[openssl] openssl-3.0.0-alpha16 create
Matt Caswell
matt at openssl.org
Thu May 6 12:33:33 UTC 2021
The annotated tag openssl-3.0.0-alpha16 has been created
at 2777f7f3a9a447979c75d3caa14c62c4fcd11ae8 (tag)
tagging d0c041b13ad12c2c689313c607e2c001f3d5a1b7 (commit)
replaces openssl-3.0.0-alpha15
tagged by Matt Caswell
on Thu May 6 13:15:03 2021 +0100
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha16 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCT3ccRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHaOgf/Z5bHiWzyODIP6PSTRAF70dbhFUkrcktq
Y+72rP3ZPyBPiuRWkxwMihPSNbfDui48iIvRVOvKS0VipgY2gvAokJz0n6yyxhA4
1ktmHE+LpLShVII29CutvtEHocUcC8N0KiDGeuvjwn+P4oqRjWHhlgO9KEDbRDX6
1Avalq+YyDbvDFkLVokg+UZfNj/DkADNNZH/Z5iPTHC+S22Cdpujvnpg6vf+LaFD
9ZDz2oW+Fw2wsj7Yn3jawqnJWG9b5NeVVyu/u5w9x4smsjyjHLkcilYEqdaT2rAD
yBeZ4bOeHN07FIuEYS0cHRxKSmWWAks+1EaXcpWY3HKXpCB9KJy39w==
=Y3R/
-----END PGP SIGNATURE-----
Andreas Schwab (1):
Add system guessing for linux64-riscv64 target
Benjamin Kaduk (3):
Enforce secure renegotiation support by default
Correct ssl_conf logic for "legacy_server_connect"
adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
Daniel Bevenius (1):
Fix typo in OSSL_DECODER_CTX_set_input_structure
David Benjamin (1):
Add X509 version constants.
Dmitry Belyavskiy (1):
Use OCSP-specific error code for clarity
Dr. David von Oheimb (21):
apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() function
BIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc.
APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()
APPS: Improve diagnostics for string options and options expecting int >= 0
ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
TS ESS: Move four internal aux function to where they belong in crypto/ts
CMS ESS: Move four internal aux function to where they belong in crypto/cms
OCSP: Minor improvements of documentation and header file
OSSL_STORE_expect(): Improve error handling and documentation
APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
testutil/load.c: Add checks for file(name) == NULL
HTTP client: Correct the use of optional proxy URL and its documentation
test/certs/setup.sh: structural cleanup
update test/certs/ee-pathlen.pem to contain SKID and AKID
test/certs/setup.sh: Fix two glitches
cleanup where purpose is not needed in 25-test_verify.t
APPS: Slightly extend and improve documentation of the opt_ API
APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
Deprecate X509{,_CRL}_http_nbio() and simplify their definition
Dr. Matthias St. Pierre (12):
Remove obsolete comment
Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
Configure/Makefile: use the correct openssl app for FIPS installation
Configure/Makefile: correct the FIPS module configuration file path
Configure/Makefile: separate install of the FIPS module
Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
Configure/Makefile: install the fips provider if it was configured
build.info: add the Perl wrapper to build generator programs on Windows
Configure: sort the disablables alphabetically
Configure: disable fips mode by default
README-FIPS: document the installation of the FIPS provider
CHANGES: document the FIPS provider configuration and installation
EasySec (2):
change salt handling, way 1
try to document changes in salt handling for the 'enc' command
Eric Curtin (1):
Remove dated term and fixed typo anther
FdaSilvaYY (1):
ssl: fix possible ref counting fields use before init.
Hubert Kario (2):
add Changelog item for TLS1.3 FFDHE work
man: s_server: fix text repetition in -alpn description
Jon Spillett (2):
Add testing for updated cipher IV
Add library context and property query support into the PKCS12 API
Kevin Cadieux (1):
memleaktest with MSVC's AddressSanitizer
Klaas van Schelven (1):
Documentation fix for openssl-verify certificates
Matt Caswell (15):
Prepare for 3.0 alpha 16
Add a threading test for loading/unloading providers
Properly protect access to the provider flag_activated field
Store the list of activated providers in the libctx
Defer Finished MAC handling until after state transition
Test a Finished message at the wrong time results in unexpected message
Adjust dtlstest for SHA1 security level
Adjust sslapitest for SHA1 security level
Adjust ssl_test_new for SHA1 security level
Create libcrypto support for BIO_new_from_core_bio()
Add a test for the public core bio API
Document the new core BIO public API support
Update the FIPS checksums
Update copyright year
Prepare for release of 3.0 alpha 16
Niclas Rosenvik (1):
Some compilers define __STDC_VERSION__ in c++
Paul Kehrer (4):
updated pyca/cryptography submodule version
add wycheproof submodule
re-add pyca/cryptography testing
add verbosity for pyca job
Pauli (17):
Runchecker: fix no-ec2m build which was trying to validate the e2cm curves
Runchecker: fix TLS curves test failure with no-tls1_3 option
Runchecker: fix failure with no-autoalginit option by disabling FIPS
Runchecker fix for the no-autoerrinit build
test: fix test_evp_kdf when DES is disabled.
test: separate some DES based tests out to permit a no-des build to work
test: never run fipsinstall if the tests are not enabled.
runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
remove end of line whitespace
acvp: fix the no-acvp_test build
acvp-test: disable the ACVP testing code by default
test: fix failure with FIPS and no-des configured.
doc: document EVP_MAC_finalXOF()
mac: update life-cycle description and diagrams to include finalXOF
mac: allow XOF MACs to be specified either via control or via the dedicated function
mac: add EVP_MAC_finalXOF() function
coverity: fix 1478169: dereference after NULL check
Petr Gotthard (2):
apps/ca,req,x509: Switch to EVP_DigestSignInit_ex
apps: Switch to X509_REQ_verify_ex
Prcuvu (1):
e_os.h: Include wspiapi.h to improve Windows backward compatibility
Randall S. Becker (1):
Added Perl installation instructions to NOTES-PERL.md for HPE NonStop.
Rich Salz (9):
Read a REQUEST not RESPONSE in ocsp responder
Remove an unused parameter
Rename some globals, add ossl prefix.
APPS: Document the core of the opt_ API
Fetch cipher-wrap after loading providers.
Note that dhparam does support X9.42
Allow absolute paths to be set
Add .includedir pragma
Remove all trace of FIPS_mode functions
Richard Levitte (22):
Don't remove $(TARFILE) when cleaning
EVP: evp_keymgmt_util_try_import() should clean up on failed import
crypto/store/ossl_result.c: Better filtering of errors
STORE: Simplify error filtering in der2obj_decode()
TEST: correct test/recipes/30-test_evp_data/evppkey_ecdh.txt
ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
Windows bulding: Make dependency generation not quite as talkative
Configuration: rework how dependency making is handled
util/add-depends.pl: Adapt to localized /showIncludes output
STORE: Use the 'expect' param to limit the amount of decoders used
CORE: Rework the pre-population of the namemap
STORE: Fix the repeated prompting of passphrase
OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
Windows build file: add forgotten quotes on POD->html command line
Add OpenSSL::Config::Query and use it in configdata.pm
Unix build file: Add a target to create providers/fips.module.sources
FIPS module checksums: add scripts and Makefile rule
GitHub CI: ensure that unifdef is installed
[TEMPORARY] make 'make update' verbose in ci.yml
APPS: Set a default passphrase UI for the "ec" command
APPS: Add passphrase handling in the "rsa" and "dsa" commands
DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
Scott McPeak (1):
asn1_lib.c: ASN1_put_object: Remove comment about "class 0".
Shane Lontis (9):
Fixes related to separation of DH and DHX types
Doc updates for DH/DSA examples
Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
Test that we don't have a memory leak in d2i_ASN1_OBJECT.
Fix CRL app so that stdin works.
Fix memory leak in load_key_certs_crls() when using stdin.
Update OSSL_STORE_attach() documentation to indicate it increases the ref_count of the passed in bio
Fix no-fips-securitychecks test failure
Fix KMAC bounds checks.
Tanzinul Islam (1):
Avoid #include with inline function on C++Builder
Todd Short (1):
Add RUN_ONCE support to zlib init
Tomas Mraz (31):
Removed dead code in linebuffer_ctrl()
Fix potential NULL dereference in ossl_ec_key_dup()
Fix potential NULL dereference in OSSL_PARAM_get_utf8_string()
http/http_lib.c: Include stdio.h for sscanf()
test_sslextension: skip tests that cannot work with no-tls1_2
Trivial shortcuts for EVP_PKEY_eq()
Add type_name member to provided methods and use it
Prefer fetch over legacy get_digestby/get_cipherby
Skip GOST engine tests in out of tree builds
Use "canonical" names when matching the output of the commands
Improve the implementation of X509_STORE_CTX_get1_issuer()
OPENSSL_sk functions are effectively already documented
Explicitly enable or disable fips if it is or is not relevant for the test
Skip test_fipsload when fips is disabled.
crl: noout is not an output item
Add test case for openssl crl -noout -hash output
Document the API breaking constification changes
sm2: Cleanup handling of DIGEST and DIGEST_SIZE parameters
SM2 signatures work correctly only with SM3 digests
Add -latomic to threads enabled 32bit linux builds
Simplify AppVeyor configuration
coveralls: Enable fips as it is disabled by default
Run coveralls daily and not exactly at midnight
fips-checksums: The define for fips module is FIPS_MODULE
Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
Fix missing symbols in no-cms and no-ts build
Make the -inform option to be respected if possible
Update gost-engine to make it compatible with the added params
provider-storemgmt: Document the input-type and properties parameters.
Document the behavior of the -inform and related options
Add some tests for -inform/keyform enforcement
Wolf (1):
Force public key to be included unless explicitly excluded with -no_public
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list