQyos5YhEpIuVzFk1iCtugVw+zayyxAyDhVvYJ05+XX656G1ZmsgSR2Rn
GmxoH2b7sIVNapyLDPXSJHceP9fIYu0elVyHTl8PFoubKapTW+zqh0m1KLfIQ+cx
wg2Bh9sSrbV63CK0yDOvgqK1Wz1HMobNHM8+5avbzVHrF57hAKr9IrpPfaV7uXx/
bGAqiY7ppsc0nforH4szCQdseJJiMhppHs97bFaVSk2crmcDOV+6Bg==
=GxWV
-----END PGP SIGNATURE-----
Ankita Shetty (4):
cmp_client.c: Remove dead code of variable 'txt' in cert_response()
cmp_client.c: Fix indentation and remove empty line
openssl.pod: Carve out Trusted Certificate, Pass Phrase, Name Format, and Format Options
openssl.pod: Fix openSSL options doc
Ard Biesheuvel (1):
aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode
Benjamin Kaduk (1):
Fix comment in do_dtls1_write()
Daiki Ueno (1):
openssl dgst: add option to specify output length for XOF
Daniel Bevenius (2):
EVP: don't touch the lock for evp_pkey_downgrade
STORE: clear err after ossl_store_get0_loader_int
David CARLIER (1):
Mac M1 setting change proposal.
David Carlier (2):
CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region.
Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap call level.
David von Oheimb (1):
openssl.pod: Move verification doc to new doc/man1/openssl-verification-options.pod
Dmitry Belyavskiy (8):
OPENSSL_NO_GOST has nothing to do with low-level algos
Deprecate -cipher-commands and -digest-commands options
Skip unavailable digests and ciphers in -*-commands
Documenting the options deprecating
Documenting the options deprecating in CHANGES.md
Skip tests depending on deprecated list -*-commands options
Fetch provided algorithm once per benchmark
Fix doc-nits for list command
Dr. David von Oheimb (42):
asn1t.h: Improve comments documenting ASN1_ITYPE_... and the 'funcs' field
X509_dup: fix copying of libctx and propq using new ASN1_OP_DUP_POST cb operation
endecode_test.c: Significant speedup in generating DH and DHX keys
remove obsolete test/drbg_extra_test.h
remove obsolete test/drbg_cavs_data.h
test cleanup: move helper .c and .h files to test/helpers/
endecode_test.c: Add warning that 512-bit DH key size is for testing only
apps/pkcs12.c: Correct default legacy algs and make related doc consistent
apps/pkcs12.c: Improve user guidance, re-ordering no-export vs. export options
x509_vfy.c: Restore rejection of expired trusted (root) certificate
appveyor.yml: Let 'nmake' run by defaut silently (/S), using MAKEVERBOSE like .travis.yml
appveyor.yml: Let 'nmake' do builds in parallel on all CPU cores
.travis.yml: Do some build (gcc) runs in parallel (-j4)
ci.yml: Add 'perl configdata.pm --dump' to each config
ci.yml: Let 'make' run silently (-s) with build (gcc) runs in parallel (-j4)
appveyor.yml: Move printing of env variables such that locally defined ones are shown as well.
encode_key2any.c: Fix build error on OPENSSL_NO_DH and OPENSSL_NO_EC
encode_key2text.c: Fix build error on OPENSSL_NO_{DH,DSA,EC}
fuzz/server.c: Fix build error on OPENSSL_NO_{DSA,EC,DEPECATED_3_0}
apps/speed.c: Fix build errors on OPENSSL_NO_{RSA,DSA,EC,DEPECATED_3_0}
endecode_test.c: Fix build errors on OPENSSL_NO_{DH,DSA,EC,EC2M}
evp_pkey_dparams_test.c: Fix build error on OPENSSL_NO_{DH,DSA,EC}
apps/speed.c: Rename misleading 'rsa_count' variable to 'op_count'
{.travis,ci,appveyor}.yml: Make minimal config consistent, add no-deprecated no-ec no-ktls no-siv
apps/verify:c: Enable output of multiple verification errors due to -x509_strict
x509_vfy.c: Improve comments (correcting typos etc.)
test/certs/setup.sh: Fix two glitches
find-doc-nits: fix regexp and point out that CA.pl and tsget.pod are special
Use adapted test_get_libctx() for simpler test setup and better error reporting
apps/req.c: Improve diagnostics on multiple/overriding X.509 extensions defined via -reqext option
x509v3_config.pod: Clarify semantics of subjectKeyIdentifier and authorityKeyIdentifier
apps/{req,x509,ca}.c: Clean up code setting X.509 cert version v3
apps/{req,x509,ca}.c: Cleanup: move shared X509{,_REQ,_CRL} code to apps/lib/apps.c
apps/x509.c: Factor out common aspects of X509 signing
openssl-ca.pod.in: Clarify the -extensions/-crlexts options vs. x509_extensions/crl_extensions
X509V3_EXT_add_nconf_sk(): Improve description and use of 'sk' arg, which may be NULL
v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks
openssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on short input
apps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix multiple instances
apps/cmp.c: Fix bug on -path option introduced in commit 3c9d6266ed85
apps/cmp.c: Correct -keyform option range w.r.t engine
Update copyright years of auto-generated headers (make update)
Etienne Millon (2):
EVP_SIGNATURE-ED25519.pod: fix typo in algo name
28-seclevel.cnf.in: fix typo in algo name
Fangming.Fang (1):
Read MIDR_EL1 system register on aarch64
Ingo Schwarze (1):
Fix NULL pointer access caused by X509_ATTRIBUTE_create()
J08nY (1):
README: Move Travis link to .com from .org.
John Baldwin (4):
Allow zero-byte writes to be reported as success.
Collapse two identical if statements into a single body.
Use CRIOGET to fetch a crypto descriptor when present.
Support session information on FreeBSD.
Kelvin Lee (1):
Fix simpledynamic.c - a typo and missed a header
Liang Liu (1):
[DOC]Fix two broken links in INSTALL.md; Change name of zlib flag to the current one.
Matt Caswell (56):
Prepare for 3.0 alpha 10
Fix no-posix-io
Deprecate DH_new as well as i2d_DHparams and d2i_DHparams
Deprecate functions for getting and setting DH values in an EVP_PKEY
Deprecate EVP_PKEY_assign_DH and other similar macros
Deprecate the DHparams and DHxparams PEM routines
Remove fuzzing of deprecated functions in a no-deprecated build
Don't test a deprecated function in a no-deprecated build
Deprecate more DH functions
Convert DH deprecations to the new way of deprecating functions
Updates the CHANGES.md entry regarding DH deprecation
Remove d2i_DHparams.pod and move documentation to d2i_RSAPrivateKey.pod
Fix no-engine
Fix instances of pointer addition with the NULL pointer
Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT
Fix builds that specify both no-dh and no-ec
Don't Overflow when printing Thawte Strong Extranet Version
Fix a compile error with the no-sock option
Fix no-dtls
Fix no-dsa
DirectoryString is a CHOICE type and therefore uses explicit tagging
Correctly compare EdiPartyName in GENERAL_NAME_cmp()
Check that multi-strings/CHOICE types don't use implicit tagging
Complain if we are attempting to encode with an invalid ASN.1 template
Add a test for GENERAL_NAME_cmp
Add a test for encoding/decoding using an invalid ASN.1 Template
Update CHANGES and NEWS for new release
Fix a test failure with no-tls1_3
Fix a compilation failure with no-tls_1_2
Fix no-err
Modify is_tls13_capable() to take account of the servername cb
Test that we can negotiate TLSv1.3 if we have an SNI callback
Don't use no-asm in the Github CIs
Skip evp_test cases where we need the legacy prov and its not available
Fix sslapitest.c if built with no-legacy
Don't use legacy provider if not available in test_ssl_old
Don't load the legacy provider in endecoder_legacy_test
Skip testing ciphers in the legacy provider if no legacy
Don't load the legacy provider if not available in test_enc_more
Don't load the legacy provider in test_evp_libctx unnecessarily
Don't use the legacy provider in test_store if its not available
Don't run a legacy specific PKCS12 test if no legacy provider
Skip cms tests using RC2 if no legacy provider
Fix some typos in EVP_PKEY-DH.pod
Fix no-threads
Move the caching of cipher constants into evp_cipher_from_dispatch
Cache Digest constants
Optimise OPENSSL_init_crypto to not need a lock when loading config
Don't call EVP_CIPHER_CTX_block_size() to find the block size
Add some more CRYPTO_atomic functions
Optimise OPENSSL_init_crypto
Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
Add a test for the new CRYPTO_atomic_* functions
Only perform special TLS handling if TLS has been configured
Update copyright year
Prepare for release of 3.0 alpha 10
Nan Xiao (1):
Fix typo in OPENSSL_malloc.pod
Nirbheek Chauhan (2):
crypto/win: Don't use disallowed APIs on UWP
win-onecore: Build with /APPCONTAINER for UWP compat
Pauli (19):
Print random seed on test failure.
remove unused return value assignments
remove unused assignments
remove unused initialisations
tag unused function arguments as ossl_unused
rand: add a provider side seed source.
Fix error clash in build
rand seed: include lock and unlock functions.
rand: don't leak memory
rand: allow seed-src to be missing
params: allow more variations in integer conversions.
params: add integer conversion test cases.
test: print OPENSSL_TEST_RAND_ORDER=x when a randomised test fails.
test: document the random test ordering env variable
dsa: documentation deprecation changes
dsa: fuzzer deprecation changes
dsa: apps deprecation changes
dsa: provider and library deprecation changes
dsa: add additional deprecated functions to CHANGES entry.
Petr Gotthard (1):
Fix OSSL_PARAM creation in OSSL_STORE_open_ex
Rich Salz (3):
Deprecate OCSP_REQ_CTX_set1_req
Document OCSP_REQ_CTX_i2d.
Check non-option arguments
Richard Levitte (80):
APPS: Make it possible for apps to set the base (fallback) UI_METHOD
APPS: Modify apps/cmp.c to use set_base_ui_method() for its -batch option
ERR: Restore the similarity of ERR_print_error_cb() and ERR_error_string_n()
TEST: Adapt test/errtest for the 'no-err' configuration
EVP_PKEY & DSA: Make DSA EVP_PKEY_CTX parameter ctrls / setters more available
ERR: Drop or deprecate dangerous or overly confusing functions
ERR: drop err_delete_thread_state() TODO marker
TEST: Fix path length in test/ossl_store_test.c
RSA: correct digestinfo_ripemd160_der[]
TEST: Break out the local dynamic loading code from shlibloadtest.c
TEST: Add a simple module loader, and test the FIPS module with it
ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY()
Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY()
APPS: Add OSSL_STORE loader for engine keys
APPS: Adapt load_key() and load_pubkey() for the engine: loader
Add test to demonstrate the app's new engine key loading
Switch deprecation method for AES
Switch deprecation method for ASN.1
Switch deprecation method for BIO
Switch deprecation method for Blowfish
Switch deprecation method for BIGNUM
Switch deprecation method for Camellia
Switch deprecation method for CAST
Switch deprecation method for CMAC
Switch deprecation method for CONF
Switch deprecation method for CRYPTO
Switch deprecation method for DES
Switch deprecation method for ENGINE
Switch deprecation method for ERR
Switch deprecation method for EVP
Switch deprecation method for HMAC
Switch deprecation method for IDEA
Switch deprecation method for MD2
Switch deprecation method for MD4
Switch deprecation method for MD5
Switch deprecation method for MDC2
Switch deprecation method for PKCS#12
Switch deprecation method for RAND
Switch deprecation method for RC2
Switch deprecation method for RC4
Switch deprecation method for RC5
Switch deprecation method for RIPEMD
Switch deprecation method for SEED
Switch deprecation method for SHA
Switch deprecation method for SRP
Switch deprecation method for SSL
Switch deprecation method for OSSL_STORE
Switch deprecation method for Whirlpool
Switch deprecation method for X.509
DSA: Make DSA_bits() and DSA_size() check that there are key parameters
EVP: Adjust EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()
PEM: Add a more generic way to implement PEM _ex functions for libctx
providers/common/der/build.info: Improve checks of disabled algos
EVP: constify the EVP_PKEY_get_*_param() argument |pkey|
EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkey
TLS: Use EVP_PKEY_get_group_name() to get the group name
DOCS: Update OSSL_DECODER_CTX_new_by_EVP_PKEY.pod to match declarations
DOCS: Improve documentation of the EVP_PKEY type
Building: Fix the library file names for MSVC builds to include multilib
PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4'
Remove unnecessary guards around MSBLOB and PVK readers and writers
APPS: Correct the output structure for public keys in 'openssl rsa'
TEST: Fix test/recipes/15-test_rsa.t
PROV: Add MSBLOB and PVK encoders
EVP_PKEY & DSA: move dsa_ctrl.c to be included only on libcrypto
EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available
Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
Add necessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
DECODER EVP_PKEY: Don't store all the EVP_KEYMGMTs
MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key
DECODER: Adjust the library context of keys in our decoders
CORE: Separate OSSL_PROVIDER activation from OSSL_PROVIDER reference
EVP: Fix memory leak in EVP_PKEY_CTX_dup()
GitHub CI: Add 'check-update' and 'check-docs'
make update
TEST: Fix test/endecode_test.c for 'no-legacy'
Fix 'no-deprecated'
GitHub CI: Separate no-deprecated job from minimal job
Drop OPENSSL_NO_RSA everywhere
Sebastian Andrzej Siewior (1):
Configurations: PowerPC is big endian
Shane Lontis (16):
Fix EVP_CIPHER_CTX_set_padding for legacy path
Fix no-deprecated configuration
Fix s390 EDDSA HW support in providers.
Add EVP_KDF-X942 to the fips module
Fix X509 propq so it does not use references
Fix x509_crl propq so that it uses a copy
fix x509_PUBKEY propq so that it uses a copy
Fix EVP_PKEY_CTX propq so that it uses a copy
Fix ecdsa digest setting code to match dsa.
Fix dsa & rsa signature dupctx() so that ctx->propq is strduped
Change OPENSSL_hexstr2buf_ex() & OPENSSL_buf2hexstr_ex() to pass the separator
Deprecate EC_POINT_bn2point and EC_POINT_point2bn.
Add validate method to ECX keymanager
Add fips self tests for all included kdf
Fix Segfault in EVP_PKEY_CTX_dup when the ctx has an undefined operation.
Change AES-CTS modes CS2 and CS3 to also be inside the fips module.
Tim Hudson (1):
Correct system guessing for darwin64-arm64 target
Tomas Mraz (6):
EVP_DigestFinalXOF must not reset the EVP_MD_CTX
Add test for no reset after DigestFinal_ex and DigestFinalXOF
Fix regression in EVP_DigestInit_ex: crash when called with NULL type
Documentation improvements for EVP_DigestInit_ex and related functions
v3nametest: Make the gennames structure static
Github CI: run also on repository pushes
bazmoz (1):
Updated SSL_CTX_new doc
ihsinme (1):
Update bio_ok.c
jwalch (1):
Restore v2i_AUTHORITY_INFO_ACCESS() behavior
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list