[openssl] openssl-3.0.0-alpha13 create
Matt Caswell
matt at openssl.org
Thu Mar 11 14:04:37 UTC 2021
The annotated tag openssl-3.0.0-alpha13 has been created
at 534f796a081450da2bcab4d889dacef51cf13c3a (tag)
tagging 88df2c0b3d6162971304c06a240deb9320c9ae67 (commit)
replaces openssl-3.0.0-alpha12
tagged by Matt Caswell
on Thu Mar 11 13:47:13 2021 +0000
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha13 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmBKH2ERHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHhTggApIG8kTYo1+cmY6ju554WAwPrvGraob7T
/V89xCAV/173BZo9YiJQ3CIYAkqbArrWiEvtzKq/ydSSPmUv3fw7d6LGCjaMr/nB
xgnyxQWlYalZImVB5jasRYE2jUUPI0EMcBZqMRxfgXjnQ+gGDWQRt+9lv40fnbad
62YSI5GbIsNqH1U3+P8I7r8kPhA8tKErmX3IDtMAF6JRthp2N4dSzahGT3NLzp35
X9mu/nhzfZAzSTzjW4xSfoK+OIyeRz1kZyC+1rL+zmadWOt/juPk0JOQoPjYnU8v
qP+RakyNNIeTywoKDNo2oJ+DVMRIHt4JCQ0YdTG2IC5KN37e0wzDvw==
=wvd0
-----END PGP SIGNATURE-----
Alistair Francis (1):
Fixup support for io_pgetevents_time64 syscall
Armin Fuerst (1):
fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined
Arthur Gautier (1):
EVP_KDF-KB man page: Fix typo in the example code
Benjamin Kaduk (5):
Remove disabled TLS 1.3 ciphers from the SSL(_CTX)
Check ASN1_item_ndef_i2d() return value.
Add test for EC pubkey export/import
test_ecpub: verify returned length after encoding
test_ecpub: test that we can decode the DER we encoded
Chenglong Zhang (1):
Fix speed sm2 bug
Daniel Bevenius (1):
Fix typo in comment in DH_set0_pqg function
Dmitry Belyavskiy (2):
Restore GOST macros compatibility with 1.1.1
Non-const accessor to legacy keys
Dr. David von Oheimb (24):
Add internal X509_add_certs_new(), which simplifies matters
Rename internal X509_add_cert_new() to ossl_x509_add_cert_new()
81-test_cmp_cli_data: fixup on CSR test cases
CMP: Fix total_timeout behavior; small doc and diagnostic improvements
Handle NULL result of ERR_reason_error_string() in some apps
Code cleanup mostly in crypto/x509/v3_purp.c
apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently
apps/x509.c: Improve indentation of the large print loop in x509_main()
apps/x509.c: Improve print_name() and coding style of large print loop in x509_main()
apps/x509.c: Fix mem leaks in processing of -next_serial in print loop
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components
Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url()
CMP: On NULL-DN subject or issuer input omit field in cert template
openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate'
OSSL_STORE: restore diagnostics on decrypt error; provide password hints
crypto/ocsp/ocsp_cl.c: coding style improvements
OCSP_resp_find_status.pod: Complete the RETURN VALUES section
Make more use of X509_add_certs(); minor related code & comments cleanup
Simplify OCSP_sendreq_bio()
http_local.h: Remove unused declaration of HTTP_sendreq_bio()
HTTP: Fix BIO_mem_d2i() on NULL mem input
apps/x509.c: Rename -signkey to -key for consistency with the req app
http_test.c: Fix minor Coverity issue CID 1473608
cmp_hdr.c: Fix minor Coverity issue CID 1473605
Fangming.Fang (1):
Fix compiling error on arm
Georg Höllrigl (1):
rfc2606 compliant example domains for x509v3_config.pod
John Baldwin (1):
Correct the return value of BIO_get_ktls_*().
Mark (1):
Fix filename escaping in c_rehash
Matt Caswell (27):
Prepare for 3.0 alpha 13
Don't forget the type of thing we are loading
Pass the object type and data structure from the pem2der decoder
Suppress errors about undocumented asn1_d2i_read_bio
Document OPENSSL_LH_flush()
Add documentation for the macro OPENSSL_VERSION_PREREQ
Document the OSSL_PARAM_DEFN macro
Note that the OSSL_CORE_MAKE_FUNC macro is reserved
Fix no-tests on mingw
Duplicate the file and func error strings
Test errors from a provider can still be accessed after unload
Don't hold a lock when calling a callback in ossl_namemap_doall_names
Add a test for a names_do_all function
Fix a copy&paste error in evp_extra_test
Add a multi thread test for downgrading keys
Avoid a null pointer deref on a malloc failure
Cache legacy keys instead of downgrading them
Ensure the various legacy key EVP_PKEY getters/setters are deprecated
Document the change in behaviour of the the low level key getters/setters
Make the EVP_PKEY_get0* functions have a const return type
Fix the check for suitable groups and TLSv1.3
Add a missing CHANGES.md entry for the legacy provider
Add a CHANGES for OSSL_STORE_INFO_get_type()
Expand the CHANGES entry for SHA1 and libssl
Mention the change of licence in NEWS.md
Update copyright year
Prepare for release of 3.0 alpha 13
Paul Nelson (1):
Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo
Pauli (88):
doc: remove notes section in OSSL_ENCODER.pod
RAND_METHOD deprecation: documentation
RAND_METHOD deprecation: tests
RAND_METHOD deprecation: fuzzer
RAND_METHOD deprecation: code changes
rand: allow lock/unlock functions to be absent
rand: add DRBG/seed setting functions
test: add framework for generic fake random number generator
test: make the DRBG test work without RAND_METHOD support.
test: update tests to use the fake random number generator
provider: add option to load a provider without disabling the fallbacks.
changes: note the deprecation of RAND_METHOD APIs
rand: note that locking needs to be explicitly enabled.
provider: add an unquery function to allow providers to clean up.
prov: update digests to support modified ctx params
core: update digest gettable/settable ctx params calls
modify EVP to support digest gettable/settable calls
doc: note changes to digest gettable/settable provider calls
doc: note changes to rand gettable/settable provider call
prov: update RNGs to support modified gettable/settable CTX params
core: update RNG gettable/settable ctx param calls
evp: support modified gettable/settable ctx calls for RNGs
doc: changes to match the updated context gettable/settable calls
evp: support modified gettable/settable ctx calls for KDFs
core: support modified gettable/settable ctx calls for KDFs
prov: support modified gettable/settable ctx calls for KDFs
prov: support modified gettable/settable ctx calls for MACs
core: core: support modified gettable/settable ctx calls for MACs
doc: changes to match the updated context gettable/settable calls for MACs
evp: support modified gettable/settable ctx calls for MACs
prov: upport modified gettable/settable ctx calls for ciphers
evp: upport modified gettable/settable ctx calls for ciphers
changes to match the updated context gettable/settable calls for ciphers
core: support modified gettable/settable ctx calls for ciphers
test: add ctx gettable/settable to the generic fake random number generator
fuzzer: add ctx gettable/settable to the fuzzer RNG
siphash: Add the C and D round parameters for SipHash.
prov: update SipHash to new init function
prov kdf: update to use the extra MAC init arguments
apps: update fipsinstall to work with additional MAC_init arguments
apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments.
apps: updates for the new additional MAC_init arguments
crmf: updates for the new additional MAC_init arguments
evp: updates for the new additional MAC_init arguments
tls: updates for the new additional MAC_init arguments
evp_test: updates for the new additional MAC_init arguments
test: updates for the new additional MAC_init arguments
core: update to use the extra MAC init arguments
fips: update to use the extra MAC init arguments
prov: update provider util to be less agressive about changing things unnecessarily
prov: use new MAC_init arguments in signature legacy code
prov: use new MAC_init arguments in HMAC-DRBG
prov: update cmac to have additional init arguments
prov: update gmac to have additional init arguments
prov: update hmac to have additional init arguments
prov: update kmac to have additional init arguments
update BLAKE2 to have additional init arguments
update poly1305 to have additional init arguments
doc: note the additional parameters to EVP_MAC_init()
apps: update speed to use the additional arguments to MAC_init
doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call
doc: update provider-mac documentation to account for the additional init() arguments
core: add param argument to KDF derive call
evp: add param argument to KDF derive call
test: adjust tests to include extra argument to KDF derive call
tls: adjust for extra argument to KDF derive call
prov: add extra params argument to KDF implementations
apps: add addition argument to KDF derive call
crypto: add additional argument to KDF derive calls
fips: add additional argument to KDF derive call in self test
prov: add additional argument to KDF derive call in key exchange
doc: document additional argument to KDF derive calls
evp: add params argument to EVP_RAND_instantiate()
fips: update DRBG KATs for the extra instantiate argument
prov: update rand implementations to have a params argument for the instantiate call
test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs
doc: update documenation with params argument on DRBG instantiate calls
core: add params argument to DRBG instantiate call
rand: use params argument on instantiate call
test: update test_random to create real contexts instead of sharing one
test: update ECDSA and SM2 internal tests in line with the fake_random change
test: add utility function to set the fake random callback on both the public and private instances
test: use the new set public and private together call
rand: remove FIPS mode conditional code.
doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type.
Add a real type for OSSL_CORE_BIO which is distinct from and not castable to BIO
core: add up_ref callback for OSSL_CORE_BIO
test: convert store test to use relative paths
Pedro Monreal (1):
Fix reason code: EVP_R_OPERATON_NOT_INITIALIZED
Petr Gotthard (1):
Fix -pkeyopt handling in apps/pkeyutl -rawin
Rich Salz (1):
Remove RSA SSLv23 padding mode
Richard Levitte (42):
OSSL_PARAM: Correct the assumptions on the UTF8 string length
Adjust the few places where the string length was confused
DECODER: Use the data structure from the last decoder to select the next
DECODER: Add better tracing of the chain walking process
util/perl/OpenSSL/config.pm: Fix determine_compiler_settings()
util/perl/OpenSSL/config.pm: Add VMS specific C compiler settings
EVP: Implement EVP_PKEY_CTX_is_a()
EVP: Make evp_pkey_ctx_state() available to all of EVP
EVP: make evp_pkey_is_assigned() usable in the FIPS module
EVP: Implement data-driven translation between known ctrl and OSSL_PARAMs
EVP: Make evp_pkey_ctx_{set,get}_params_strict() legacy aware
EVP: Adapt diverse OSSL_PARAM setters and getters
EVP: Adapt the EVP_PKEY_CTX ctrl functions
EVP: Adapt the DH specific EVP_PKEY_CTX setter / getter functions
EVP: Adapt the RSA specific EVP_PKEY_CTX setter / getter functions
EVP: Make checks in evp_pkey_ctx_store_cached_data() more restricted
EVP: Adapt the EC_KEY specific EVP_PKEY_CTX setter / getter functions
Generate doc/build.info with 'make update' rather than on the fly
make update
appveyor.yml: clarify conditions for building the plain configuration
make update
X509: Refactor X509_PUBKEY processing to include provider side keys
Allow the sshkdf type to be passed as a single character
Fix OSSL_PARAM_allocate_from_text() for OSSL_PARAM_UTF8_STRING
Fix string termination and length setting in OSSL_PARAM_BLD_push_utf8_string()
Makefile: Only update doc/build.info when there's an actual change
Modify i2d_PublicKey() so it can get an EC public key as a blob
PROV: Implement an EC key -> blob encoder, to get the public key
crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length
make update
DOCS: Fix provider-mac.pod and the docs of our implementations
build.info: Add the possibility to add dependencies on raw targets
build.info: Make it possible to use compiled programs as generators
Make 'tests' depend on a generated 'providers/fipsmodule.cnf'
APPS: Modify 'fipsinstall' to output all notifications on stderr
TEST: Remove the build of fipsmodule.cnf from test recipes
Fix the perl code to get FIPSMODULENAME
Add a new test recipe to verify the generated test fipsmodule.cnf
test/threadstest.c: Add a test to load providers concurrently
Make ossl_provider_disable_fallback_loading() thread safe
Make provider provider_init thread safe, and flag checking/setting too
DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod
Shane Lontis (15):
Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys).
Fix DH ASN1 decode so that it detects named groups.
Fix merge problem in d2i_PrivateKey_ex
Fix external symbols for cms.
Fix external symbols for pkcs7.
Add EVP_PKEY_public_check_quick.
Add back in legacy paths for d2i_PrivateKey/d2i_AutoPrivateKey.
Fix external symbols for bn
Fix external symbols related to dh keys
Fix external symbols related to dsa keys
Fix external symbols related to ec & sm2 keys
Fix NULL access in ssl_build_cert_chain() when ctx is NULL.
Reword repeated words.
Add new filter BIO BIO_f_readbuffer()
Use BIO_f_readbuffer() in the decoder to support stdin.
Tobias Nießen (1):
crypto: rename error flags in internal structures
Tomas Mraz (45):
Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
speed: Drop code to handle platforms without SIGALRM
speed: Adapt digests and hmac to always use non-deprecated APIs
speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsa
speed: Drop deprecated <ALG>_options() calls
Use strcasecmp when comparing kdf_type
Remove inclusion of unnecessary header files
Fix missing EOL at the end of the rsa/build.info
Cleanup of some of the EVP_PKEY_CTX_ctrl related TODOs
Ensure that the fake rand is initialized
fake_random: Do not overwrite the callback on instatiation
evp_extra_test: Do not manipulate providers in default context
tests: Always print errors before test verdict
evp_pkey_provided_test: Improve diagnostic output
evp_extra_test: Remove TODO comment as setting the curve is mandatory
evp_extra_test2: Remove TODO 3.0
test_ssl_new: X448, X25519, and EdDSA are supported with fips
statem_lib.c: Remove TODOs that are unnecessary
Resolve TODOs in signature implementations.
Remove todos in providers/implementations/include/prov
Remove unused MAX_TLS_MAC_SIZE define
Improve error reporting in key exchange provider implementations
Remove todos in decode_der2key.c and decode_ms2key.c
EVP_PKEY_CTX_get/settable_params: pass provider operation context
ossl_rsa_sp800_56b_check_public: Be more lenient with small keys
test/x509: Test for issuer being overwritten when printing.
include/internal: Remove TODOs that are irrelevant for 3.0
include/crypto: Remove TODOs that are irrelevant for 3.0
crypto/ppccap.c: Remove useless TODO 3.0
crypto/param_build_set.c: Remove irrelevant TODO 3.0
Remove some of the TODO 3.0 in crypto/evp related to legacy support.
do_sigver_init: Remove fallback for missing provider implementations.
ecx_set_priv_key: Remove TODO 3.0 related to setting libctx
bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module
ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt
CI: add job with external tests
gost_engine test: Run also perl and tcl tests
gost_engine test: further cleanups and fixes
CI external test: for now run only the krb5 and gost_engine tests
CI external tests: separate each external test into its own phase
apps/pkcs12: Properly detect MAC setup failure
apps/pkcs12: Detect missing PKCS12KDF support on import
apps/pkcs12: Allow continuing on absent mac
Change default algorithms in PKCS12_create() and PKCS12_set_mac()
Fix formatting error of HISTORY section in some manual pages.
UndefBehavior (1):
Fix build of /dev/crypto engine with no-dynamic-engine option
Vincent Drake (1):
Use read/write locking on Windows
Zhang Jinde (1):
CRYPTO_gcm128_decrypt: fix mac or tag calculation
georg-x (1):
Various improvements of doc/man5/x509v3_config.pod
jwalch (2):
-Wunused-function cleanup
Fix an integer overflow in o_time.c
panda (1):
Check SSL_set1_chain error in set_cert_cb
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list