[openssl] openssl-3.0.0-alpha17 create
Matt Caswell
matt at openssl.org
Thu May 20 13:43:25 UTC 2021
The annotated tag openssl-3.0.0-alpha17 has been created
at 183c3af650bd7a05c810a951a44bd7718480d7d5 (tag)
tagging 036f8e71e39a9005cf55cd1f832dd7aafc06ae84 (commit)
replaces openssl-3.0.0-alpha16
tagged by Matt Caswell
on Thu May 20 14:30:22 2021 +0100
- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha17 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCmZG4RHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHX2ggArkmoJjB6aq1JqshHZc/hWqp8RxvGWhHC
w4f6222cauex5l2tIX6kc5PGwhOtodGiEYkBYoZhfOvBfJU77LtCjA4qrJwmygDF
NPk886MQ3TpWc5XAkYuskvYIg/8VDIu/EV9c+80ol1aBFxnZCFt4CsnAJBjsRNL6
Qsg0kCROCdTotNVFAJFEJzlzViP8MIirdovzJJghjImUPBBI+iwRLtQuliZ9QfxZ
A7C7SZiQF3CabkV7k7SFdvQTvQzgy+VYCzZbFX02QTR7383n9fvCT8OtlNS19a1U
GWtd0xGc7c6kvFDEjoBkhcgRBwmGWRiviDWz16KafnIq6AbwX+Z+EQ==
=2SlW
-----END PGP SIGNATURE-----
Ben Avison (1):
ARM assembly pack: translate bit-sliced AES implementation to AArch64
Benjamin Kaduk (14):
tasn_dec: use do/while around statement macros
Improve RFC 8446 PSK key exchange mode compliance
make update
Don't send key_share for PSK-only key exchange
Update expected results for tls13kexmodes tests
apps: improve hygeine for SET_EXPECT macro
Promote SSL_get_negotiated_group() for non-TLSv1.3
Regenerate testsid.pem
Extend SSL_get_negotiated_group() tests for TLS 1.2
move group lists out of test_key_exchange() in preparation for reuse
Add extensive test coverage for SSL_get_negotiated_group()
Let SSL_new_session_ticket() enter init immediately
Test new SSL_new_session_ticket() functionality
Update SSL_new_session_ticket() manual for triggered send
Daniel Bevenius (3):
Clarify two comments (typos) in fipsprov.c
Clarify where dispatch functions/ids are defined
Mark pop/clear error stack in der2key_decode_p8
David CARLIER (1):
armcap: fix Mac M1 SHA512 support.
David Carlier (1):
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
Dmitry Belyavskiy (4):
Avoid sending alerts after shutdown
Tests for creating req from PKCS8 keys with extra attrs
Enumerating the legacy provider's cipher algorithms
clarification about the DES status
Dr. David von Oheimb (50):
DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
Crypto: Add deprecation compatibility declarations for SHA* message digest functions
ssl.h.in: Fix deprecation exclusion for SRP-related declarations
80-test_cmp_http.t: Improve fuzzing exclusion pattern
Add convenience functions and macros for asymmetric key generation
Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
80-test_cmp_http.t: Improve fuzzing exclusion pattern - fixup!
Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()
HTTP client: Minimal changes that include the improved API
EVP_PKEY-X25519.pod: Correct EVP_PKEY_Q_keygen function name in example
Makefile: Simplify use of run_tests
Makefile: Make sure providers/fipsmodule.cnf is re-built also for run_tests
http_client.c: Fix inconsistency w.r.t. type of max_resp_len
HTTP client: Rename 'maxline' parameter to 'buf_size' for clarity
OSSL_CMP_SRV_process_request(): Log any error queue entries on response
cmp_server.c: Improve transaction management and logging
HTTP test server: Improve connection management and logging
CMP test server: Extend error reporting on cert rejected for revocation
OSSL_HTTP_REQ_CTX_add1_headers(): Fix use with host == NULL (relative URLs)
HTTP: Implement persistent connections (keep-alive)
OSSL_HTTP_get(): Do not close connection if redirect to same server
OSSL_HTTP_transfer(): Fix error reporting in case rctx->server is NULL
HTTP client API: Generalize to arbitrary request and response contents
HTTP client: Allow streaming of request data (for POST method)
HTTP client: Allow streaming of response data (with possibly indefinite length)
http_client.c: Rename internal fields and functions for consistency
Add OSSL_ prefix to HTTP_DEFAULT_MAX_{LINE_LENGTH,RESP_LEN}
apps/ocsp: Add -proxy and -no_proxy options
apps/s_server: Add -proxy and -no_proxy options
find-doc-nits: Make -c option (cmd-nits) independent of app build and execution
openssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strong
ci.yml: Add cmd-nits to the doc-nits CI run
DOC: Fix nits found by improved find-doc-nits -c
Move ossl_sleep() to e_os.h and use it in apps
bio_lib: Add BIO_get_line, correct doc of BIO_gets
Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary input
apps/cms.c: Make -sign and -verify handle binary input
apps/cms.c: Simplify make_receipt_request() and load_content_info(()
CMS_get0_SignerInfos(): Prevent spurious error on cms_get0_signed() failure
unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits
find-doc-nits -c: Fix handling in case expected helpstr is not found
apps/list: Remove obsolete -missing-help option
80-test_cms.t: Disable new tests for binary input in Windows
X509 build_chain(): Restrict scope of 'self_signed' variable
X509 build_chain(): Rename variable 'depth' to 'max_depth'
X509 build_chain(): Make the variable 'curr' local to the loop body
X509 build_chain(): Fix two potential memory leaks on issuer variable
X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure
danetest.c: Improve code formatting
EasySec (2):
use LHASH_OF(TYPE) macro to make the example consistent with the declaration in ssl.h
find-doc-nits fix courtesy Rich Salz
Jake Cooke (1):
Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw
Job Snijders (1):
Add OID for RPKI id-ct-signedChecklist
Jon Spillett (2):
Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
Fixes #14662. Return all EC parameters even for named curves
Juergen Christ (1):
Fix provider library build wrt. AES
Martin Schwenke (1):
bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
Matt Caswell (33):
Prepare for 3.0 alpha 17
Only load the config file into the default libctx if necessary
Add the ability for ex_data to have a priority
Add the concept of a child OSSL_LIB_CTX
Modify the legacy provider to use OSSL_LIB_CTX_new_child()
Add a test for OSSL_LIB_CTX_new_child()
Register callbacks with core for child provider creation/deletion
Add a test to check that child provider callbacks are working
Add support for child provider to up_ref/free their parent
Don't convert pre-existing providers into children
Add additional testing of child libctx/providers
Update documentation following addition of OSSL_LIB_CTX_new_child()
Exclude child provider code from the FIPS module
Update FIPS checksums
property: add test case for setting default user properties before fetching
Fix a memleak on an error path in the pkcs12 test helpers
Init the child providers immediately on creation of the child libctx
Load the default provider into the p_test provider later
Add a CHANGES entry for fully pluggable groups
Fix a use-after-free in the child provider code
Better error messages if there are no encoders/decoders/store loaders
Implement the ability to convert a PROPERTY_LIST to a string
Add a test for converting a property list to a string
Add a callback for providers to know about global properties changes
Test that properties are mirrored as we expect
Documentation updates for mirroring of global properties
Ensure mirroring of properties works for subsequent updates
Update documentation for global properties mirroring
Create symlinks when installing man pages
Refer to the migration guide rather than the wiki in our announcements
Update copyright year
make update
Prepare for release of 3.0 alpha 17
Michael Richardson (1):
reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case
Nicola Tuveri (1):
FIPS checksums update
Pauli (44):
changes: add note about application output formatting differences.
provider: flush the store cache when providers are loaded/unloaded.
test: add a provider load/unload cache flush test.
doc: document the new ossl_provider_clear_all_operation_bits() function
provider: use a read lock when looking for a provider
FIPS checksum update
apps: add mac, cipher and digest arguments to the kdf applet.
apps: remove initial newline from mac output
apps/mac: avoid need for two ^D when using stdin from a terminal
apps/mac: Add digest and cipher command line options
checksum fix
Reduce the runtime/output from the gmdiff test
coverity: fix 1484539 resource leak
coverity: fix 1484540 resource leak
coverity: fix 1484542 dereference after null check
evp: fix return code check.
Checksum update
coveralls: fix comment to indicate daily not weekly
Run-checker converted to GitHub Actions
property: create property names more eagerly.
Checksum update
doc: document the encoder and decoder name functions
encoder: add a _name() function for encoders and decoders
apps: change list command to only list fetchable algorithms.
apps: make list -help not continue with listing
test: fix thread test config file problem
e_loader_attic: fix a use after free issue
x509: fix a dangling pointer
doc: remove references to undepreciated commands being deprecated.
mac: improve MAC documentation (Poly 1305 key reuse, nomenclature)
doc: document all functions in provider-base(7)
ci: remove the checksum CI script
test: conditionally exclude unused code for no-tls1.2 build
apps: clean up the http server code
provider: fix coverity 1484884: uninitialised lock use
evp: fix coverity 1484885 negative integer to size_t conversion
keymgmt: fix coverity 1484886 unchecked return value
hmac: fix coverity 1484888 negative integer to size_t conversion
seal: make EVP_SealInit() library context aware
apps: use else if when checking for headers in the http server code
fips: remove unnecessary commas to get CI working
Revert "ARM assembly pack: translate bit-sliced AES implementation to AArch64"
todo: remove TODO(3.0) from the sources.
app: add a -store_loaders option to list.
Petr Gotthard (2):
Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
Fix pointer passed to provider_unquery_operation
Rich Salz (8):
Fix cut/paste (?) error.
Add --banner config option
Convert SSL_{CTX}_[gs]et_options to 64
Slightly reformat ssl.h.in
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
Add -quiet flag to genpkey
Remove '=for openssl ifdef'
Remove "openssl ifdef" handling
Richard Levitte (29):
Rename files in providers/implementations/signatures
Drop libimplementations.a
make update
ASN1: Fix i2d_provided() return value
APPS: Make the cmp Mock server output the accept address and port
Adapt 80-test_cmp_http.t and its data for random accept ports
Move some OpenSSL perl utility functions to OpenSSL::Util
Rework how a build file (Makefile, ...) is produced
Turn off VMS C's info about unsupported pragmas
Configurations/descrip.mms.tmpl: Diverse updates
Fix OpenSSL::fallback for VMS
Fix The VMS variant of platform->staticname()
Fix configdata.pm.in's "use lib" for VMS
Thrown away all special descrip.mms variables
Configurations/descrip.mms.tmpl: Change strategy for include directories
Configurations/descrip.mms.tmpl: Add another inclusion hack
VMS need to build DSO with name shortening, because of provider code
Tweak apps/build.info for VMS
Fix include/openssl/e_os2.h for VMS
Fix include/internal/sockets.h for VMS
Fix crypto/bio/b_sock.c for VMS
Make sure to include "internal/numbers.h" to get SIZE_MAX
Make sure to include "crypto/ctype.h" to get ossl_isdigit()
build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmts
Make apps/progs.pl not look at apps/progs.c
Complete 'no-sock' guards in apps/ocsp.c
test/evp_extra_test2.c: Try EVP_PKEY_export() with a legacy RSA key
Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer
EVP: Modify EVP_PKEY_export() to handle legacy EVP_PKEYs
Scott McPeak (1):
BIO_printf.pod: Clarify that output is always null terminated.
Shane Lontis (8):
Remove unused code from the fips module
Fix i2d_PKCS8PrivateKey_nid_bio() regression.
Export/import flags for FFC params changed to seperate fields.
Fix compiler error when using config option 'enable-acvp-tests'
Fix OSSL_DECODER_new_for_pkey() selection parameter documentation
Add doc for ERR_clear_last_mark().
Add migration guide for 3.0
Test d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully.
Theo Buehler (2):
Avoid division by zero in hybrid point encoding
Test oct2point for hybrid point encoding of (0, y)
Tomas Mraz (25):
evp_extra_test: Avoid potential double free of params
Unify parameter types in documentation
Updated gost-engine to latest commit from master branch
Allow arbitrary digests with ECDSA and DSA
A few cleanups of the provider build.infos
Compute the FIPS checksums in $(BLDDIR) and remove it from update target
Add diff-fips-checksums target to compare BLDDIR and SRCDIR checksums
Add checksums github CI action
fipsprov: Missing teardown on fips_get_params_from_core() error
Set the severity: fips change label if fips checksum changed
Remove the severity: fips change label if fips checksum unchanged
Allow diff-fips-checksums in in-tree build
Remove the .new suffix inside the fips.checksum.new
The FIPS Checksums job must be run on pull_request_target
Ensure the pristine checksums are not recomputed
update-fips-checksums: Make the dependency on source list work
Drop ASN1_PKEY_CTRL_SUPPORTS_MD_NID
Replace EVP_PKEY_supports_digest_nid
Implement pem_read_key directly through OSSL_DECODER
Fallback to legacy pem decoding if OSSL_DECODER fails
Replace some of the ERR_clear_error() calls with mark calls
Add make update-fips-checksums to release.sh script
Separate FIPS checksum and labelling into different workflows
Avoid failing label removal if label is not there
speed: Document the deficiencies of the command
Xiaofei Bai (3):
Fix missing $CPUIDDEF in libdefault.a
Add $AESDEF in libdefault.a to fix aes regression
crypto/arm_arch.h: add a variable declaration
bonniegong (1):
check i2d_ASN1_TYPE return value
fangming.fang (1):
Optimize RSA on armv8
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list