[openssl] openssl-3.0.0 create
Richard Levitte
levitte at openssl.org
Tue Sep 7 11:57:49 UTC 2021
The annotated tag openssl-3.0.0 has been created
at d8dd2312cb78029470effab221ec5996892adbbe (tag)
tagging 89cd17a031e022211684eb7eb41190cf1910f9fa (commit)
replaces openssl-3.0.0-beta2
tagged by Richard Levitte
on Tue Sep 7 13:46:40 2021 +0200
- Log -----------------------------------------------------------------
OpenSSL 3.0.0 release tag
-----BEGIN PGP SIGNATURE-----
iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF
O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w==
=pGf9
-----END PGP SIGNATURE-----
Amir Mohammadi (2):
Fix ipv4_from_asc behavior on invalid Ip addresses
Fix test case for a2i_IPADDRESS
Beat Bolli (3):
doc: use the documented =item markers
doc: replace markdown backticks with perlpod syntax
doc: fix a mistyped "=item" perldoc marker
Bernd Edlinger (3):
Fix the array size of dtlsseq in tls1_enc
Avoid using undefined value in generate_stateless_cookie_callback
Fix the "Out of memory" EVP KDF scrypt test
Billy Brumley (1):
[doc/man3] documentation: BN_cmp manpage updates
Christian Heimes (1):
Test case for a2i_IPADDRESS
Daniel Bevenius (1):
Fix indentation of tls13_hkdf_expand parameters
Daniel Krügler (1):
Ensure that _GNU_SOURCE is defined for bss_dgram.c
David Bohman (1):
MacOS: Add an include of <CommonCrypto/CommonCryptoError.h>
David Carlier (1):
Darwin platform allows to build on releases before Yosemite/ios 8.
Dmitry Belyavskiy (6):
If we have passed the private key, don't copy it implicitly
Document necessary error code processing
Omitted signature_algorithms extension alerts updated
Disclaimer about the default provider activation added to config
Get rid of warn_binary
Adjust the list of default provider's algorithms
Dr. David von Oheimb (7):
apps/pkeyutl.c: call ERR_print_errors() on all errors, including Signature Verification Failure
Fix CMP app TLS connection not respecting vpm options like -crl_check
APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL
CMS app: Fix new -wrap option
APPS/x509: fix -extfile option, which was ignored with -x509toreq
APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509
APPS/req: Fix AKID generation in case -CA option is used
Ingo Franzki (2):
s390x: AES OFB/CFB: Maintain running IV from cipher context
Test EVP Cipher updating the context's IV
Jaime Hablutzel (1):
Typo correction.
Kelvin Lee (1):
Fix VS2019 compile error C4703: potentially uninitialized local pointer variable used.
Matt Caswell (25):
Prepare for 3.0 beta 3
Fix i2v_GENERAL_NAME to not assume NUL terminated strings
Fix POLICYINFO printing to not assume NUL terminated strings
Fix GENERAL_NAME_print to not assume NUL terminated strings
Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
Fix the name constraints code to not assume NUL terminated strings
Fix CMP code to not assume NUL terminated strings
Fix test code to not assume NUL terminated strings
Fix append_ia5 function to not assume NUL terminated strings
Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
Fix EC_GROUP_new_from_ecparameters to check the base length
Allow fuzz builds to detect string overruns
Fix the error handling in i2v_AUTHORITY_KEYID
Correctly calculate the length of SM2 plaintext given the ciphertext
Extend tests for SM2 decryption
Check the plaintext buffer is large enough when decrypting SM2
Updates CHANGES.md and NEWS.md for new 1.1.1 release
When activating providers via config check we've not already activated them
Add locking for the provider_conf.c
Add a test for running the config twice
Add commentary about lock usage in provider_core.c
Refactor provider_core.c to adhere to the locking rules
Add a warning about locking in the child provider callback docs
Ensure that we check the ASN.1 type of an "otherName" before using it
Add a test for verifying an email with a bad othername type
Mattias Ellert (1):
Openssl fails to compile on Debian with kfreebsd kernels (kfreebsd-amd64, kfreebsd-i386). The error reported by the compiler is:
Nicola Tuveri (4):
Add tests for i2d_TYPE_fp and d2i_TYPE_fp
Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros
[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID
Use applink to fix windows tests
Omair Majid (1):
Fix documentation referring to 'function code'
PW Hu (4):
EVP_PKEY_gettable_params.pod: Update argument names
imporve documentation
fix documentation error caused by commit 9067cf6ccdce0a73922f06937e54c2fce2752038
fix documentation error caused by commit 6882652e65d39310c98ba506ceb55a87c702d419
Paul Dreik (1):
Avoid invoking memcpy if size is zero or the supplied buffer is NULL
Pauli (36):
demo: add GMAC demonstration program
doc: document that config_diagnostics is sensible but involves risk
changes: remove duplicate entry
Add config_diagnostics to our configuration files.
ci: separate the config dump from the configuration command
ci: specific gcc explicitly on the basic-gcc CI build
CI: remove spurious blank lines
doc: add missing link directive in X942 KDF
tls/prov: move the TLS 1.3 KDF code to providers
provider: add TLS13_KDF to the default and FIPS providers
doc: add documentation for TLS13_KDF
doc: add links to new KDF
doc: reorder the string and int extract/expand param values
doc: add TLS 1.3 KDF to the FIPS provider list of algorithms.
fips: add power up test for TLS 1.3 KDF
update doc/build.info
test: add test cases for TLS 1.3 KDF
evp_test: add TLS 1.3 KDF test suite
ctrls: add missing control string translation for key -> priv for HMAC
test: add -macopt hexkey: to dgst command tests
doc: Fix ECX FIPS documentation
doc: remove errant claim that these are not FIPS okay
genpkey: -quiet doesn't take an argument
pkcs12: check for zero length digest to avoid division by zero
doc: remove errant blank line to appease doc-nits
sm2: fix error raise to not fail make update
cpp: fix included files to avoid failure in no-deprecated builds
news/changes: fix formatting nits
test: add unit tests for TDES key wrap
changes: add note about 3DES key wrap matching the standard
Add invalid input length error
aes-wrap: improve error handling
doc: document the rsa_oaep_md: pkeyopt
CI: add builds covering a number of different compiler versions
Add additional test to thread sanitizer build
CI: add last run-checker fuzzing CIs to Actions
Rich Salz (4):
Minor doc enhancements to INSTALL.md
Set KERNEL_BITS, add CONFIG_NOWAIT
Replace CONFIG_NOWAIT env var with -w option
Yet another doc-nits fix
Richard Levitte (24):
Correct UTF8 params documentation further
EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated
Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negative
util/add-depends.pl: Only add dependencies on existing or generated headers
util/add-depends.pl: Rebuild the build file after reconfiguration
VMS: Correct faulty source directory specification
Add multilib to the NonStop configuration definitions.
VMS: Compensate for x86_64 cross compiler type incompatibility
DECODER: check the first decoded structure name against user given structure
PEM to DER decoder: Specify object type and data structure more consistently
OSSL_STORE 'file:' scheme: Set input structure for certificates and CRLs
Adjust test/endecoder_test.c
ENCODER PROV: Add encoders with EncryptedPrivateKeyInfo output
test/recipes/25-test_verify.t: Add a couple of tests of mixed PEM files
Configuration: support building for OpenVMS for x86_64
Fix a few tests that fail on VMS
Correct the "Out of memory" EVP tests
Add missing OSSL_DECODER entry in NEWS.md and CHANGES.md
Added a NEWS entry about the enhanced 'openssl list'
Mention the concept of providers in NEWS.md and CHANGES.md
Update copyright year
dev/release.sh: Adjust release branch names to votes
make update
Prepare for release of 3.0.0
Shane Lontis (5):
Allow small RSA exponents in the default provider
Refactor cipher aes_cts code so that it can be used by other 128bit ciphers
Add support for camellia cbc cts mode
Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block
Fix CTS cipher decrypt so that the updated IV is returned correctly.
Tanzinul Islam (1):
Redefine getpid() -> _getpid() only for MSVC
Tianjia Zhang (1):
apps/ciphers: Fix wrong return value when using -convert parameter
Todd Short (4):
Add missing SSL_OP flags
Sort SSL_OP names in documentation
Fix potential double-free
Fix state name abbreviation
Tomas Mraz (23):
Windows, VMS: Do install_fips on install if fips is enabled
Use copy.pl to install the fips module on Windows
Prevent recursive call of OPENSSL_INIT_LOAD_CONFIG
Add oid_section to sysdefault.cnf to test adding new oids
req: Avoid segfault when -modulus is used
cms: Do not try to check binary format on stdin
cms: Fix handling of -rctform option
X509_STORE_CTX_get_error: Fix some minor documentation issues
Avoid freeing the conf lhashes in X509_V3_EXT*_add_conf
aes_v8_xts_encrypt is present only on 64bit arm builds
Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen
dsatest: Properly detect failure in generate/sign/verify
EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable
Add documentation about the multilib postfix and libdir
Correct documentation errors in regards to UTF8 params
Multiple fixes for getting pub key from legacy DH PKEY
rsa: Try legacy encoding functions for pubkey
EVP_DigestSign/VerifyFinal: Duplicate the pctx to allow multiple calls
doc: Add note about operation parameters validation
Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests
ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING
Last minute NEWS and CHANGES entries for the 3.0 release
Xiaofei Bai (1):
Fix libdir path on darwin
Zengit (1):
Add a clarification to NOTES-UNIX.md
a1346054 (1):
always use the same perl in $PATH
slontis (5):
Document that EVP_get_cipherbyname() does not work for some new algorithm names.
Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE
Fix double free in EVP_PKEY_CTX_dup()
Fix dh dupctx refcount error
Add KEM dupctx test
yangyangtiantianlonglong (1):
Fix dtls timeout dead code
zhaozg (2):
ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint
cms: fix memleaks in cms_env.c
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list