The annotated tag openssl-3.0.0-alpha15 has been created at a09d1cc08fe83d3793e55c5263261e0d0cede43d (tag) tagging b07412ef80ebbcdb8ce2c9fbf714802288fc7ee4 (commit) replaces openssl-3.0.0-alpha14 tagged by Matt Caswell on Thu Apr 22 14:44:13 2021 +0100
- Log ----------------------------------------------------------------- OpenSSL 3.0.0-alpha15 release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCBfa0RHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJGvTgf/fiHGPg+E4//YprhoG2EQlKNV7shbMEDl vYbGn6upUSXfdnhc5Hgla7rw5OSq9DprNiUt3w6SWvmzOrND8m/f+rGj4ii5G/md GOp5Fj1avenFe1pSoXiObcLHI9BcVR1XR0zvLEh8u07ObpbSvu9s8DnJmQ3Io5v0 nMwUx3nhuEiZyKdeQ1zXJ/t5zv7piIvNISAfudlso5zY3ETCNvecPEfEwDcEzPlK GTati1KhX3XBgLuYkX3dR9PDCDLqiHCoLHLVe9B6fH6RVma9pEbiecVx4MOCfG+y XmGhyuJFxww1wOpmJ1fcsJph06UTLDz0zbRrlMehdoSybnvwXgzucA== =VmOl -----END PGP SIGNATURE----- Armin Fuerst (1): apps: fix warning about size_t / int conversion Christian Heimes (1): Inherit hostflags verify params even without hosts Dave Coombs (1): crl2pkcs7 shouldn't include empty optional sets Dr. David von Oheimb (20): PEM_X509_INFO_read,{_bio}_ex(): Complete documentation in PEM_X509_INFO_read_bio_ex.pod d2i_PrivateKey{,_ex}() and PEM_X509_INFO_read_bio_ex(): Fix handling of RSA/DSA/EC private key PEM_X509_INFO_read_bio_ex(): Generalize to allow parsing any type of private key d2i_PrivateKey_decoder(): Fix premature exit on unsuccessful OSSL_DECODER_CTX_new_for_pkey() APPS: make apps strict on app_RAND_load() and app_RAND_write() failure APPS and TEST: Make sure prog name is set for usage output cmp_util.c: Fix OSSL_CMP_log_open() in case OPENSSL_NO_TRACE openssl-cmp.pod.in: Fix missing provider options description apps/cmp: Add generic random state options, e.g., for nonce generation 80-test_cmp_http.t: Fix resumption when skipping after mock server launch failed 80-test_cmp_http.t: Silence check for availability of 'kill' and 'lsof' commands 80-test_cmp_http.t: Extend diagnostics of mock server launch OSSL_CMP_CTX_new(): Fix distinction of out-of-memory and other errors apps/cmp.c: Fix TLS hostname checking in case -server provides more than hostname PKCS12 etc.: Add hints on using -legacy and -provider-path options Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain() apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure DOC: Clarify EVP_MAC_init() params vs. EVP_MAC_CTX_set_params() tasn_dec.c: Add checks for it == NULL arguments; improve coding style ASN.1: Add some sanity checks for input len <= 0; related coding improvements Dr. Matthias St. Pierre (1): util/wrap.pl: use the apps/openssl.cnf from the source tree FdaSilvaYY (2): nits: fix a few typo in template code crypto: raise error on malloc failure clean a few style nits. Jakub Wilk (1): doc: Fix formatting Juergen Christ (1): Fix compile errors on s390. Matt Caswell (17): Prepare for 3.0 alpha 15 Only enable KTLS if it is explicitly configured Update KTLS documentation Remove the function EVP_PKEY_set_alias_type Remove a TODO(3.0) from X509_PUBKEY_set Store some FIPS global variables in the FIPS_GLOBAL structure Sanity check provider up-calls Change the default MANSUFFIX Fix some TODO(3.0) occurrences in ssl/t1_lib.c Don't worry about magic in the Makefile for 3.0 Remove a TODO(3.0) from keymgmt_lib.c Change the semantics of OSSL_LIB_CTX_set0_default() NULL handling Add the function OSSL_LIB_CTX_get0_global_default() Add a test for OSSL_LIB_CTX_set0_default Avoid the need for Configure time 128-bit int detection Update copyright year Prepare for release of 3.0 alpha 15 MichaM (1): Fix typos Nan Xiao (4): Fix typo in statem_clnt.c Fix typos in x509.pod demos: Add clean target for bio/Makefile Fix typo in aesccm.c Nicola Tuveri (1): Add missing argname for keymgmt_gettable_params and keymgmt_settable_params prototypes Pauli (26): apps: fix Camellia CBC performance loop Add additional KMAC error kmac: add long customisation string example kmac: fix customistation string overflow bug kmac: update the documention for the customisation string maximum length Note deprecated function/macros with no replacement. bio: add a malloc failed error to BIO_print bio: note that BIO_sprintf null terminates on insufficient space. bio_printf: add \0 terminators for error returns in floating point conversions. changes: note that some ctrl calls have a different error return. SipHash: Fix CTRL API for the digest size. lifecycle: correct [sg]ettable to [sg]et lifecycle: update master lifecycle transition spreadsheet fixing the ettable issue Fix naming for EVP_RAND_CTX_gettable functions. params_dup: fix off by one error that allows array overreach. srp: fix double free, ts: fix double free on error path. engine: fix double free on error path. test: fix double free problems. x509: remove most references to EVP_sha1() cms: remove most references to EVP_sha1() ocsp: remove references to EVP_sha1() pem: remove references to EVP_sha1() srp: remove references to EVP_sha1() dsa: remove unused macro asn1: fix indentation Petr Gotthard (2): apps: call ERR_print_errors when OSSL_PROVIDER_load fails Fix memory leak in X509_REQ Rich Salz (7): Standard style for all EVP_xxx_free routines Add "origin" field to EVP_CIPHER, EVP_MD Remove extra trailing semicolon Fetch and free cipher and md's Fetch before get-by-name Flip ordering back Use build.info not file-wide ifndef Richard Levitte (13): Github workflows: re-implement a no-shared build PROV: Add OIDs we know to all provider applicable algorithms TEST: Modify test/evp_fetch_prov_test.c to also fetch by OID TEST: Modify testutil's run_tests to display NOSUBTEST cases individually TEST: Modify how the retrieved digest name for SM2 digestsign is checked Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt() CORE: Register all legacy "names" when generating the initial namemap TEST: Use OSSL_MAX_NAME_SIZE instead of arbitrary number of mdname CORE: pre-populate the namemap with legacy OIDs too ENCODER & DECODER: Allow decoder implementations to specify "carry on" Adapt our decoder implementations to the new way to indicate succes / failure TEST: Adapt the EVP test STORE: Discard the error report filter in crypto/store/store_result.c Shane Lontis (8): Add OSSL_PARAM_dup() and OSSL_PARAM_merge(). Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free(). Add FIPS Self test for AES_ECB decrypt Fix windows compiler error in kmac_prov.c Add domain parameter match check for DH and ECDH key exchange. Add some additional NULL checks to prevent segfaults. Add EVP_PKEY_todata() and EVP_PKEY_export() functions. Add more negative checks for integers passed to OPENSSL_malloc(). Tanzinul Islam (21): Avoid "&&" in windows-makefile.tmpl Move VS Tools configuration to VC-common target Avoid space between "-I" and include directory Generalize delimiter in archiver response file Avoid quoting dependency filepaths in build tree Ensure at least one command if no dependencies Generalize link rule in windows-makefile.tmpl Avoid redirection to quoted filename Resurrect and modernize C++Builder config Use cmd.exe to export env vars before commands Add explanation + bugtracker link for quoted dependency workarounds Replace "ld_wildcard_args" with "bin_lflags" Document C++Builder usage in NOTES-WINDOWS.md Ensure cw32mt.lib and import32.lib are linked to in no-sock mode Support DLL builds + Fix C RTL variants Build resource files Avoid more MSVC-specific C runtime library functions Generate dependency information Link with .def files Link with uplink module Remove crypt32.lib from C++Builder configuration Todd Short (1): Handle set_alpn_protos inputs better. Tomas Mraz (17): provider-decoder.pod: Documentation of provider side decoder API Small fixes and cleanups of provider API documentation Always reset IV for CBC, OFB, and CFB mode on cipher context reinit X509_NAME_cmp: if canon_enclen is 0 for both names return 0 Document the invariants for the empty X509_NAME encoding Implement provider-side keymgmt_dup function Add selection support to the provider keymgmt_dup function Remove keymgmt_copy function from the provider API Do not allow creating empty RSA keys by duplication Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name Add OID for mdc2WithRSASignature and remove related TODO 3.0 Add DHX FIPS 186-4 domain parameter validation example Do IV reset also for DES and 3DES implementations Add test for the IV handling of DES based ciphers Detect low-level engine and app method based keys Update krb5 module to latest release Fix build failure with MSVC -----------------------------------------------------------------------