[openssl] openssl-3.0.0-alpha16 create

Matt Caswell matt at openssl.org
Thu May 6 12:33:33 UTC 2021

The annotated tag openssl-3.0.0-alpha16 has been created
        at  2777f7f3a9a447979c75d3caa14c62c4fcd11ae8 (tag)
   tagging  d0c041b13ad12c2c689313c607e2c001f3d5a1b7 (commit)
  replaces  openssl-3.0.0-alpha15
 tagged by  Matt Caswell
        on  Thu May 6 13:15:03 2021 +0100

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha16 release tag


Andreas Schwab (1):
      Add system guessing for linux64-riscv64 target

Benjamin Kaduk (3):
      Enforce secure renegotiation support by default
      Correct ssl_conf logic for "legacy_server_connect"
      adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change

Daniel Bevenius (1):
      Fix typo in OSSL_DECODER_CTX_set_input_structure

David Benjamin (1):
      Add X509 version constants.

Dmitry Belyavskiy (1):
      Use OCSP-specific error code for clarity

Dr. David von Oheimb (21):
      apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() function
      BIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc.
      APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()
      APPS: Improve diagnostics for string options and options expecting int >= 0
      ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
      TS ESS: Move four internal aux function to where they belong in crypto/ts
      CMS ESS: Move four internal aux function to where they belong in crypto/cms
      OCSP: Minor improvements of documentation and header file
      OSSL_STORE_expect(): Improve error handling and documentation
      APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
      OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
      BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
      testutil/load.c: Add checks for file(name) == NULL
      HTTP client: Correct the use of optional proxy URL and its documentation
      test/certs/setup.sh: structural cleanup
      update test/certs/ee-pathlen.pem to contain SKID and AKID
      test/certs/setup.sh: Fix two glitches
      cleanup where purpose is not needed in 25-test_verify.t
      APPS: Slightly extend and improve documentation of the opt_ API
      APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
      Deprecate X509{,_CRL}_http_nbio() and simplify their definition

Dr. Matthias St. Pierre (12):
      Remove obsolete comment
      Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
      Configure/Makefile: use the correct openssl app for FIPS installation
      Configure/Makefile: correct the FIPS module configuration file path
      Configure/Makefile: separate install of the FIPS module
      Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
      Configure/Makefile: install the fips provider if it was configured
      build.info: add the Perl wrapper to build generator programs on Windows
      Configure: sort the disablables alphabetically
      Configure: disable fips mode by default
      README-FIPS: document the installation of the FIPS provider
      CHANGES: document the FIPS provider configuration and installation

EasySec (2):
      change salt handling, way 1
      try to document changes in salt handling for the 'enc' command

Eric Curtin (1):
      Remove dated term and fixed typo anther

FdaSilvaYY (1):
      ssl:  fix possible ref counting fields use before init.

Hubert Kario (2):
      add Changelog item for TLS1.3 FFDHE work
      man: s_server: fix text repetition in -alpn description

Jon Spillett (2):
      Add testing for updated cipher IV
      Add library context and property query support into the PKCS12 API

Kevin Cadieux (1):
      memleaktest with MSVC's AddressSanitizer

Klaas van Schelven (1):
      Documentation fix for openssl-verify certificates

Matt Caswell (15):
      Prepare for 3.0 alpha 16
      Add a threading test for loading/unloading providers
      Properly protect access to the provider flag_activated field
      Store the list of activated providers in the libctx
      Defer Finished MAC handling until after state transition
      Test a Finished message at the wrong time results in unexpected message
      Adjust dtlstest for SHA1 security level
      Adjust sslapitest for SHA1 security level
      Adjust ssl_test_new for SHA1 security level
      Create libcrypto support for BIO_new_from_core_bio()
      Add a test for the public core bio API
      Document the new core BIO public API support
      Update the FIPS checksums
      Update copyright year
      Prepare for release of 3.0 alpha 16

Niclas Rosenvik (1):
      Some compilers define __STDC_VERSION__ in c++

Paul Kehrer (4):
      updated pyca/cryptography submodule version
      add wycheproof submodule
      re-add pyca/cryptography testing
      add verbosity for pyca job

Pauli (17):
      Runchecker: fix no-ec2m build which was trying to validate the e2cm curves
      Runchecker: fix TLS curves test failure with no-tls1_3 option
      Runchecker: fix failure with no-autoalginit option by disabling FIPS
      Runchecker fix for the no-autoerrinit build
      test: fix test_evp_kdf when DES is disabled.
      test: separate some DES based tests out to permit a no-des build to work
      test: never run fipsinstall if the tests are not enabled.
      runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
      remove end of line whitespace
      acvp: fix the no-acvp_test build
      acvp-test: disable the ACVP testing code by default
      test: fix failure with FIPS and no-des configured.
      doc: document EVP_MAC_finalXOF()
      mac: update life-cycle description and diagrams to include finalXOF
      mac: allow XOF MACs to be specified either via control or via the dedicated function
      mac: add EVP_MAC_finalXOF() function
      coverity: fix 1478169: dereference after NULL check

Petr Gotthard (2):
      apps/ca,req,x509: Switch to EVP_DigestSignInit_ex
      apps: Switch to X509_REQ_verify_ex

Prcuvu (1):
      e_os.h: Include wspiapi.h to improve Windows backward compatibility

Randall S. Becker (1):
      Added Perl installation instructions to NOTES-PERL.md for HPE NonStop.

Rich Salz (9):
      Read a REQUEST not RESPONSE in ocsp responder
      Remove an unused parameter
      Rename some globals, add ossl prefix.
      APPS: Document the core of the opt_ API
      Fetch cipher-wrap after loading providers.
      Note that dhparam does support X9.42
      Allow absolute paths to be set
      Add .includedir pragma
      Remove all trace of FIPS_mode functions

Richard Levitte (22):
      Don't remove $(TARFILE) when cleaning
      EVP: evp_keymgmt_util_try_import() should clean up on failed import
      crypto/store/ossl_result.c: Better filtering of errors
      STORE: Simplify error filtering in der2obj_decode()
      TEST: correct test/recipes/30-test_evp_data/evppkey_ecdh.txt
      ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
      Windows bulding: Make dependency generation not quite as talkative
      Configuration: rework how dependency making is handled
      util/add-depends.pl: Adapt to localized /showIncludes output
      STORE: Use the 'expect' param to limit the amount of decoders used
      CORE: Rework the pre-population of the namemap
      STORE: Fix the repeated prompting of passphrase
      OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
      Windows build file: add forgotten quotes on POD->html command line
      Add OpenSSL::Config::Query and use it in configdata.pm
      Unix build file: Add a target to create providers/fips.module.sources
      FIPS module checksums: add scripts and Makefile rule
      GitHub CI: ensure that unifdef is installed
      [TEMPORARY] make 'make update' verbose in ci.yml
      APPS: Set a default passphrase UI for the "ec" command
      APPS: Add passphrase handling in the "rsa" and "dsa" commands
      DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs

Scott McPeak (1):
      asn1_lib.c: ASN1_put_object: Remove comment about "class 0".

Shane Lontis (9):
      Fixes related to separation of DH and DHX types
      Doc updates for DH/DSA examples
      Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
      Test that we don't have a memory leak in d2i_ASN1_OBJECT.
      Fix CRL app so that stdin works.
      Fix memory leak in load_key_certs_crls() when using stdin.
      Update OSSL_STORE_attach() documentation to indicate it increases the ref_count of the passed in bio
      Fix no-fips-securitychecks test failure
      Fix KMAC bounds checks.

Tanzinul Islam (1):
      Avoid #include with inline function on C++Builder

Todd Short (1):
      Add RUN_ONCE support to zlib init

Tomas Mraz (31):
      Removed dead code in linebuffer_ctrl()
      Fix potential NULL dereference in ossl_ec_key_dup()
      Fix potential NULL dereference in OSSL_PARAM_get_utf8_string()
      http/http_lib.c: Include stdio.h for sscanf()
      test_sslextension: skip tests that cannot work with no-tls1_2
      Trivial shortcuts for EVP_PKEY_eq()
      Add type_name member to provided methods and use it
      Prefer fetch over legacy get_digestby/get_cipherby
      Skip GOST engine tests in out of tree builds
      Use "canonical" names when matching the output of the commands
      Improve the implementation of X509_STORE_CTX_get1_issuer()
      OPENSSL_sk functions are effectively already documented
      Explicitly enable or disable fips if it is or is not relevant for the test
      Skip test_fipsload when fips is disabled.
      crl: noout is not an output item
      Add test case for openssl crl -noout -hash output
      Document the API breaking constification changes
      sm2: Cleanup handling of DIGEST and DIGEST_SIZE parameters
      SM2 signatures work correctly only with SM3 digests
      Add -latomic to threads enabled 32bit linux builds
      Simplify AppVeyor configuration
      coveralls: Enable fips as it is disabled by default
      Run coveralls daily and not exactly at midnight
      fips-checksums: The define for fips module is FIPS_MODULE
      Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
      Fix missing symbols in no-cms and no-ts build
      Make the -inform option to be respected if possible
      Update gost-engine to make it compatible with the added params
      provider-storemgmt: Document the input-type and properties parameters.
      Document the behavior of the -inform and related options
      Add some tests for -inform/keyform enforcement

Wolf (1):
      Force public key to be included unless explicitly excluded with -no_public


More information about the openssl-commits mailing list