OpenSSL version 3.1.0-alpha1 published
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.1 alpha 1 released OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 3.1 is currently in alpha. OpenSSL 3.1 alpha 1 has now been made available. Note: This OpenSSL pre-release has been provided for testing ONLY. It should NOT be used for security critical purposes. Specific notes on upgrading to OpenSSL 3.1 from previous versions are available in the OpenSSL Migration Guide, here: https://www.openssl.org/docs/man3.0/man7/migration_guide.html The alpha release is available for download via HTTPS and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-3.1.0-alpha1.tar.gz Size: 15343477 SHA1 checksum: 91a7cbcb761c4bb8a460899bccddcbd5d047d3c3 SHA256 checksum: ef10f70023f4e3f701c434db0b4b0c8cfea1e1e473a0eb3c9ccbc5c54f5f5566 The checksums were calculated using the following commands: openssl sha1 openssl-3.1.0-alpha1.tar.gz openssl sha256 openssl-3.1.0-alpha1.tar.gz Please download and check this alpha release as soon as possible. To report a bug, open an issue on GitHub: https://github.com/openssl/openssl/issues Please check the release notes and mailing lists to avoid duplicate reports of known issues. (Of course, the source is also available on GitHub.) Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- iQJGBAEBCAAwFiEE3HAyZir4heL0fyQ/UnRmohynnm0FAmOIqpASHHRvbWFzQG9w ZW5zc2wub3JnAAoJEFJ0ZqIcp55tWrIQAJHT40JekEs3DacHjQrTmGLc56TmzaFD oDp8Md2E0RpX/vuANdIVGB89zGQMag13TPa9CzT1yk7wFBilPoiuapolmo8N0nvF OnMLIQjF+sbsQN0gqchuMKKD98omc1ZNNcijq/GlKM9wH6ey1uHnFAi2aXF4f6ai 2SviauJvHQDgDOe9tFfA5lDF1EdYZt20D46Yc+yJf/zr4MJZFcX2T2qmo+oew6VA djZ+cRPeeNmRXrl5Banqpfcy2iH4N57wvEcM4dtGaGY+4Pwr0H9XN6MxfamGUbLv oSySdFpTagPENPGDBPoRilPSXdapCD5m8Xd2FERM1HF5E1GaemqaQKUYiXbANqL/ SDBftayilhYf+tXg3/22xksZVEkEjFD79M0mj75dn+UgQilOTR/AOdup2imTB7PG 7Cgq2HGz93ppO3kG0iuTS5uc95Gfu9AfkjgfcydA2eZf+rmHAoocm8kpThdxD/a5 avpMudgklyXysmO+2MJ16806Sa27L8N52YTPzy4Zthx/SLR/RA//bXBnlSlguRGw 7+hIDPncmaCfegaI65yq/TgtU9z/OLhNTPmYaUQi3IFtsCrAahZNVYg8qZtnMtgC iaVYQkNZsqE0wSDalgJANJkZUa8VHdh2O3sOBSYbZvHWEiYJJ+9ATgLSLDjiGq0e l9cvtybysQsx =upN5 -END PGP SIGNATURE-
Re: OpenSSL version 3.0.0-alpha1 published
Thanks.. I will take a look. Shane > On 2 May 2020, at 2:20 am, Guido Vranken wrote: > > Reminder that in git master and 3.0.0, CAST5 gives the wrong output: > https://github.com/openssl/openssl/issues/11459 > <https://urldefense.com/v3/__https://github.com/openssl/openssl/issues/11459__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW8-_IyeNA$> > (this proof of concept was made before you moved CAST5 to liblegacy, so just > put OSSL_PROVIDER_load(nullptr, "legacy"); in there to make it work) > > On Thu, Apr 23, 2020 at 4:30 PM OpenSSL <mailto:open...@openssl.org>> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > >OpenSSL version 3.0 alpha 1 released > > >OpenSSL - The Open Source toolkit for SSL/TLS >https://www.openssl.org/ > <https://urldefense.com/v3/__https://www.openssl.org/__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW_5-CyQ9A$> > >OpenSSL 3.0 is currently in alpha. > >OpenSSL 3.0 alpha 1 has now been made available. > >Note: This OpenSSL pre-release has been provided for testing ONLY. >It should NOT be used for security critical purposes. > >Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well >as known issues are available on the OpenSSL Wiki, here: > > https://wiki.openssl.org/index.php/OpenSSL_3.0 > <https://urldefense.com/v3/__https://wiki.openssl.org/index.php/OpenSSL_3.0__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW-bIUG0bA$> > >The alpha release is available for download via HTTPS and FTP from the >following master locations (you can find the various FTP mirrors under >https://www.openssl.org/source/mirror.html > <https://urldefense.com/v3/__https://www.openssl.org/source/mirror.html__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW93LR6hVw$>): > > * https://www.openssl.org/source/ > <https://urldefense.com/v3/__https://www.openssl.org/source/__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW9-9-zFpQ$> > * ftp://ftp.openssl.org/source/ > <https://urldefense.com/v3/__ftp://ftp.openssl.org/source/__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW_pL9OONQ$> > >The distribution file name is: > > o openssl-3.0.0-alpha1.tar.gz > Size: 9530120 > SHA1 checksum: 4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06 > SHA256 checksum: > 9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57 > >The checksums were calculated using the following commands: > > openssl sha1 openssl-3.0.0-alpha1.tar.gz > openssl sha256 openssl-3.0.0-alpha1.tar.gz > >Please download and check this $LABEL release as soon as possible. >To report a bug, open an issue on GitHub: > > https://github.com/openssl/openssl/issues > <https://urldefense.com/v3/__https://github.com/openssl/openssl/issues__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW9kVR-zoA$> > >Please check the release notes and mailing lists to avoid duplicate >reports of known issues. (Of course, the source is also available >on GitHub.) > >Yours, > >The OpenSSL Project Team. > > -BEGIN PGP SIGNATURE- > > iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g > RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk > I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E > cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8 > hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll > Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F > hIr11rxXNxtBRKUSlOUyJATZn0sV6g== > =uRpM > -END PGP SIGNATURE-
Re: OpenSSL version 3.0.0-alpha1 published
Reminder that in git master and 3.0.0, CAST5 gives the wrong output: https://github.com/openssl/openssl/issues/11459 (this proof of concept was made before you moved CAST5 to liblegacy, so just put OSSL_PROVIDER_load(nullptr, "legacy"); in there to make it work) On Thu, Apr 23, 2020 at 4:30 PM OpenSSL wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > >OpenSSL version 3.0 alpha 1 released > > >OpenSSL - The Open Source toolkit for SSL/TLS >https://www.openssl.org/ > >OpenSSL 3.0 is currently in alpha. > >OpenSSL 3.0 alpha 1 has now been made available. > >Note: This OpenSSL pre-release has been provided for testing ONLY. >It should NOT be used for security critical purposes. > >Specific notes on upgrading to OpenSSL 3.0 from previous versions, as > well >as known issues are available on the OpenSSL Wiki, here: > > https://wiki.openssl.org/index.php/OpenSSL_3.0 > >The alpha release is available for download via HTTPS and FTP from the >following master locations (you can find the various FTP mirrors under >https://www.openssl.org/source/mirror.html): > > * https://www.openssl.org/source/ > * ftp://ftp.openssl.org/source/ > >The distribution file name is: > > o openssl-3.0.0-alpha1.tar.gz > Size: 9530120 > SHA1 checksum: 4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06 > SHA256 checksum: > 9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57 > >The checksums were calculated using the following commands: > > openssl sha1 openssl-3.0.0-alpha1.tar.gz > openssl sha256 openssl-3.0.0-alpha1.tar.gz > >Please download and check this $LABEL release as soon as possible. >To report a bug, open an issue on GitHub: > > https://github.com/openssl/openssl/issues > >Please check the release notes and mailing lists to avoid duplicate >reports of known issues. (Of course, the source is also available >on GitHub.) > >Yours, > >The OpenSSL Project Team. > > -BEGIN PGP SIGNATURE- > > iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g > RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk > I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E > cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8 > hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll > Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F > hIr11rxXNxtBRKUSlOUyJATZn0sV6g== > =uRpM > -END PGP SIGNATURE- >
Re: OpenSSL version 3.0.0-alpha1 published
* Windows 10 x64 * GCC 8.3.0 x86_64 $ openssl version -a OpenSSL 3.0.0-alpha1 "23 Apr 2020" (Library: OpenSSL 3.0.0-alpha1 "23 Apr 2020") built on: Fri Apr 24 18:14:53 2020 UTC platform: mingw64 options: bn(64,64) compiler: /mingw/bin/gcc.exe -m64 -DWINVER=0x0501 -D_WIN32_WINNT=0x0501 -D_WIN32_IE=0x0501 -D__PTW32_STATIC_LIB -D__PTW32_CLEANUP_C -m64 -O2 -pipe -mms-bitfields -fno-builtin -march=core2 -mtune=core2 -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN -D_MT -DZLIB -DNDEBUG -I/mingw/x86_64-pc-mingw32/include -I/mingw/x86_64-pc-mingw32/include/directx -I/mingw/include OPENSSLDIR: "C:/OpenSSL" ENGINESDIR: "C:/MinGW/lib/engines-3" MODULESDIR: "C:/MinGW/lib/ossl-modules" Seeding source: os-specific CPUINFO: OPENSSL_ia32cap=0x7ffaf3bfffeb:0x29c67af Some issued found: on.obj crypto/cversion.c In file included from include/openssl/macros.h:11, from include/openssl/opensslconf.h:14, from include/openssl/macros.h:10, from include/openssl/crypto.h:15, from include/internal/cryptlib.h:23, from crypto/cversion.c:10: crypto/cversion.c: In function 'OpenSSL_version': include/openssl/opensslv.h:91:54: error: expected ';' before numeric constant # define OPENSSL_VERSION_TEXT "OpenSSL 3.0.0-alpha1 "23 Apr 2020"" ^~ crypto/cversion.c:50:16: note: in expansion of macro 'OPENSSL_VERSION_TEXT' return OPENSSL_VERSION_TEXT; ^~~~ make[1]: *** [crypto/libcrypto-lib-cversion.obj] Error 1 make[1]: Leaving directory `/src/openssl-3.0.0-alpha1' make: *** [build_sw] Error 2 From: openssl-users on behalf of OpenSSL Sent: Friday, 24 April 2020 12:29 AM To: openssl-project@openssl.org ; OpenSSL User Support ML ; OpenSSL Announce ML Subject: OpenSSL version 3.0.0-alpha1 published -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0 alpha 1 released OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 3.0 is currently in alpha. OpenSSL 3.0 alpha 1 has now been made available. Note: This OpenSSL pre-release has been provided for testing ONLY. It should NOT be used for security critical purposes. Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well as known issues are available on the OpenSSL Wiki, here: https://wiki.openssl.org/index.php/OpenSSL_3.0 The alpha release is available for download via HTTPS and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-3.0.0-alpha1.tar.gz Size: 9530120 SHA1 checksum: 4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06 SHA256 checksum: 9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57 The checksums were calculated using the following commands: openssl sha1 openssl-3.0.0-alpha1.tar.gz openssl sha256 openssl-3.0.0-alpha1.tar.gz Please download and check this $LABEL release as soon as possible. To report a bug, open an issue on GitHub: https://github.com/openssl/openssl/issues Please check the release notes and mailing lists to avoid duplicate reports of known issues. (Of course, the source is also available on GitHub.) Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8 hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F hIr11rxXNxtBRKUSlOUyJATZn0sV6g== =uRpM -END PGP SIGNATURE-
Re: Alpha1
On 22/04/2020 13:53, Matt Caswell wrote: > > > On 22/04/2020 02:46, Benjamin Kaduk wrote: >> On Tue, Apr 21, 2020 at 11:10:19AM +0100, Matt Caswell wrote: >>> The 3.0 developers met via conference call this morning. All the >>> functionality that we had planned for alpha 1 has now been merged, so we >>> are now thinking that we will do the alpha 1 release on Thursday this >>> week. That would imply a repo freeze tomorrow. >>> >>> Thoughts/opinions/objections to this proposal? >> >> Given that the list of required things for alpha 1 are done, it does seem >> appropriate. I know of a couple things that would be bug reports against >> an alpha1 if produced right now, but ... what is an alpha for, if not to >> trigger people to look and file bug reports? :) > > I've seen no objections and everyone seems to be assuming this is > happening, so the repo is now frozen ready for the release tomorrow. The alpha1 release is now done!! Thanks to everyone that has helped to make this happen. We had a number of issues during the release itself - which is not surprising given this is the first of the 3.0 series - but nothing too significant. Thanks to Richard for helping out during the release. Matt
OpenSSL version 3.0.0-alpha1 published
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0 alpha 1 released OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 3.0 is currently in alpha. OpenSSL 3.0 alpha 1 has now been made available. Note: This OpenSSL pre-release has been provided for testing ONLY. It should NOT be used for security critical purposes. Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well as known issues are available on the OpenSSL Wiki, here: https://wiki.openssl.org/index.php/OpenSSL_3.0 The alpha release is available for download via HTTPS and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-3.0.0-alpha1.tar.gz Size: 9530120 SHA1 checksum: 4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06 SHA256 checksum: 9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57 The checksums were calculated using the following commands: openssl sha1 openssl-3.0.0-alpha1.tar.gz openssl sha256 openssl-3.0.0-alpha1.tar.gz Please download and check this $LABEL release as soon as possible. To report a bug, open an issue on GitHub: https://github.com/openssl/openssl/issues Please check the release notes and mailing lists to avoid duplicate reports of known issues. (Of course, the source is also available on GitHub.) Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8 hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F hIr11rxXNxtBRKUSlOUyJATZn0sV6g== =uRpM -END PGP SIGNATURE-
Re: Alpha1
On 22/04/2020 02:46, Benjamin Kaduk wrote: > On Tue, Apr 21, 2020 at 11:10:19AM +0100, Matt Caswell wrote: >> The 3.0 developers met via conference call this morning. All the >> functionality that we had planned for alpha 1 has now been merged, so we >> are now thinking that we will do the alpha 1 release on Thursday this >> week. That would imply a repo freeze tomorrow. >> >> Thoughts/opinions/objections to this proposal? > > Given that the list of required things for alpha 1 are done, it does seem > appropriate. I know of a couple things that would be bug reports against > an alpha1 if produced right now, but ... what is an alpha for, if not to > trigger people to look and file bug reports? :) I've seen no objections and everyone seems to be assuming this is happening, so the repo is now frozen ready for the release tomorrow. Matt
Re: Alpha1
On Tue, Apr 21, 2020 at 11:10:19AM +0100, Matt Caswell wrote: > The 3.0 developers met via conference call this morning. All the > functionality that we had planned for alpha 1 has now been merged, so we > are now thinking that we will do the alpha 1 release on Thursday this > week. That would imply a repo freeze tomorrow. > > Thoughts/opinions/objections to this proposal? Given that the list of required things for alpha 1 are done, it does seem appropriate. I know of a couple things that would be bug reports against an alpha1 if produced right now, but ... what is an alpha for, if not to trigger people to look and file bug reports? :) -Ben
Alpha1
The 3.0 developers met via conference call this morning. All the functionality that we had planned for alpha 1 has now been merged, so we are now thinking that we will do the alpha 1 release on Thursday this week. That would imply a repo freeze tomorrow. Thoughts/opinions/objections to this proposal? Matt
Alpha1 progress
Yesterday a number of us had a teleconference to update our task tracking for the 3.0 release. The current spreadsheet gives us the following dates for the various alpha/beta releases: Alpha1: 2020-04-15 Alpha2: 2020-05-04 Alpha3: 2020-06-10 Beta1: 2020-06-12 Comparing this to the official timeline here: https://www.openssl.org/policies/releasestrat.html Which says: Alpha1: 2020-03-31 Alpha2: 2020-04-21 Alpha3: 2020-05-21 Beta1: 2020-06-02 Until quite recently we were tracking fairly closely to the target dates, but the last week or so has seen us drift out a bit. As can be seen from the above we're about 2 weeks out at the moment. This is primarily due to the key generation work being more complicated and significant than we had anticipated. So, right now, it looks to me like we won't be releasing alpha1 next week as originally planned. Matt