The annotated tag openssl-3.0.0 has been created at d8dd2312cb78029470effab221ec5996892adbbe (tag) tagging 89cd17a031e022211684eb7eb41190cf1910f9fa (commit) replaces openssl-3.0.0-beta2 tagged by Richard Levitte on Tue Sep 7 13:46:40 2021 +0200
- Log ----------------------------------------------------------------- OpenSSL 3.0.0 release tag -----BEGIN PGP SIGNATURE----- iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w== =pGf9 -----END PGP SIGNATURE----- Amir Mohammadi (2): Fix ipv4_from_asc behavior on invalid Ip addresses Fix test case for a2i_IPADDRESS Beat Bolli (3): doc: use the documented =item markers doc: replace markdown backticks with perlpod syntax doc: fix a mistyped "=item" perldoc marker Bernd Edlinger (3): Fix the array size of dtlsseq in tls1_enc Avoid using undefined value in generate_stateless_cookie_callback Fix the "Out of memory" EVP KDF scrypt test Billy Brumley (1): [doc/man3] documentation: BN_cmp manpage updates Christian Heimes (1): Test case for a2i_IPADDRESS Daniel Bevenius (1): Fix indentation of tls13_hkdf_expand parameters Daniel Krügler (1): Ensure that _GNU_SOURCE is defined for bss_dgram.c David Bohman (1): MacOS: Add an include of <CommonCrypto/CommonCryptoError.h> David Carlier (1): Darwin platform allows to build on releases before Yosemite/ios 8. Dmitry Belyavskiy (6): If we have passed the private key, don't copy it implicitly Document necessary error code processing Omitted signature_algorithms extension alerts updated Disclaimer about the default provider activation added to config Get rid of warn_binary Adjust the list of default provider's algorithms Dr. David von Oheimb (7): apps/pkeyutl.c: call ERR_print_errors() on all errors, including Signature Verification Failure Fix CMP app TLS connection not respecting vpm options like -crl_check APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL CMS app: Fix new -wrap option APPS/x509: fix -extfile option, which was ignored with -x509toreq APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509 APPS/req: Fix AKID generation in case -CA option is used Ingo Franzki (2): s390x: AES OFB/CFB: Maintain running IV from cipher context Test EVP Cipher updating the context's IV Jaime Hablutzel (1): Typo correction. Kelvin Lee (1): Fix VS2019 compile error C4703: potentially uninitialized local pointer variable used. Matt Caswell (25): Prepare for 3.0 beta 3 Fix i2v_GENERAL_NAME to not assume NUL terminated strings Fix POLICYINFO printing to not assume NUL terminated strings Fix GENERAL_NAME_print to not assume NUL terminated strings Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings Fix the name constraints code to not assume NUL terminated strings Fix CMP code to not assume NUL terminated strings Fix test code to not assume NUL terminated strings Fix append_ia5 function to not assume NUL terminated strings Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings Fix EC_GROUP_new_from_ecparameters to check the base length Allow fuzz builds to detect string overruns Fix the error handling in i2v_AUTHORITY_KEYID Correctly calculate the length of SM2 plaintext given the ciphertext Extend tests for SM2 decryption Check the plaintext buffer is large enough when decrypting SM2 Updates CHANGES.md and NEWS.md for new 1.1.1 release When activating providers via config check we've not already activated them Add locking for the provider_conf.c Add a test for running the config twice Add commentary about lock usage in provider_core.c Refactor provider_core.c to adhere to the locking rules Add a warning about locking in the child provider callback docs Ensure that we check the ASN.1 type of an "otherName" before using it Add a test for verifying an email with a bad othername type Mattias Ellert (1): Openssl fails to compile on Debian with kfreebsd kernels (kfreebsd-amd64, kfreebsd-i386). The error reported by the compiler is: Nicola Tuveri (4): Add tests for i2d_TYPE_fp and d2i_TYPE_fp Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID Use applink to fix windows tests Omair Majid (1): Fix documentation referring to 'function code' PW Hu (4): EVP_PKEY_gettable_params.pod: Update argument names imporve documentation fix documentation error caused by commit 9067cf6ccdce0a73922f06937e54c2fce2752038 fix documentation error caused by commit 6882652e65d39310c98ba506ceb55a87c702d419 Paul Dreik (1): Avoid invoking memcpy if size is zero or the supplied buffer is NULL Pauli (36): demo: add GMAC demonstration program doc: document that config_diagnostics is sensible but involves risk changes: remove duplicate entry Add config_diagnostics to our configuration files. ci: separate the config dump from the configuration command ci: specific gcc explicitly on the basic-gcc CI build CI: remove spurious blank lines doc: add missing link directive in X942 KDF tls/prov: move the TLS 1.3 KDF code to providers provider: add TLS13_KDF to the default and FIPS providers doc: add documentation for TLS13_KDF doc: add links to new KDF doc: reorder the string and int extract/expand param values doc: add TLS 1.3 KDF to the FIPS provider list of algorithms. fips: add power up test for TLS 1.3 KDF update doc/build.info test: add test cases for TLS 1.3 KDF evp_test: add TLS 1.3 KDF test suite ctrls: add missing control string translation for key -> priv for HMAC test: add -macopt hexkey: to dgst command tests doc: Fix ECX FIPS documentation doc: remove errant claim that these are not FIPS okay genpkey: -quiet doesn't take an argument pkcs12: check for zero length digest to avoid division by zero doc: remove errant blank line to appease doc-nits sm2: fix error raise to not fail make update cpp: fix included files to avoid failure in no-deprecated builds news/changes: fix formatting nits test: add unit tests for TDES key wrap changes: add note about 3DES key wrap matching the standard Add invalid input length error aes-wrap: improve error handling doc: document the rsa_oaep_md: pkeyopt CI: add builds covering a number of different compiler versions Add additional test to thread sanitizer build CI: add last run-checker fuzzing CIs to Actions Rich Salz (4): Minor doc enhancements to INSTALL.md Set KERNEL_BITS, add CONFIG_NOWAIT Replace CONFIG_NOWAIT env var with -w option Yet another doc-nits fix Richard Levitte (24): Correct UTF8 params documentation further EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negative util/add-depends.pl: Only add dependencies on existing or generated headers util/add-depends.pl: Rebuild the build file after reconfiguration VMS: Correct faulty source directory specification Add multilib to the NonStop configuration definitions. VMS: Compensate for x86_64 cross compiler type incompatibility DECODER: check the first decoded structure name against user given structure PEM to DER decoder: Specify object type and data structure more consistently OSSL_STORE 'file:' scheme: Set input structure for certificates and CRLs Adjust test/endecoder_test.c ENCODER PROV: Add encoders with EncryptedPrivateKeyInfo output test/recipes/25-test_verify.t: Add a couple of tests of mixed PEM files Configuration: support building for OpenVMS for x86_64 Fix a few tests that fail on VMS Correct the "Out of memory" EVP tests Add missing OSSL_DECODER entry in NEWS.md and CHANGES.md Added a NEWS entry about the enhanced 'openssl list' Mention the concept of providers in NEWS.md and CHANGES.md Update copyright year dev/release.sh: Adjust release branch names to votes make update Prepare for release of 3.0.0 Shane Lontis (5): Allow small RSA exponents in the default provider Refactor cipher aes_cts code so that it can be used by other 128bit ciphers Add support for camellia cbc cts mode Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block Fix CTS cipher decrypt so that the updated IV is returned correctly. Tanzinul Islam (1): Redefine getpid() -> _getpid() only for MSVC Tianjia Zhang (1): apps/ciphers: Fix wrong return value when using -convert parameter Todd Short (4): Add missing SSL_OP flags Sort SSL_OP names in documentation Fix potential double-free Fix state name abbreviation Tomas Mraz (23): Windows, VMS: Do install_fips on install if fips is enabled Use copy.pl to install the fips module on Windows Prevent recursive call of OPENSSL_INIT_LOAD_CONFIG Add oid_section to sysdefault.cnf to test adding new oids req: Avoid segfault when -modulus is used cms: Do not try to check binary format on stdin cms: Fix handling of -rctform option X509_STORE_CTX_get_error: Fix some minor documentation issues Avoid freeing the conf lhashes in X509_V3_EXT*_add_conf aes_v8_xts_encrypt is present only on 64bit arm builds Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen dsatest: Properly detect failure in generate/sign/verify EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable Add documentation about the multilib postfix and libdir Correct documentation errors in regards to UTF8 params Multiple fixes for getting pub key from legacy DH PKEY rsa: Try legacy encoding functions for pubkey EVP_DigestSign/VerifyFinal: Duplicate the pctx to allow multiple calls doc: Add note about operation parameters validation Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING Last minute NEWS and CHANGES entries for the 3.0 release Xiaofei Bai (1): Fix libdir path on darwin Zengit (1): Add a clarification to NOTES-UNIX.md a1346054 (1): always use the same perl in $PATH slontis (5): Document that EVP_get_cipherbyname() does not work for some new algorithm names. Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE Fix double free in EVP_PKEY_CTX_dup() Fix dh dupctx refcount error Add KEM dupctx test yangyangtiantianlonglong (1): Fix dtls timeout dead code zhaozg (2): ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint cms: fix memleaks in cms_env.c -----------------------------------------------------------------------