[openssl] openssl-3.0.0-alpha17 create

Matt Caswell matt at openssl.org
Thu May 20 13:43:25 UTC 2021

The annotated tag openssl-3.0.0-alpha17 has been created
        at  183c3af650bd7a05c810a951a44bd7718480d7d5 (tag)
   tagging  036f8e71e39a9005cf55cd1f832dd7aafc06ae84 (commit)
  replaces  openssl-3.0.0-alpha16
 tagged by  Matt Caswell
        on  Thu May 20 14:30:22 2021 +0100

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha17 release tag


Ben Avison (1):
      ARM assembly pack: translate bit-sliced AES implementation to AArch64

Benjamin Kaduk (14):
      tasn_dec: use do/while around statement macros
      Improve RFC 8446 PSK key exchange mode compliance
      make update
      Don't send key_share for PSK-only key exchange
      Update expected results for tls13kexmodes tests
      apps: improve hygeine for SET_EXPECT macro
      Promote SSL_get_negotiated_group() for non-TLSv1.3
      Regenerate testsid.pem
      Extend SSL_get_negotiated_group() tests for TLS 1.2
      move group lists out of test_key_exchange() in preparation for reuse
      Add extensive test coverage for SSL_get_negotiated_group()
      Let SSL_new_session_ticket() enter init immediately
      Test new SSL_new_session_ticket() functionality
      Update SSL_new_session_ticket() manual for triggered send

Daniel Bevenius (3):
      Clarify two comments (typos) in fipsprov.c
      Clarify where dispatch functions/ids are defined
      Mark pop/clear error stack in der2key_decode_p8

David CARLIER (1):
      armcap: fix Mac M1 SHA512 support.

David Carlier (1):
      BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true

Dmitry Belyavskiy (4):
      Avoid sending alerts after shutdown
      Tests for creating req from PKCS8 keys with extra attrs
      Enumerating the legacy provider's cipher algorithms
      clarification about the DES status

Dr. David von Oheimb (50):
      DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
      Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
      Crypto: Add deprecation compatibility declarations for SHA* message digest functions
      ssl.h.in: Fix deprecation exclusion for SRP-related declarations
      80-test_cmp_http.t: Improve fuzzing exclusion pattern
      Add convenience functions and macros for asymmetric key generation
      Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
      80-test_cmp_http.t: Improve fuzzing exclusion pattern - fixup!
      Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()
      HTTP client: Minimal changes that include the improved API
      EVP_PKEY-X25519.pod: Correct EVP_PKEY_Q_keygen function name in example
      Makefile: Simplify use of run_tests
      Makefile: Make sure providers/fipsmodule.cnf is re-built also for run_tests
      http_client.c: Fix inconsistency w.r.t. type of max_resp_len
      HTTP client: Rename 'maxline' parameter to 'buf_size' for clarity
      OSSL_CMP_SRV_process_request(): Log any error queue entries on response
      cmp_server.c: Improve transaction management and logging
      HTTP test server: Improve connection management and logging
      CMP test server: Extend error reporting on cert rejected for revocation
      OSSL_HTTP_REQ_CTX_add1_headers(): Fix use with host == NULL (relative URLs)
      HTTP: Implement persistent connections (keep-alive)
      OSSL_HTTP_get(): Do not close connection if redirect to same server
      OSSL_HTTP_transfer(): Fix error reporting in case rctx->server is NULL
      HTTP client API: Generalize to arbitrary request and response contents
      HTTP client: Allow streaming of request data (for POST method)
      HTTP client: Allow streaming of response data (with possibly indefinite length)
      http_client.c: Rename internal fields and functions for consistency
      apps/ocsp: Add -proxy and -no_proxy options
      apps/s_server: Add -proxy and -no_proxy options
      find-doc-nits: Make -c option (cmd-nits) independent of app build and execution
      openssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strong
      ci.yml: Add cmd-nits to the doc-nits CI run
      DOC: Fix nits found by improved find-doc-nits -c
      Move ossl_sleep() to e_os.h and use it in apps
      bio_lib: Add BIO_get_line, correct doc of BIO_gets
      Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary input
      apps/cms.c: Make -sign and -verify handle binary input
      apps/cms.c: Simplify make_receipt_request() and load_content_info(()
      CMS_get0_SignerInfos(): Prevent spurious error on cms_get0_signed() failure
      unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits
      find-doc-nits -c: Fix handling in case expected helpstr is not found
      apps/list: Remove obsolete -missing-help option
      80-test_cms.t: Disable new tests for binary input in Windows
      X509 build_chain(): Restrict scope of 'self_signed' variable
      X509 build_chain(): Rename variable 'depth' to 'max_depth'
      X509 build_chain(): Make the variable 'curr' local to the loop body
      X509 build_chain(): Fix two potential memory leaks on issuer variable
      X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure
      danetest.c: Improve code formatting

EasySec (2):
      use LHASH_OF(TYPE) macro to make the example consistent with the declaration in ssl.h
      find-doc-nits fix courtesy Rich Salz

Jake Cooke (1):
      Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw

Job Snijders (1):
      Add OID for RPKI id-ct-signedChecklist

Jon Spillett (2):
      Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
      Fixes #14662. Return all EC parameters even for named curves

Juergen Christ (1):
      Fix provider library build wrt. AES

Martin Schwenke (1):
      bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication

Matt Caswell (33):
      Prepare for 3.0 alpha 17
      Only load the config file into the default libctx if necessary
      Add the ability for ex_data to have a priority
      Add the concept of a child OSSL_LIB_CTX
      Modify the legacy provider to use OSSL_LIB_CTX_new_child()
      Add a test for OSSL_LIB_CTX_new_child()
      Register callbacks with core for child provider creation/deletion
      Add a test to check that child provider callbacks are working
      Add support for child provider to up_ref/free their parent
      Don't convert pre-existing providers into children
      Add additional testing of child libctx/providers
      Update documentation following addition of OSSL_LIB_CTX_new_child()
      Exclude child provider code from the FIPS module
      Update FIPS checksums
      property: add test case for setting default user properties before fetching
      Fix a memleak on an error path in the pkcs12 test helpers
      Init the child providers immediately on creation of the child libctx
      Load the default provider into the p_test provider later
      Add a CHANGES entry for fully pluggable groups
      Fix a use-after-free in the child provider code
      Better error messages if there are no encoders/decoders/store loaders
      Implement the ability to convert a PROPERTY_LIST to a string
      Add a test for converting a property list to a string
      Add a callback for providers to know about global properties changes
      Test that properties are mirrored as we expect
      Documentation updates for mirroring of global properties
      Ensure mirroring of properties works for subsequent updates
      Update documentation for global properties mirroring
      Create symlinks when installing man pages
      Refer to the migration guide rather than the wiki in our announcements
      Update copyright year
      make update
      Prepare for release of 3.0 alpha 17

Michael Richardson (1):
      reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case

Nicola Tuveri (1):
      FIPS checksums update

Pauli (44):
      changes: add note about application output formatting differences.
      provider: flush the store cache when providers are loaded/unloaded.
      test: add a provider load/unload cache flush test.
      doc: document the new ossl_provider_clear_all_operation_bits() function
      provider: use a read lock when looking for a provider
      FIPS checksum update
      apps: add mac, cipher and digest arguments to the kdf applet.
      apps: remove initial newline from mac output
      apps/mac: avoid need for two ^D when using stdin from a terminal
      apps/mac: Add digest and cipher command line options
      checksum fix
      Reduce the runtime/output from the gmdiff test
      coverity: fix 1484539 resource leak
      coverity: fix 1484540 resource leak
      coverity: fix 1484542 dereference after null check
      evp: fix return code check.
      Checksum update
      coveralls: fix comment to indicate daily not weekly
      Run-checker converted to GitHub Actions
      property: create property names more eagerly.
      Checksum update
      doc: document the encoder and decoder name functions
      encoder: add a _name() function for encoders and decoders
      apps: change list command to only list fetchable algorithms.
      apps: make list -help not continue with listing
      test: fix thread test config file problem
      e_loader_attic: fix a use after free issue
      x509: fix a dangling pointer
      doc: remove references to undepreciated commands being deprecated.
      mac: improve MAC documentation (Poly 1305 key reuse, nomenclature)
      doc: document all functions in provider-base(7)
      ci: remove the checksum CI script
      test: conditionally exclude unused code for no-tls1.2 build
      apps: clean up the http server code
      provider: fix coverity 1484884: uninitialised lock use
      evp: fix coverity 1484885 negative integer to size_t conversion
      keymgmt: fix coverity 1484886 unchecked return value
      hmac: fix coverity 1484888 negative integer to size_t conversion
      seal: make EVP_SealInit() library context aware
      apps: use else if when checking for headers in the http server code
      fips: remove unnecessary commas to get CI working
      Revert "ARM assembly pack: translate bit-sliced AES implementation to AArch64"
      todo: remove TODO(3.0) from the sources.
      app: add a -store_loaders option to list.

Petr Gotthard (2):
      Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
      Fix pointer passed to provider_unquery_operation

Rich Salz (8):
      Fix cut/paste (?) error.
      Add --banner config option
      Convert SSL_{CTX}_[gs]et_options to 64
      Slightly reformat ssl.h.in
      Add -quiet flag to genpkey
      Remove '=for openssl ifdef'
      Remove "openssl ifdef" handling

Richard Levitte (29):
      Rename files in providers/implementations/signatures
      Drop libimplementations.a
      make update
      ASN1: Fix i2d_provided() return value
      APPS: Make the cmp Mock server output the accept address and port
      Adapt 80-test_cmp_http.t and its data for random accept ports
      Move some OpenSSL perl utility functions to OpenSSL::Util
      Rework how a build file (Makefile, ...) is produced
      Turn off VMS C's info about unsupported pragmas
      Configurations/descrip.mms.tmpl: Diverse updates
      Fix OpenSSL::fallback for VMS
      Fix The VMS variant of platform->staticname()
      Fix configdata.pm.in's "use lib" for VMS
      Thrown away all special descrip.mms variables
      Configurations/descrip.mms.tmpl: Change strategy for include directories
      Configurations/descrip.mms.tmpl: Add another inclusion hack
      VMS need to build DSO with name shortening, because of provider code
      Tweak apps/build.info for VMS
      Fix include/openssl/e_os2.h for VMS
      Fix include/internal/sockets.h for VMS
      Fix crypto/bio/b_sock.c for VMS
      Make sure to include "internal/numbers.h" to get SIZE_MAX
      Make sure to include "crypto/ctype.h" to get ossl_isdigit()
      build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmts
      Make apps/progs.pl not look at apps/progs.c
      Complete 'no-sock' guards in apps/ocsp.c
      test/evp_extra_test2.c: Try EVP_PKEY_export() with a legacy RSA key
      Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer
      EVP: Modify EVP_PKEY_export() to handle legacy EVP_PKEYs

Scott McPeak (1):
      BIO_printf.pod: Clarify that output is always null terminated.

Shane Lontis (8):
      Remove unused code from the fips module
      Fix i2d_PKCS8PrivateKey_nid_bio() regression.
      Export/import flags for FFC params changed to seperate fields.
      Fix compiler error when using config option 'enable-acvp-tests'
      Fix OSSL_DECODER_new_for_pkey() selection parameter documentation
      Add doc for ERR_clear_last_mark().
      Add migration guide for 3.0
      Test d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully.

Theo Buehler (2):
      Avoid division by zero in hybrid point encoding
      Test oct2point for hybrid point encoding of (0, y)

Tomas Mraz (25):
      evp_extra_test: Avoid potential double free of params
      Unify parameter types in documentation
      Updated gost-engine to latest commit from master branch
      Allow arbitrary digests with ECDSA and DSA
      A few cleanups of the provider build.infos
      Compute the FIPS checksums in $(BLDDIR) and remove it from update target
      Add diff-fips-checksums target to compare BLDDIR and SRCDIR checksums
      Add checksums github CI action
      fipsprov: Missing teardown on fips_get_params_from_core() error
      Set the severity: fips change label if fips checksum changed
      Remove the severity: fips change label if fips checksum unchanged
      Allow diff-fips-checksums in in-tree build
      Remove the .new suffix inside the fips.checksum.new
      The FIPS Checksums job must be run on pull_request_target
      Ensure the pristine checksums are not recomputed
      update-fips-checksums: Make the dependency on source list work
      Replace EVP_PKEY_supports_digest_nid
      Implement pem_read_key directly through OSSL_DECODER
      Fallback to legacy pem decoding if OSSL_DECODER fails
      Replace some of the ERR_clear_error() calls with mark calls
      Add make update-fips-checksums to release.sh script
      Separate FIPS checksum and labelling into different workflows
      Avoid failing label removal if label is not there
      speed: Document the deficiencies of the command

Xiaofei Bai (3):
      Fix missing $CPUIDDEF in libdefault.a
      Add $AESDEF in libdefault.a to fix aes regression
      crypto/arm_arch.h: add a variable declaration

bonniegong (1):
      check i2d_ASN1_TYPE return value

fangming.fang (1):
      Optimize RSA on armv8


More information about the openssl-commits mailing list