The annotated tag openssl-3.0.0-alpha5 has been created at b603e202bab26e1c099839a78871047e2fe9de10 (tag) tagging e70a2d9f139e69f0f8a0846a170623256e424dea (commit) replaces openssl-3.0.0-alpha4 tagged by Richard Levitte on Thu Jul 16 15:22:46 2020 +0200
- Log ----------------------------------------------------------------- OpenSSL 3.0.0-alpha5 release tag -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCXxBUpgAKCRCnr5549wlF OyjRAJ9VbSPhdUmpeg0yNxs00Mq3xEs1NQCffMSROJG9Pr+OKasjPYYRD6pdiQk= =GnBK -----END PGP SIGNATURE----- Attila Szakacs (1): Configuration: do not overwrite BASE_unix ex_libs in AIX Benjamin Kaduk (1): Providerized libssl fallout: cleanup init Benny Baumann (1): Force ssl/tls protocol flags to use stream sockets Billy Brumley (1): [test] ectest: check custom generators Daniel Bevenius (2): Configurations: make Makefile tmpl files non-links Configure: fix minor typo in apitable comment Dr. David von Oheimb (20): Move test-related info from INSTALL.md to new test/README.md, updating references INSTALL.md and NOTES.VALGRIND: Further cleanup of references and code/symbol quotation layout Improve documentation, layout, and code comments regarding self-issued certs etc. Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod Add X509_self_signed(), extending and improving documenation and tests X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h Glenn Strauss (1): improve SSL_CTX_set_tlsext_ticket_key_cb ref impl Gustaf Neumann (1): Fix typos and repeated words Jakub Wilk (1): doc: Remove stray backtick Jon Spillett (1): Fix up build issue when running cpp tests Kurt Roeckx (2): Fix syntax of cipher string Reduce the security bits for MD5 and SHA1 based signatures in TLS Martin Elshuber (1): Add support to zeroize plaintext in S3 record layer Matt Caswell (29): Prepare for 3.0 alpha 5 Make the ASYNC code default libctx aware Add a test to make sure ASYNC aware code gets the right default libctx Fix a typo on the SSL_dup page Don't forget our provider ctx when resetting Ensure a string is properly terminated in http_client.c If an empty password is supplied still try to use it Don't run the cmp_cli tests if using FUZZING_BUILD_MODE Fix a typo in the i2d_TYPE_fp documentation Move MAC removal responsibility to the various protocol "enc" functions Split the padding/mac removal functions out into a separate file Remove SSL dependencies from tls_pad.c Add provider support for TLS CBC padding and MAC removal Make libssl start using the TLS provider CBC support Change ChaCha20-Poly1305 to be consistent with out ciphers Make the NULL cipher TLS aware Ensure cipher_generic_initkey gets passed the actual provider ctx Ensure GCM "update" failures return 0 on error Ensure the sslcorrupttest checks all errors on the queue Decreate the length after decryption for the stitched ciphers Ensure any allocated MAC is freed in the provider code Convert SSLv3 handling to use provider side CBC/MAC removal Ensure TLS padding is added during encryption on the provider side Fix OSSL_PROVIDER_get_capabilities() Fix an incorrect error flow in add_provider_groups Add a test to check having a provider loaded without a groups still works Ensure we excluse ec2m curves if ec2m is disabled Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" Revert "kdf: make function naming consistent." MiĆosz Kaniewski (1): Free pre_proc_exts in SSL_free() Nicola Tuveri (8): Test genpkey app for EC keygen with various args Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY Run tests in parallel Travis: default to HARNESS_JOBS=4 [test/README.md] minor fix of examples missing the test target [EC][ASN1] Detect missing OID when serializing EC parameters and keys [apps/genpkey] exit status should not be 0 on output errors [test][15-test_genec] Improve EC tests with genpkey Pauli (35): rand: fix CPU and timer sources. rand: include the CPU source in a build. doc: remove reference to the predecessor of SHA-1. rand: fix recursive locking issue. Refactor the EVP_RAND code to make locking issues less likely rand: avoid caching RNG parameters. coverity: CID 1464987: USE AFTER FREE cmp: remove NULL check. coverity 1464984: Null pointer dereferences coverity 1464983: null pointer dereference apps: remove NULL check imn release_engine since ENGINE_free also does it. DRBG: rename the DRBG taxonomy. deprecate engines in 3.0 apps/list: deprecate engine support engine: document the engine app as deprecated apps: document the deprecation of the -engine option doc: deprecate ENGINE documentation Fix indentation for engine.h deprecate engines deprecate engines in SSL deprecate engine tests deprecate engine from public header files apps: deprecate engines deprecate engines in libcrypto deprecate engines in provider code doc: document that the engine initialisation options are deprecated. ENGINESDIR: document that this configuration is deprecated. RAND: document that the ENGINE RAND override is deprecated. Document that the ENGINE_[sg]_ex_data() calls are reprecated. Document that exdata for ENGINES is deprecated. Document that ENGINE_add_conf_module() was deprecated. trace: condition out engine related tracing doc: remove unused engine tracing option libcrypto.num: engine deprecation updates capabilities: make capability selection case insensitive. Rich Salz (4): Initial rewrite of config as a Perl module Add --fips-key configuration parameter to fipsinstall application. Use defaults FIPSKEY if not given on command line Make -provider_name and -section_name optional Richard Levitte (40): TEST: Add TODO segments in test/recipes/15-test_genec.t INSTALL.md: Restore $ as command prompt indicator CORE: Add OPENSSL_CTX_set0_default(), to set a default library context Update NEWS and CHANGES TEST: Add test to exercise OPENSSL_CTX_set0_default() CORE: Add an internal function to distinguish the global default context util/perl/OpenSSL/config.pm: Don't detect removed directories in util/perl/OpenSSL/config.pm: Prefer POSIX::uname() over piping the command Remove OpenSSL::config::main(), it's not necessary util/perl/OpenSSL/config.pm: Rework determining compiler information util/perl/OpenSSL/config.pm, Configure: move check of target with compiler util/perl/OpenSSL/config.pm: refactor map_guess() config: Turn into a simple wrapper util/perl/OpenSSL/config.pm: remove expand() and use eval util/perl/OpenSSL/config.pm: refactor guess_system() Configure: pick up options from older 'config' DOC: Mention Configure consistently Configurations: drop toolchain from configuration targets apps/openssl: clean-up of unused fallback code Configure: Check source and build dir equality a little more thoroughly Configure: fix handling of build.info attributes with value util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries NOTE.WIN: suggest the audetecting configuration variant as well util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ Configuration and build: Fix solaris tags CORE: perform post-condition in algorithm_do_this() under all circumstances ERR: refactor global error codes ERR: special case system errors TEST: fix test/errtest.c SSL: fix misuse of ERR_LIB_SYS TEST: update 02-test_errstr.t to have better tests Makefile template: fix incorrect treatment of produced document files DOC: install documentation without execution permissions. Add and use internal header that implements endianness check BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() Add latest changes and news in CHANGES.md and NEWS.md DRBG: Fix the renamed functions after the EVP_MAC name reversal Update copyright year util/mktar.pl: Change 'VERSION' to 'VERSION.dat' Prepare for release of 3.0 alpha 5 Shane Lontis (12): Fix CID-1464802 Fix CID #1465216 Resource leak in property_fetch Fix CID 1465215 : Explicit null dereferenced (in test) Fix CID 1465214 Resource leak (in file_load.c) Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) Fix CID 1465213: Integer handling issues (evp_extra_test.c) Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fix wrong fipsinstall key used in test Add AES_CBC_CTS ciphers to providers Add FIPS related configuration data to the default openssl application configuration file Todd Short (1): Add SSL_get[01]_peer_certificate() aSoujyuTanaka (4): Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html To generate makefile with correct parameters for WinCE. Enable WinCE build without deceiving _MSC_VER. pedro martelletto (1): doc/man3: fix types taken by HMAC(), HMAC_Update() -----------------------------------------------------------------------