[openssl] openssl-3.0.0 create

Richard Levitte levitte at openssl.org
Tue Sep 7 11:57:49 UTC 2021

The annotated tag openssl-3.0.0 has been created
        at  d8dd2312cb78029470effab221ec5996892adbbe (tag)
   tagging  89cd17a031e022211684eb7eb41190cf1910f9fa (commit)
  replaces  openssl-3.0.0-beta2
 tagged by  Richard Levitte
        on  Tue Sep 7 13:46:40 2021 +0200

- Log -----------------------------------------------------------------
OpenSSL 3.0.0 release tag


Amir Mohammadi (2):
      Fix ipv4_from_asc behavior on invalid Ip addresses
      Fix test case for a2i_IPADDRESS

Beat Bolli (3):
      doc: use the documented =item markers
      doc: replace markdown backticks with perlpod syntax
      doc: fix a mistyped "=item" perldoc marker

Bernd Edlinger (3):
      Fix the array size of dtlsseq in tls1_enc
      Avoid using undefined value in generate_stateless_cookie_callback
      Fix the "Out of memory" EVP KDF scrypt test

Billy Brumley (1):
      [doc/man3] documentation: BN_cmp manpage updates

Christian Heimes (1):
      Test case for a2i_IPADDRESS

Daniel Bevenius (1):
      Fix indentation of tls13_hkdf_expand parameters

Daniel Krügler (1):
      Ensure that _GNU_SOURCE is defined for bss_dgram.c

David Bohman (1):
      MacOS: Add an include of <CommonCrypto/CommonCryptoError.h>

David Carlier (1):
      Darwin platform allows to build on releases before Yosemite/ios 8.

Dmitry Belyavskiy (6):
      If we have passed the private key, don't copy it implicitly
      Document necessary error code processing
      Omitted signature_algorithms extension alerts updated
      Disclaimer about the default provider activation added to config
      Get rid of warn_binary
      Adjust the list of default provider's algorithms

Dr. David von Oheimb (7):
      apps/pkeyutl.c: call ERR_print_errors() on all errors, including Signature Verification Failure
      Fix CMP app TLS connection not respecting vpm options like -crl_check
      APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL
      CMS app: Fix new -wrap option
      APPS/x509: fix -extfile option, which was ignored with -x509toreq
      APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509
      APPS/req: Fix AKID generation in case -CA option is used

Ingo Franzki (2):
      s390x: AES OFB/CFB: Maintain running IV from cipher context
      Test EVP Cipher updating the context's IV

Jaime Hablutzel (1):
      Typo correction.

Kelvin Lee (1):
      Fix VS2019 compile error C4703: potentially uninitialized local pointer variable used.

Matt Caswell (25):
      Prepare for 3.0 beta 3
      Fix i2v_GENERAL_NAME to not assume NUL terminated strings
      Fix POLICYINFO printing to not assume NUL terminated strings
      Fix GENERAL_NAME_print to not assume NUL terminated strings
      Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
      Fix the name constraints code to not assume NUL terminated strings
      Fix CMP code to not assume NUL terminated strings
      Fix test code to not assume NUL terminated strings
      Fix append_ia5 function to not assume NUL terminated strings
      Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
      Fix EC_GROUP_new_from_ecparameters to check the base length
      Allow fuzz builds to detect string overruns
      Fix the error handling in i2v_AUTHORITY_KEYID
      Correctly calculate the length of SM2 plaintext given the ciphertext
      Extend tests for SM2 decryption
      Check the plaintext buffer is large enough when decrypting SM2
      Updates CHANGES.md and NEWS.md for new 1.1.1 release
      When activating providers via config check we've not already activated them
      Add locking for the provider_conf.c
      Add a test for running the config twice
      Add commentary about lock usage in provider_core.c
      Refactor provider_core.c to adhere to the locking rules
      Add a warning about locking in the child provider callback docs
      Ensure that we check the ASN.1 type of an "otherName" before using it
      Add a test for verifying an email with a bad othername type

Mattias Ellert (1):
      Openssl fails to compile on Debian with kfreebsd kernels (kfreebsd-amd64, kfreebsd-i386). The error reported by the compiler is:

Nicola Tuveri (4):
      Add tests for i2d_TYPE_fp and d2i_TYPE_fp
      Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros
      [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID
      Use applink to fix windows tests

Omair Majid (1):
      Fix documentation referring to 'function code'

PW Hu (4):
      EVP_PKEY_gettable_params.pod: Update argument names
      imporve documentation
      fix documentation error caused by commit 9067cf6ccdce0a73922f06937e54c2fce2752038
      fix documentation error caused by commit 6882652e65d39310c98ba506ceb55a87c702d419

Paul Dreik (1):
      Avoid invoking memcpy if size is zero or the supplied buffer is NULL

Pauli (36):
      demo: add GMAC demonstration program
      doc: document that config_diagnostics is sensible but involves risk
      changes: remove duplicate entry
      Add config_diagnostics to our configuration files.
      ci: separate the config dump from the configuration command
      ci: specific gcc explicitly on the basic-gcc CI build
      CI: remove spurious blank lines
      doc: add missing link directive in X942 KDF
      tls/prov: move the TLS 1.3 KDF code to providers
      provider: add TLS13_KDF to the default and FIPS providers
      doc: add documentation for TLS13_KDF
      doc: add links to new KDF
      doc: reorder the string and int extract/expand param values
      doc: add TLS 1.3 KDF to the FIPS provider list of algorithms.
      fips: add power up test for TLS 1.3 KDF
      update doc/build.info
      test: add test cases for TLS 1.3 KDF
      evp_test: add TLS 1.3 KDF test suite
      ctrls: add missing control string translation for key -> priv for HMAC
      test: add -macopt hexkey: to dgst command tests
      doc: Fix ECX FIPS documentation
      doc: remove errant claim that these are not FIPS okay
      genpkey: -quiet doesn't take an argument
      pkcs12: check for zero length digest to avoid division by zero
      doc: remove errant blank line to appease doc-nits
      sm2: fix error raise to not fail make update
      cpp: fix included files to avoid failure in no-deprecated builds
      news/changes: fix formatting nits
      test: add unit tests for TDES key wrap
      changes: add note about 3DES key wrap matching the standard
      Add invalid input length error
      aes-wrap: improve error handling
      doc: document the rsa_oaep_md: pkeyopt
      CI: add builds covering a number of different compiler versions
      Add additional test to thread sanitizer build
      CI: add last run-checker fuzzing CIs to Actions

Rich Salz (4):
      Minor doc enhancements to INSTALL.md
      Replace CONFIG_NOWAIT env var with -w option
      Yet another doc-nits fix

Richard Levitte (24):
      Correct UTF8 params documentation further
      EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated
      Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negative
      util/add-depends.pl: Only add dependencies on existing or generated headers
      util/add-depends.pl: Rebuild the build file after reconfiguration
      VMS: Correct faulty source directory specification
      Add multilib to the NonStop configuration definitions.
      VMS: Compensate for x86_64 cross compiler type incompatibility
      DECODER: check the first decoded structure name against user given structure
      PEM to DER decoder: Specify object type and data structure more consistently
      OSSL_STORE 'file:' scheme: Set input structure for certificates and CRLs
      Adjust test/endecoder_test.c
      ENCODER PROV: Add encoders with EncryptedPrivateKeyInfo output
      test/recipes/25-test_verify.t: Add a couple of tests of mixed PEM files
      Configuration: support building for OpenVMS for x86_64
      Fix a few tests that fail on VMS
      Correct the "Out of memory" EVP tests
      Add missing OSSL_DECODER entry in NEWS.md and CHANGES.md
      Added a NEWS entry about the enhanced 'openssl list'
      Mention the concept of providers in NEWS.md and CHANGES.md
      Update copyright year
      dev/release.sh: Adjust release branch names to votes
      make update
      Prepare for release of 3.0.0

Shane Lontis (5):
      Allow small RSA exponents in the default provider
      Refactor cipher aes_cts code so that it can be used by other 128bit ciphers
      Add support for camellia cbc cts mode
      Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block
      Fix CTS cipher decrypt so that the updated IV is returned correctly.

Tanzinul Islam (1):
      Redefine getpid() -> _getpid() only for MSVC

Tianjia Zhang (1):
      apps/ciphers: Fix wrong return value when using -convert parameter

Todd Short (4):
      Add missing SSL_OP flags
      Sort SSL_OP names in documentation
      Fix potential double-free
      Fix state name abbreviation

Tomas Mraz (23):
      Windows, VMS: Do install_fips on install if fips is enabled
      Use copy.pl to install the fips module on Windows
      Prevent recursive call of OPENSSL_INIT_LOAD_CONFIG
      Add oid_section to sysdefault.cnf to test adding new oids
      req: Avoid segfault when -modulus is used
      cms: Do not try to check binary format on stdin
      cms: Fix handling of -rctform option
      X509_STORE_CTX_get_error: Fix some minor documentation issues
      Avoid freeing the conf lhashes in X509_V3_EXT*_add_conf
      aes_v8_xts_encrypt is present only on 64bit arm builds
      Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen
      dsatest: Properly detect failure in generate/sign/verify
      EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable
      Add documentation about the multilib postfix and libdir
      Correct documentation errors in regards to UTF8 params
      Multiple fixes for getting pub key from legacy DH PKEY
      rsa: Try legacy encoding functions for pubkey
      EVP_DigestSign/VerifyFinal: Duplicate the pctx to allow multiple calls
      doc: Add note about operation parameters validation
      apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING
      Last minute NEWS and CHANGES entries for the 3.0 release

Xiaofei Bai (1):
      Fix libdir path on darwin

Zengit (1):
      Add a clarification to NOTES-UNIX.md

a1346054 (1):
      always use the same perl in $PATH

slontis (5):
      Document that EVP_get_cipherbyname() does not work for some new algorithm names.
      Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE
      Fix double free in EVP_PKEY_CTX_dup()
      Fix dh dupctx refcount error
      Add KEM dupctx test

yangyangtiantianlonglong (1):
      Fix dtls timeout dead code

zhaozg (2):
      ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint
      cms: fix memleaks in cms_env.c


More information about the openssl-commits mailing list