[openssl] openssl-3.0.0-beta1 create
Matt Caswell
matt at openssl.org
Thu Jun 17 13:19:47 UTC 2021
The annotated tag openssl-3.0.0-beta1 has been created
at 61b205da30e5ce7ff9a1c5de96d9056d91bf44a2 (tag)
tagging f9bfdc3aa979eb32d4b8341999473f2ad202d889 (commit)
replaces openssl-3.0.0-alpha17
tagged by Matt Caswell
on Thu Jun 17 14:03:43 2021 +0100
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-beta1 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmDLSC8RHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJGhmwgAopTANH5YxJu/dkq7E3oUj6l7It0qLYK+
3It6R41Kk7jbDh8JauNTXMHaEN30rKEHrkvYZvTy3mcBNyF15qgueQTdQatdz4KR
gTYvWmwo1DDux9ocqUXkDIaBLRxz8iyLzBA4O/kg0r6uWmupHzC1LYAwBrjJjM6G
QFG6UT74x9tNU8W7woeSz7ehgPNy2aJc7aUTduGMmXSdqCBSzDVj8MMZrrAVv4oV
gSZtbmwlJDSE80TFkhz0MRlDX9D26uqRyyGVn2+jtQPEBGsCIo6St5Vy1yg4LAM3
xiCOZqqEMZCp54m/WaU/f7zckiMJpZZ5uT82mAtmldh4xolmLNsRCw==
=0Jvr
-----END PGP SIGNATURE-----
Amitay Isaacs (1):
ec: Add PPC64 vector assembly version of p521 field operations
Arran Cudbard-Bell (1):
Enable ssl-trace by default
Benjamin Kaduk (1):
Allow TLS13_AD_MISSING_EXTENSION for older versions
Bernd Edlinger (1):
Add AES consttime code for no-asm configurations
Daniel Bevenius (1):
Add aix64-gcc-as architecture and p2align callback
David Makepeace (1):
Fix doc typos.
Dmitry Belyavskiy (4):
HMAC doesn't work with a default digest
Cleanup the peer point formats on regotiation
Disabling Encrypt-then-MAC extension in s_client/s_server
Correct processing of AES-SHA stitched ciphers
Dr. David von Oheimb (62):
apps/cmp.c: Move CMP server code portion to separate function
CMP test server: move apps/{,lib/}cmp_mock_srv.c and apps/{,include/}cmp_mock_srv.h
find-doc-nits: Minor improvements of help and diagnostic output
find-doc-nits: Add -m option allowing to select on which of man1,man3,man5,man7 to focus on
find-doc-nits: Check that man1 SYNOPSIS and OPTIONS contain same options
DOC: Fix nits found by new check on SYNOPSIS and OPTIONS consistency
util/find-doc-nits: Improve helpstr pattern matching
check-format.pl: Add check for constant left of comparison operator
check-format.pl: Report needless intermediate multiple SPC only on -e or --extra-spc
check-format.pl: Fix false positive "no SPC before binary '*'" for '!*'
check-format.pl: Fix false positive on struct/union/enum in func return type
check-format.pl: Replace 'SPC' and 'spc' by 'space' in reports and option names
check-format.pl: Allow extra space before end-of-line comments unless -e|--eol-cmt given
check-format.pl: Rename 'one-letter' to 'single-letter', do not report 'l'
check-format.pl: Rename '*-cmt' options '*-comment'
APPS: Allow non-option parameters appear anywhere in list, marking them OPT_PARAM
APPS: Allow duplicate entries in options list, marking them OPT_DUP
apps/cms: Clean up order of options in help output and documentation
EVP_DigestSignInit.pod: Clarification in EVP_DigestSignFinal() parameter 'sig'
BIO_s_accept.pod: Document port auto-selection feature of BIO_set_accept_port()
apps/cms: Simplify handling of encerts; add warning if they are ignored
apps/cms.c: Correct -sign output and -verify input with -binary
80-test_cmp_http: Invert and correct the logic of success vs. failure exit
Add warning to key/param generating apps on potential delay due to missing entropy
Remove tmp file smcont.signed_ that was used for debuggin PR #15347
DOC: Improve description of 'req' app: -new, -newkey, and -keyout options
APPS req: Extend the -keyout option to be respected also with -key
TEST: Prefer using precomputed RSA and DH keys for more efficient tests
apps/lib/s_socket.c and 80-test_cmp_http.t: Make ACCEPT port reporting more robust
DOC: Slightly improve the documentation of BIO_lookup() and related functions
apps/ocsp: Allow -port 0
BIO_s_accept.pod: Add missing documentation for BIO_{get,set}_accept_ip_family()
BIO acpt_state(): Allow retrying addresses (e.g., using IPv6 vs. IPv4) on creating accept socket
ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t
80-test_cms.t: Replace use of ee-self-signed.pem by more suitable smrsa1.pem
CI windows.yml: Silence 'nmake' builds except 'minimal'; ci.yml: make 'minimal' build verbose
80-test_cmp_http.t: Improve comparison on server_port variable
80-test_http.t: Rename to 79-test_http.t, add basic HTTP server ACCEPT test
BIO_write-ex(): Improve behavior in corner cases and documentation
x509_trs.c: rename to x509_trust.c and correct comment in trust_compat()
x509_vfy.c: Improve a couple of internally documenting comments
X509_STORE_CTX_new.pod and x509_vfy.h.in: rename some params for clarity, improve their doc
Improve the documentation of cert path building and validation
x509.h.in: extended 'documenting' comment on X509_TRUST_OK_ANY_EKU
Move trust-related decls from x509.h.in to x509_vfy.h.in
80-test_cmp_http.t: Simplify and prevent hangs on server not launching/behaving correctly
80-test_cmp_http.t: Improve the way the test server is launched and killed
25-test_verify.t: Prevent expiration of test case 'Name constraints bad othername name constraint'
test/certs/mkcert.sh: Correct description of geneealt parameters
25-test_verify.t: Add test case: accept trusted self-signed EE cert with key usage keyCertSign also when strict
HTTP client: Fix GET request handling when rctx is reused (keep-alive)
Rename OSSL_HTTP_set_request() to OSSL_HTTP_set1_request() for clarity
d2i_X509: revert calling X509v3_cache_extensions()
ASN1: rename asn1_par.c to asn1_parse.c for clarity; simplify asn1_parse2()
BIO: prevent crash on NULL BIO for prefix_ctrl() and thus for BIO_set_prefix(), BIO_set_indent(), etc.
fuzz/asn1parse.c: Clean up non-portable code and catch malloc failure
BIO_dum_indent_cb(): Fix handling of cb return value
BIO: Make source file names in crypto/bio/ consistent
BIO_write_ex(): Make handing of BIO b == NULL and dlen == 0 less redundant
ASN1_parse_dump(): allow NULL BIO input, to simplify applications not needing output
X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default
HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c
FdaSilvaYY (1):
Use rd instead rmdir
Florian Mickler (3):
openssl ca: make index.txt parsing error more verbose
openssl ocsp: make index.txt parsing error more verbose
openssl srp: make index.txt parsing error more verbose
Hubert Kario (1):
s_server: make -rev option easier to find (mention echo)
Jan Lana (2):
fix Solaris OS detection in config.pm
Update solaris64-sparcv9-cc build target cflags
Jean-Philippe Boivin (1):
Properly restore XMM registers in ChaCha20's AVX-512(VL) assembly
Jon Spillett (13):
Add PBKDF1 to the legacy provider
Added PKCS5_PBE_keyivgen_ex() to allow PBKDF1 algorithms to be fetched for a specific library context
Add a test for PKCS5_PBE_keyivgen()
Add an evp_libctx_test test run for legacy provider
Add special case to skip RC4 reinit
Fixes #14103 & #14102. Update AES demos with error handling and EVP fetch
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers
Fix up encoder/decoder issues caused by not passing a library context to the PKCS8 encrypt/decrypt
Pass library context and property query into private key decoders
Fix up bad libcrypto.num
Disable tracing within the FIPS module
Add enable-fips to CI configuration
80-test_cmp_http.t: Re-enable CMP tests for AIX, removing some inessential test cases
Juergen Christ (4):
Fix warning in gf_serialize
Fix compilation warning with GCC11.
Fix CipherInit on s390x.
Test EVP_CipherInit sequences and resets
Larkin Nickle (1):
Fix compilation on systems with empty _POSIX_TIMERS
Lars Immisch (1):
Use getauxval on Android with API level > 18
Martin Schwenke (3):
perlasm/ppc-xlate.pl: Handle rewriting of vector registers
ec: Rename reference p521 field operations and use them via macros
ec: Add run time code selection for p521 field operations
Matt Caswell (48):
Prepare for 3.0 beta 1
Add ordinal numbers to the .num files
Clean up the "fips" option to Configure
Cleanup the missing*.txt files
Fix a memleak in the FIPS provider
Remove some perl 5.14 use from rsaz-avx512.pl
Don't try the same decoder multiple times
Ignore the threadstest_fips executable
Special case SM2 when decoding
Update check_sig_alg_match() to work with provided keys
Teach EVP_PKEYs to say whether they were decoded from explicit params
Fix cert creation in the store
Teach ASN1_item_verify_ctx() how to handle provided keys
Only call dtls1_start_timer() once
Check that we got the expected name type when verifying name constraints
Test a bad SmtpUTF8Mailbox name constraint
Provide the ability to create an X509_PUBKEY with a libctx/propq
Fix evp_extra_test to use libctx in an X509_PUBKEY
Teach the ASN.1 code how to create embedded objects with libctx/propq
Teach more of the ASN.1 code about libctx/propq
Use the new ASN.1 libctx aware functions in CMS
Use the new ASN.1 libctx aware capabilities in CMP
Make sure X509_dup() also dup's any associated EVP_PKEY
Give ASN.1 objects the ability to report their libctx/propq
Ensure libctx/propq is propagated when handling X509_REQ
Add documentation for newly added ASN1 functions
Fix generate_ssl_tests.pl
Fix the expected output of printing certificates
Fix CTLOG_new_from_base64_ex()
Use the right class/tag when decoding an embedded key
Ensure that we consume all the data when decoding an SPKI
Only use the legacy route to decode a public key if we have to
Just look for "Unable to load Public Key" if no SM2
Actually use a legacy route in pem_read_bio_key_legacy()
Mark some priv/public key paris as only available in the default provider
Use the fips-and-base.cnf config file in CMP tests
Simplify error reporting in X509_PUBKEY_get0()
Correctly detect decode errors when checking if a key is supported
Add a generic SubjectPublicKeyInfo decoder
Avoid excessive OSSL_DECODER_do_all_provided calls
Add various OBJ functions as callbacks
Add a test for the newly added OBJ upcalls
Add documentation for the newly added OBJ up calls
Clean up the encoder/decoder/loader stores before providers
Add a test for fetching various non-evp objects
Update copyright year
make update
Prepare for release of 3.0 beta 1
Pauli (140):
property: convert integers to strings properly.
doc: move images into their own subdirectory
doc: rereference img locations into subdirectory
doc: process images when installing
configure: build list of image files
configurations: update template makefiles to install documentation images
test: add test case to reliably reproduce RAND leak during POST
core: condition out more in FIPS builds
test: fix typo in comment in threadstest.c
doc: update core_thread_start() documentation
fips: default to running self tests when starting the fips provider
doc: document the MAC block size getter
test: add evp_tests for the MAC size and block size
mac: add a getter for the MAC block size.
checksum: include header files in the checksumming output
regenerate FIPS checksums
err: rename err_load_xxx_strings_int functions
rsa: special case the strengths of RSA with 7680 and 15360 bits
test: update RSA test with current bit strengths
bn: rename bn_check_prime_int -> ossl_bn_check_primt
bn: rename extract_multiplier_2x20_win5 -> ossl_extract_multiplier_2x20_win5
aes: rename new bsaes_ symbols -> ossl_bsaes_ ones
rsa: rename global rsaz_ sumbols so they are in namespace
rsa: remove the limit on the maximum key strength
rsa: check that the RNG is capable of producing a key of the specified size
errors: update error message (to be squashed)
test: test genrsa in deprecated builds
test: add test for key generation strength > RNG strength
test: test MP genrsa in deprecated builds
coverity 1484913: Null pointer dereferences (REVERSE_INULL)
coverity 1484912: Null pointer dereferences (NULL_RETURNS)
doc: document the strength arugments to the RNG functions
rand: add a strength argument to the BN and RAND RNG calls
test: add zero strenght arguments to BN and RAND RNG calls
ssl: add zero strenght arguments to BN and RAND RNG calls
prov: add zero strenght arguments to BN and RAND RNG calls
add zero strenght arguments to BN and RAND RNG calls
fips: set the library context and handle later
ppc: fix ambiguous if if else statement
sparc: fix cross compile build
add some cross compilation builds
rand: use size_t for size argument to RAND_bytes_ex()
ssl: ass size_t to RAND_bytes_ex()
crypto: updates to pass size_t to RAND_bytes_ex()
req: fix Coverity 1485137 Explicit null dereference
apps: remove TODOs
fuzz: remove TODOs
test: remove TODOs
tls: remove TODOs
providers: remove TODOs
asn.1: remove TODOs
bio: remove TODOs
x509: remove TODOs
cmp: remove TODOs
cms: remove TODOs
comp: remove TODOs
crmf: remove TODOs
ct: remove TODOs
ocsp: remove TODOs
pem: remove TODOs
store: remove TODOs
rsa: remove TODOs
bn: remove TODOs
dso: remove TODOs
ec: remove TODOs
err: remove TODOs
evp: remove TODOs
http: remove TODOs
crypto: remove TODOs
utils: remove TODO
doc: move XXX_get_number() documentation to internal
add internal get_number functons to crypto/evp.h
Add internal get_number functions to internal headers
doc: make XXX_get_number() internal
libcrypto: make XXX_get_number() internal
doc: fix OSSL_(EN|DE)CODER_get0_name function names
store: include internal header
list: update to not use XXX_get_number() calls
util: update FIPS checksumming script to be more aggressive with whitespace
update checksums
rsa: make the maximum key strength check FIPS only.
req: detect a bad choice of digest early
Rename `n` field to `num_properties` in property definition structure.
property: improve ossl_property_find_property() function
property: move additional query functions to property_query.c
doc: update Graphviz images to have a transparent background
doc: update generated image files
life-cycles: update digest state table
doc: add digest lifecycle diagram
doc: add digest life cycle documentation
doc: add references to digest life cycle documentation
doc: remove empty section
doc-nits: support out of source execution
doc: improve the cipher life cycle diagram
doc: add cipher life cycle documentation
doc: add references to cipher life cycle documentation
doc: add build info for cipher life cycle documentation
doc: build changes for PKEY life cycle documentation
doc: add PKEY life cycle documentation
bio: improve error checking fixing coverity 1485659 & 1485665
fix coverity 1485660 improper use of negative value
afalg: fix coverity 1485661 improper use of negative value
evp: fix improper use of negative value issues
evp: fix coverity 1485666 argument cannot be negative
pkcs12: fix Coverity 1485667 logically dead code
evp: fix Coverity 1485668 argument cannot be negative
evp: fix Coverity 1485669 improper use of negative value
evp: fix Coverity 1485670 argument cannot be negative
evp: avoid some calls to EVP_CIPHER_CTX_get_iv_length() because it's been called already
keymgmt: better detect when a key manager can be reused
sha: convert SHA one shot macros back to being functions
changes: fix woring that mentions SHA* one shot functions are deprecated
util: convert SHA* one shots back to being functions
err: clear flags better when clearing errors.
ci: run the on pull request CIs on push to master
spkac: allow digests other than MD5 to be used for signing
spkac: document -digest option
test: add SPKAC command test
add libctx and property query to fetch functions
fipsinstall: use the app's libctx and property query when searching for algorithms
kdf: use the app's libctx and property query when searching for algorithms
list: use the app's libctx and property query when searching for algorithms
speed: use the app's libctx and property query when searching for algorithms
pkcs12: use the app's libctx and property query when searching for algorithms
speed: make sure to free any allocated EVP_MAC structures
apps: move global libctx and property query into their own file
cms: fix coverity 1485981: unchecked return value
cms: free PKEY_CTX
remove end of line whitespace
new: update NEWS.md so it is correct.
new: update NEWS.md so it is correct.
doc: finish the provider child up call documentation
Include a local static buffer for the SHA helper functions
test: add test cases for SHAxxx helper functions
doc: document the various get_cipher functions in the commands lib.
apps: limit get_cipher() to not return AEAD or XTS ciphers
apps: use get_cipher_any() instead of get_cipher() for commands that support these ciphers/modes
apps: remove AEAD/mode checks that are now redundant
prov: tag SM2 encoders and decoders as non-FIPS
gost: remove the internal GOST test.
Petr Gotthard (3):
Fix building of test/pbetest.c
Fix memory leak in OSSL_CMP_CTX
doc: fix OSSL_PARAM_BLD pointers in the example
Rich Salz (14):
Remove engine_table_select_int
Use <> for #include openssl/xxx
Use "" for include internal/xxx
Use "" for include crypto/xxx
Rework and make DEBUG macros consistent.
Fix issues found by md-nits
Make undef'd counts zero by default.
Make conf_method_st and conf_st deprecated
Add NCONF_get0_libctx()
Add md-nits task
Remove I_CAN_LIVE_WITH_LNK4049
Move AllowClientRenegotiation tests
Remove "-immedate_renegotiation" option
Always wait for both threads to finish
Richard Levitte (75):
VMS: Copy __DECC_INCLUDE_{PROLOGUE,EPILOGUE}.H to more places
PROV: Relegate most of the FIPS provider code to libfips.a
DOCS: Fixups of the migration guide and the FIPS module manual
VMS: don't use app_malloc() in apps/lib/vms_decc_argv.c
Include "internal/numbers.h" in test programs using SIZE_MAX
test/params_conversion_test.c: fix the use of strtoumax and strtoimax on VMS
Configurations/descrip.mms.tmpl: rework the inclusion hacks
VMS: Fix run of generic generator programs in descrip.mms.tmpl
Make it possible to disable the loader_attic engine
Disable loader_attic by default on VMS
TEST: Avoid using just 'example.com' - test_cmp_http
DOCS: Don't mention internal functions in public documentation
Fix 'openssl req' to be able to use provided keytypes
Rework how providers/fipsmodule.cnf is produced
Build file templates: rework how general dependencies are computed
Build file templates: rework FIPS module installation
TEST: Add test specific fipsmodule.cnf, and use it
util/fix-doc-nits: Fix link detection in collectnames() to be kinder
configdata.pm: Allow extra arguments when --query is given.
Make providers/fips.module.sources.new depend on configdata.pm
Rearrange the check of providers/fips.so dependencies
make update-fips-checksums
Add the usual autowarn perl snippet in providers/common/der/*.in
Add .asn1 dependencies for files generated from providers/common/der/*.in
Configure: variable expand GENERATE values too
providers/common/der/build.info: make a variable for ../include/prov
util/mknum.pl: Really allow unset ordinals in development
Restore all the ? in util/libcrypto.num
Deprecate EVP_CIPHER_impl_ctx_size and EVP_CIPHER_CTX_buf_noconst
FIPS: don't include crypto/passphrase.c in libfips.a
make update-fips-checksums
property: Add functionality to query data from a property definition
DECODER: use property definitions instead of getting implementation parameters
PROV: drop get_params() and gettable_params() from all decoder implementations
ENCODER: Drop OSSL_ENCODER_PARAM_INPUT_TYPE
ENCODER: use property definitions instead of getting implementation parameters
PROV: drop get_params() and gettable_params() from all encoder implementatio
test/recipes/80-test_cmp_http.t: Simplify test_cmp_http()
test/recipes/80-test_cmp_http.t: Don't trust $server_port in start_mock_server()
OpenSSL::Test.pm: Replace all uses of rel2abs() with abs_path()
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8
DECODER: Adapt addition of extra decoder implementations
DECODER & ENCODER: Add better tracing
APPS: Restore the possibility to combine -pubout with -text
OpenSSL::Test: Treat SRCDATA directory specially, as it might not exist
OpenSSL::Test: If __cwd() is to create the directory, do it early
STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functions
apps/lib/s_socket.c: Alias getpid with _getpid for _WIN32
Clean away remaining Travis related files
Configure: Allow spaces around '=' in all build.info statements
Building: Add necessary dependencies for linker scripts and .rc files
Windows Github CI: test in Windows 2016 as well
Windows GitHub CI: Introduce --strict-warnings
APPS: Remove an unreachable statement in s_client.c
CORE: Move away the allocation of the temporary no_cache method store
Add the internal function ossl_method_store_do_all()
Refactor OSSL_DECODER_do_all_provided() to behave like OSSL_DECODER_fetch()
Refactor OSSL_ENCODER_do_all_provided() to behave like OSSL_ENCODER_fetch()
Refactor evp_generic_do_all() to behave like evp_generic_fetch()
Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all()
DECODER & ENCODER: Add better tracing
test/evp_extra_test.c: Peek at the error instead of getting it.
Refactor OSSL_STORE_LOADER_do_all_provided() to behave like OSSL_STORE_LOADER_fetch()
TEST: Make test/recipes/01-test_symbol_presence.t more platform agnostic
TEST: Display the correct shared library name
TEST: Skip test/recipes/01-test_symbol_presence.t on MacOS
CORE: Do a bit of cleanup of core fetching
VMS build: drop a spurious debug print
Configuration: Fix incorrect $unified_info{attributes} references
Build file templates: Fix in2script dependencies
TEST: Change 'catdir' to 'catfile' when dealing with files, in run_tests.pl
DSO: Fix the VMS DSO name converter to actually do something
Fix small typo in test/recipes/05-test_pbe.t
Fix exit code for VMS in util/wrap.pl and test/run_tests.pl
test/recipes/80-test_cmp_http.t: Kill the mock server brutally
Robbie Harwood (2):
Fix upgrading docs for RSA_private_encrypt/RSA_public_decrypt
Update krb5 module and re-enable pkinit tests
Shane Lontis (29):
Rename the field 'provctx and data' to 'algctx' inside some objects containing pointers to provider size algorithm contexts.
Add fipsinstall option to run self test KATS on module load
Fix buffer overflow when generating large RSA keys in FIPS mode.
Add demo for EC keygen
Fix spelling mistake in d2i_PrivateKey.pod
Fix PKCS12_create() so that a fetch error is not added to the error stack.
EVP_CIPHER Documentation updates
Add Docs for EVP_CIPHER-*
Add missing EVP_CTRL_CCM_SET_L control
Fix incorrect OSSL_CIPHER_PARAM_SPEED get_ctx_params
Fix incorrect gettable OSSL_CIPHER_PARAM_TLS_MAC parameter
Fix intermittent CI failure in evp_kdf_test for non_caching build.
Fix PKCS7_verify to not have an error stack if it succeeds.
Fix aes cfb1 so that it can operate in bit mode.
Fix param indentation in ciphercommon_hw.c
Document Settable EVP_CIPHER_CTX parameter "use-bits"
Migration guide updates for flags and controls.
Fix error stack for some fetch calls.
Move provider der_XXX.h.in files to the include directory.
Fix errors found by parfait static analyser.
Document missing EC/SM2 params
Add a gettable for provider ciphers to return the EVP_CIPH_RAND_KEY flag
Fix AIX FIPS DEP.
Fix s_server app to not report an error when using a non DH certificate.
Fix DH/DHX named groups to not overwrite the private key length.
Add missing NULL check in OSSL_DECODER_from_bio().
Add missing migration_guide API mappings.
Fix DH private key check.
Add self test for ECDSA using curve with a binary field
Sven Schwermer (2):
mkerr: Fix string literal conversion
ERR: Rebuild generated engine error files
Tianjia Zhang (1):
apps: Fix the mismatch of SM2 keys keymgmt
Todd Short (3):
Call SSLfatal when the generate_ticket_cb returns 0
Optimize session cache flushing
Fix FIPS provider value in docs
Tom Cosgrove (2):
Fix -static builds on master
Initialise OPENSSL_armcap_P to 0 before setting it based on capabilities, not after
Tomas Mraz (47):
pem_read_bio_key_legacy: Do not obscure real error if there is one
Exchange no-siv and no-ec2m between daily and ci workflows
FIPS label CI: Save PR number and use it
apps: Cleanup useless bio_open_default() calls for key input
Add some basic Windows builds to the Windows CI workflow
Windows CI: use nasm on 32bit and 64bit shared builds
Windows CI: Add make install step on the shared 64 bit build
Windows CI: properly drop test_fuzz* tests to speed up things
FIPS checksums CI: use merge checkout to compute the new checksums
Do not try to install image directories with no images
write-man-symlinks: Write relative symlinks not absolute
Fix possible infinite loop in pem_read_bio_key_decoder()
Add negative test cases for PEM_read_bio_PrivateKey
OSSL_DECODER_from_bio: Report an unsupported error when there is none
Deprecate old style BIO callback calls
generate_fips_sources: properly include providers/common/der/*.in
FIPS Checksums CI: use separate directories for the checkouts
FIPS Checksums: checkout the head of the base repo as pristine
Rename all getters to use get/get0 in name
Rename also the OSSL_PROVIDER_name() function
Add documentation of the old names kept as alias macros
Fix enable-fips builds on Windows
Windows CI: enable fips on shared 64 bit build
Make the 00-prep_*.t recipe truly mandatory
Add NCONF_get_section_names()
ed25519 and ed448: fix incorrect OSSL_PKEY_PARAM_MAX_SIZE
OPENSSL_init_crypto must return 0 when cleanup was done
openssl spkac: Fix reading SPKAC data from stdin
req: fix default bits handling for -newkey
Move libssl related defines used by fips provider to prov_ssl.h
Update fips checksums to drop the ssl headers
Elimination of some sources not needed in the FIPS_MODULE
X509_digest_sig: Handle RSA-PSS and EDDSA certificates
EVP_PKEY_new_raw_private_key: Allow zero length keys
Fix use after free in OSSL_HTTP_REQ_CTX_set1_req()
store: Avoid spurious error from decoding at EOF
ossl_provider_set_module_path: Prevent potential UAF
dl_name_converter: Avoid unnecessary overallocation
Document that provider name can be a full path
Windows CI: Enable fuzz test in plain build
BIO_write_ex: No error only on 0 bytes to write
fuzz/asn1parse: Use BIO_s_mem() as fallback output
Do not depend on the exact exit failure value of dgst app
Avoid duplicating prov_running.o in libdefault and libcrypto
Add -latomic only for architectures where needed
Do not duplicate symbols between libcrypto and libssl in static builds
When linking to static libssl always link to static libcrypto
Tommy Chiang (1):
Fix typo about SSL_CONF_FLAG_CMDLINE
Trev Larock (1):
Modify ssl_handshake_hash to call SSLfatal
William Edmisten (1):
Add support for ISO 8601 datetime format
bonniegong (1):
Check the return value of ASN1_STRING_length
jwalch (1):
Fix OCSP_sendreq_nbio arg order
yuechen-chen (1):
Add an EVP demo for signatures using EC
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list