[openssl] master update
The branch master has been updated via 994fa5f9861df94c07699cb118ad5c5470a868b2 (commit) from a04b06573e2b3c6a5c703a60bd95354c6c6e91dc (commit) - Log - commit 994fa5f9861df94c07699cb118ad5c5470a868b2 Author: Zengit Date: Tue Aug 24 05:06:04 2021 +0300 Socket now displays what address it is connecting to CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16392) --- Summary of changes: apps/lib/s_socket.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index dbeebb54c5..1dd30ac724 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -172,6 +172,8 @@ int init_client(int *sock, const char *host, const char *port, break; } +BIO_printf(bio_out, "Connecting to %s\n", BIO_ADDR_hostname_string(BIO_ADDRINFO_address(ai), 1)); + if (*sock == INVALID_SOCKET) { if (bindaddr != NULL && !found) { BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 2e5cdbc18a1a26bfc817070a52689886fa0669c2 (commit) from ed96022218e71efcf50c69cd6997ed85a2c37ffe (commit) - Log - commit 2e5cdbc18a1a26bfc817070a52689886fa0669c2 Author: Richard Levitte Date: Mon Sep 6 13:40:43 2021 +0200 VMS: Compensate for compiler type incompatibility The compiler says that 'unsigned long long' isn't the same as 'unsigned __int64'. Sure, and considering that crypto/rand/rand_vms.c is specific VMS only code, it's easy to just change the type to the exact same as what's specified in the system headers. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15613) --- Summary of changes: crypto/rand/rand_vms.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index 61c2f10299..fe516c3ca5 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -484,7 +484,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) struct { pid_t pid; CRYPTO_THREAD_ID tid; -uint64_t time; +unsigned __int64_t time; } data = { 0 }; /* @@ -582,7 +582,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool) { struct { CRYPTO_THREAD_ID tid; -uint64_t time; +unsigned __int64_t time; } data = { 0 }; /*
[web] master update
The branch master has been updated discards 4c6dea4a88da460e9bc58b24b13b0e4133465334 (commit) via 79ff40e1b146b57350bbcafa7f245eb8254436b4 (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (4c6dea4a88da460e9bc58b24b13b0e4133465334) \ N -- N -- N (79ff40e1b146b57350bbcafa7f245eb8254436b4) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. - Log - commit 79ff40e1b146b57350bbcafa7f245eb8254436b4 Author: Richard Levitte Date: Tue Sep 7 22:38:28 2021 +0200 Correct mansidebar.html reference --- Summary of changes: docs/sub-index.html.tt | 2 +- docs/sub-man1-index.html.tt | 2 +- docs/sub-man3-index.html.tt | 2 +- docs/sub-man5-index.html.tt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sub-index.html.tt b/docs/sub-index.html.tt index f1ade79..0b02457 100644 --- a/docs/sub-index.html.tt +++ b/docs/sub-index.html.tt @@ -31,7 +31,7 @@ - + diff --git a/docs/sub-man1-index.html.tt b/docs/sub-man1-index.html.tt index e6a4b5d..2894fcf 100644 --- a/docs/sub-man1-index.html.tt +++ b/docs/sub-man1-index.html.tt @@ -34,7 +34,7 @@ - + diff --git a/docs/sub-man3-index.html.tt b/docs/sub-man3-index.html.tt index 57cfd04..48b21c7 100644 --- a/docs/sub-man3-index.html.tt +++ b/docs/sub-man3-index.html.tt @@ -36,7 +36,7 @@ - + diff --git a/docs/sub-man5-index.html.tt b/docs/sub-man5-index.html.tt index 2517295..28ebb0f 100644 --- a/docs/sub-man5-index.html.tt +++ b/docs/sub-man5-index.html.tt @@ -29,7 +29,7 @@ - +
[web] master update
The branch master has been updated discards 72f1e7fb3cd96308b336baf78b325d088652f426 (commit) via 4c6dea4a88da460e9bc58b24b13b0e4133465334 (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (72f1e7fb3cd96308b336baf78b325d088652f426) \ N -- N -- N (4c6dea4a88da460e9bc58b24b13b0e4133465334) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. - Log - commit 4c6dea4a88da460e9bc58b24b13b0e4133465334 Author: Richard Levitte Date: Tue Sep 7 22:38:28 2021 +0200 Correct mansidebar.html reference --- Summary of changes: docs/sub-index.html.tt | 2 +- docs/sub-man1-index.html.tt | 2 +- docs/sub-man3-index.html.tt | 2 +- docs/sub-man5-index.html.tt | 2 +- docs/sub-man7-index.html.tt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/sub-index.html.tt b/docs/sub-index.html.tt index b0b3bb3..f1ade79 100644 --- a/docs/sub-index.html.tt +++ b/docs/sub-index.html.tt @@ -31,7 +31,7 @@ - + diff --git a/docs/sub-man1-index.html.tt b/docs/sub-man1-index.html.tt index d213130..e6a4b5d 100644 --- a/docs/sub-man1-index.html.tt +++ b/docs/sub-man1-index.html.tt @@ -34,7 +34,7 @@ - + diff --git a/docs/sub-man3-index.html.tt b/docs/sub-man3-index.html.tt index 03aee4f..57cfd04 100644 --- a/docs/sub-man3-index.html.tt +++ b/docs/sub-man3-index.html.tt @@ -36,7 +36,7 @@ - + diff --git a/docs/sub-man5-index.html.tt b/docs/sub-man5-index.html.tt index 9cc6826..2517295 100644 --- a/docs/sub-man5-index.html.tt +++ b/docs/sub-man5-index.html.tt @@ -29,7 +29,7 @@ - + diff --git a/docs/sub-man7-index.html.tt b/docs/sub-man7-index.html.tt index 74c6119..799772a 100644 --- a/docs/sub-man7-index.html.tt +++ b/docs/sub-man7-index.html.tt @@ -29,7 +29,7 @@ - +
[web] master update
The branch master has been updated via 72f1e7fb3cd96308b336baf78b325d088652f426 (commit) from 0d901a188206337f6b05aaa8030d077ce2cba6a7 (commit) - Log - commit 72f1e7fb3cd96308b336baf78b325d088652f426 Author: Richard Levitte Date: Tue Sep 7 22:38:28 2021 +0200 Correct mansidebar.html reference --- Summary of changes: Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b9b0d4d..a271213 100644 --- a/Makefile +++ b/Makefile @@ -60,7 +60,7 @@ SIMPLE = newsflash.inc sitemap.txt \ docs/OpenSSLStrategicArchitecture.html \ docs/OpenSSL300Design.html \ docs/manpages.html \ -docs/mansidebar.shtml \ +docs/mansidebar.html \ news/changelog.html \ $(foreach S,$(SERIES),news/openssl-$(S)-notes.inc) \ $(foreach S,$(SERIES),news/openssl-$(S)-notes.html) \
[web] master update
The branch master has been updated via 0d901a188206337f6b05aaa8030d077ce2cba6a7 (commit) via 47495e47d7291a0aeb8f47d1dbbad044b61f3b84 (commit) from 773282bef044fc98ba75b0f7626eb765b0177b90 (commit) - Log - commit 0d901a188206337f6b05aaa8030d077ce2cba6a7 Author: Richard Levitte Date: Fri Sep 3 17:14:50 2021 +0200 Add dependency on Makefile on all other targets that use |releases| Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/258) commit 47495e47d7291a0aeb8f47d1dbbad044b61f3b84 Author: Richard Levitte Date: Fri Sep 3 17:08:51 2021 +0200 Make the manpage sidebar generated from template Since this is another file where the contents depend on what we release, we make this a template alongside all other templates, which do their thing from the definition of |releases|. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/258) --- Summary of changes: Makefile| 13 + inc/mansidebar.shtml => docs/mansidebar.html.tt | 5 +++-- 2 files changed, 12 insertions(+), 6 deletions(-) rename inc/mansidebar.shtml => docs/mansidebar.html.tt (57%) diff --git a/Makefile b/Makefile index 6aba02c..b9b0d4d 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,7 @@ SIMPLE = newsflash.inc sitemap.txt \ docs/OpenSSLStrategicArchitecture.html \ docs/OpenSSL300Design.html \ docs/manpages.html \ +docs/mansidebar.shtml \ news/changelog.html \ $(foreach S,$(SERIES),news/openssl-$(S)-notes.inc) \ $(foreach S,$(SERIES),news/openssl-$(S)-notes.html) \ @@ -195,9 +196,13 @@ manpages: $(foreach S,$(MANSERIES),man-apropos-$(S) man-index-$(S)) mancross: ./bin/mk-mancross master $(SERIES) -docs/manpages.html: docs/manpages.html.tt +docs/manpages.html: docs/manpages.html.tt Makefile bin/from-tt @rm -f $@ - ./bin/from-tt releases='master $(SERIES)' docs/manpages.html.tt + ./bin/from-tt releases='master $(SERIES)' $< + +docs/mansidebar.html: docs/mansidebar.html.tt Makefile bin/from-tt + @rm -f $@ + ./bin/from-tt releases='master $(SERIES)' $< ## ## @@ -235,7 +240,7 @@ news/changelog.inc: news/changelog.md bin/mk-changelog @rm -f $@ (echo 'Table of contents'; sed -e '1,/^OpenSSL Releases$$/d' < $<) \ | pandoc -t html5 -f commonmark | ./bin/post-process-html5 >$@ -news/changelog.html: news/changelog.html.tt news/changelog.inc +news/changelog.html: news/changelog.html.tt news/changelog.inc Makefile bin/from-tt @rm -f $@ ./bin/from-tt 'releases=$(SERIES)' $< # Additionally, make news/changelog.html depend on clxy[z].txt, where xy[z] @@ -361,7 +366,7 @@ endef # remains named 'fips' $(foreach S,fips $(SERIES) $(OLDSERIES2),$(eval $(call mkoldsourceindex,$(S),$(patsubst fips,FIPS,$(S) -source/old/index.html: source/old/index.html.tt bin/from-tt +source/old/index.html: source/old/index.html.tt Makefile bin/from-tt @rm -f $@ ./bin/from-tt releases='$(SERIES) $(OLDSERIES2) fips' $< diff --git a/inc/mansidebar.shtml b/docs/mansidebar.html.tt similarity index 57% rename from inc/mansidebar.shtml rename to docs/mansidebar.html.tt index b6c4293..6237fb8 100644 --- a/inc/mansidebar.shtml +++ b/docs/mansidebar.html.tt @@ -3,8 +3,9 @@ Manpages - master - 1.1.1 +[% FOREACH release IN releases.split('\s+') -%] + [% release %] +[% END -%]
Build completed: openssl master.42676
Build openssl master.42676 completed Commit 1e7479e8a4 by Richard Levitte on 9/7/2021 8:56 AM: Correct the "Out of memory" EVP tests Configure your notification preferences
Build failed: openssl openssl-3.0.42675
Build openssl openssl-3.0.42675 failed Commit 437d420221 by Richard Levitte on 9/7/2021 8:55 AM: Correct the "Out of memory" EVP tests Configure your notification preferences
[openssl] master update
The branch master has been updated via a04b06573e2b3c6a5c703a60bd95354c6c6e91dc (commit) from a4ffb33ea8b7bcf04b8181dafce7ac512081d0ab (commit) - Log - commit a04b06573e2b3c6a5c703a60bd95354c6c6e91dc Author: PW Hu Date: Fri Sep 3 17:50:40 2021 +0800 crypto/bio/bss_bio.c/bio_write: improve border check CLA:trivial Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16503) --- Summary of changes: crypto/bio/bss_bio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 7fa8778cae..92dd262309 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -273,7 +273,7 @@ static int bio_write(BIO *bio, const char *buf, int num_) BIO_clear_retry_flags(bio); -if (!bio->init || buf == NULL || num == 0) +if (!bio->init || buf == NULL || num_ <= 0) return 0; b = bio->ptr;
[openssl] master update
The branch master has been updated via a4ffb33ea8b7bcf04b8181dafce7ac512081d0ab (commit) from a8d9bd8114510d3a1708da3922f07e7f707674bc (commit) - Log - commit a4ffb33ea8b7bcf04b8181dafce7ac512081d0ab Author: Rich Salz Date: Mon Aug 16 17:31:59 2021 -0400 Use '[option...]' not '[[ options ]]' in text Looks more like manpage format. :) Also remove `{{..}}` notation and rewrite around it. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/16329) --- Summary of changes: INSTALL.md | 33 - util/perl/OpenSSL/config.pm | 4 ++-- 2 files changed, 14 insertions(+), 23 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 5d53cef1aa..70eb8da1ed 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -120,21 +120,11 @@ represents one of the four commands Arguments - -**Mandatory arguments** are enclosed in double curly braces. -A simple example would be +**Optional Arguments** are enclosed in square brackets. -$ type {{ filename }} +[option...] -which is to be understood to use the command `type` on some file name -determined by the user. - -**Optional Arguments** are enclosed in double square brackets. - -[[ options ]] - -Note that the notation assumes spaces around `{`, `}`, `[`, `]`, `{{`, `}}` and -`[[`, `]]`. This is to differentiate from OpenVMS directory -specifications, which also use [ and ], but without spaces. +A trailing ellipsis means that more than one could be specified. Quick Installation Guide @@ -1155,15 +1145,15 @@ the same. Unix / Linux / macOS -$ ./Configure [[ options ]] +$ ./Configure [options...] OpenVMS -$ perl Configure [[ options ]] +$ perl Configure [options...] Windows -$ perl Configure [[ options ]] +$ perl Configure [options...] ### Manual Configuration @@ -1185,12 +1175,13 @@ When you have identified your system (and if necessary compiler) use this name as the argument to `Configure`. For example, a `linux-elf` user would run: -$ ./Configure linux-elf [[ options ]] +$ ./Configure linux-elf [options...] ### Creating your own Configuration If your system isn't listed, you will have to create a configuration -file named `Configurations/{{ something }}.conf` and add the correct +file named `Configurations/YOURFILENAME.conf` (replace `YOURFILENAME` +with a filename of your choosing) and add the correct configuration for your system. See the available configs as examples and read [Configurations/README.md](Configurations/README.md) and [Configurations/README-design.md](Configurations/README-design.md) @@ -1214,21 +1205,21 @@ directory and invoking the configuration commands from there. $ mkdir /var/tmp/openssl-build $ cd /var/tmp/openssl-build -$ /PATH/TO/OPENSSL/SOURCE/Configure [[ options ]] +$ /PATH/TO/OPENSSL/SOURCE/Configure [options...] OpenVMS example $ set default sys$login: $ create/dir [.tmp.openssl-build] $ set default [.tmp.openssl-build] -$ perl D:[PATH.TO.OPENSSL.SOURCE]Configure [[ options ]] +$ perl D:[PATH.TO.OPENSSL.SOURCE]Configure [options...] Windows example $ C: $ mkdir \temp-openssl $ cd \temp-openssl -$ perl d:\PATH\TO\OPENSSL\SOURCE\Configure [[ options ]] +$ perl d:\PATH\TO\OPENSSL\SOURCE\Configure [options...] Paths can be relative just as well as absolute. `Configure` will do its best to translate them to relative paths whenever possible. diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index 7250791b5b..d8be17cdc5 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -473,7 +473,7 @@ EOF if ( $ISA64 == 1 && $KERNEL_BITS eq '' ) { print < "darwin64-x86_64" };
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via ed96022218e71efcf50c69cd6997ed85a2c37ffe (commit) from 09126044f0120b0039b13365b30465d4b6d0f8f0 (commit) - Log - commit ed96022218e71efcf50c69cd6997ed85a2c37ffe Author: Richard Levitte Date: Mon Sep 6 11:26:56 2021 +0200 test/ec_internal_test: link with libapps.a too Whenever the source from $target{apps_init_src} is added to the source of a test program, it needs to be linked with libapps.a as well. Some init sources depend on that. Without this, builds break on VMS because of the unresolved symbol 'app_malloc'. On platforms that do not need anything from libapps.a, adding it is a no-op. This is for OpenSSL 1.1.1 only. OpenSSL 3.0 and beyond have a different solution. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16512) --- Summary of changes: test/build.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/build.info b/test/build.info index 6357a7f2fe..726bd22127 100644 --- a/test/build.info +++ b/test/build.info @@ -519,7 +519,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN {- rebase_files("../apps", split(/\s+/, $target{apps_init_src})) -} INCLUDE[ec_internal_test]=../include ../crypto/ec -DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a +DEPEND[ec_internal_test]=../apps/libapps.a ../libcrypto.a libtestutil.a SOURCE[curve448_internal_test]=curve448_internal_test.c INCLUDE[curve448_internal_test]=.. ../include ../crypto/ec/curve448
[web] master update
The branch master has been updated via 773282bef044fc98ba75b0f7626eb765b0177b90 (commit) from 69a1d25579c6a8a5787ac30969caf9f69909c89f (commit) - Log - commit 773282bef044fc98ba75b0f7626eb765b0177b90 Author: Richard Levitte Date: Tue Sep 7 14:16:54 2021 +0200 Update newsflash for OpenSSL 3.0.0 --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index e8718a1..7c8a166 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +07-Sep-2021: Final version of OpenSSL 3.0.0 is now available: please download and upgrade! 24-Aug-2021: Security Advisory: two security fixes 24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes 29-Jul-2021: Beta 2 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it
[web] master update
The branch master has been updated via 69a1d25579c6a8a5787ac30969caf9f69909c89f (commit) from d0614db41e68ab5e2a739cf01436a01ea3f96d7a (commit) - Log - commit 69a1d25579c6a8a5787ac30969caf9f69909c89f Author: Matt Caswell Date: Thu Sep 2 14:05:19 2021 +0100 Miscellaneous updates for the 3.0 release Update various pieces of text on the website to refer to 3.0 correctly. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/257) --- Summary of changes: docs/fips.html | 15 +- docs/index.html | 79 + docs/sidebar.shtml | 2 +- source/index.html | 36 +--- source/license.html | 6 ++-- 5 files changed, 69 insertions(+), 69 deletions(-) diff --git a/docs/fips.html b/docs/fips.html index 7bbce9c..1a8cd38 100644 --- a/docs/fips.html +++ b/docs/fips.html @@ -10,8 +10,13 @@ FIPS-140 - The current validation of a cryptographic - module (Module) compatible with the OpenSSL 1.0.2 +Note that this page contains historic information about our legacy + OpenSSL FIPS Object Module (FOM) 2.0. For information about the OpenSSL + FOM 3.0 refer to + https://www.openssl.org/docs/man3.0/man7/fips_module.html;>the FIPS module manual page + + The most recent validation of a cryptographic + module (Module) compatible with OpenSSL 1.0.2 is v2.0.16, FIPS 140-2 certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747. This Module is documented in the @@ -32,10 +37,6 @@ The OpenSSL project is no longer maintaining either the 1747 or the 2398 module. This includes adding platforms to those validations. -We are starting work on a new validation, after the 1.1.1 -release completes. -That module will have a small set of validated operational -environments. The OpenSSL project is no longer involved in private label validations nor adding platforms to the existing certificates. @@ -69,7 +70,7 @@ API can be converted to use validated cryptography with minimal effort. - The OpenSSL FIPS Object Module validation is "delivered" in + The OpenSSL FIPS Object Module 2.0 validation is "delivered" in source code form, meaning that if you can use it exactly as is and can build it (according to the very specific documented instructions) for your platform, then you can use it as diff --git a/docs/index.html b/docs/index.html index 16b7bf4..501b1fb 100644 --- a/docs/index.html +++ b/docs/index.html @@ -8,48 +8,43 @@ - - Documentation - - - We have a - Strategic - Architecture for the development of OpenSSL from - 3.0.0 and going forward, as well as a - design for 3.0.0 (draft) - specifically. - - - The - frequently-asked questions (FAQ) -is available. - - Information about the first-ever open source - FIPS-140 validation is also - available. - -The manual pages for all -supported -releases are available. There are still problems with some -of the links; thanks for your understanding. - - Ivan Risti, the creator of - https://ssllabs.com;>https://ssllabs.com, - has a free download of his OpenSSL Cookbook - that covers the most frequently used OpenSSL features - and commands. It is updated often, and is available - at - https://www.feistyduck.com/books/openssl-cookbook/;>https://www.feistyduck.com/books/openssl-cookbook/. - It is highly recommended. - - - - You are here: Home - : Documentation - Sitemap - - + + Documentation + +The +frequently-asked questions (FAQ) page is +available. + +A good starting point for understanding some of the key +concepts in OpenSSL 3.0 is the libcrypto +https://www.openssl.org/docs/man3.0/man7/crypto.html;>manual page. +Information and notes about migrating existing applications to OpenSSL +3.0 are available in the +https://www.openssl.org/docs/man3.0/man7/migration_guide.html;>OpenSSL 3.0 Migration Guide + +The manual pages for all supported +releases are available.
[openssl] openssl-3.0.0 create
The annotated tag openssl-3.0.0 has been created at d8dd2312cb78029470effab221ec5996892adbbe (tag) tagging 89cd17a031e022211684eb7eb41190cf1910f9fa (commit) replaces openssl-3.0.0-beta2 tagged by Richard Levitte on Tue Sep 7 13:46:40 2021 +0200 - Log - OpenSSL 3.0.0 release tag -BEGIN PGP SIGNATURE- iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w== =pGf9 -END PGP SIGNATURE- Amir Mohammadi (2): Fix ipv4_from_asc behavior on invalid Ip addresses Fix test case for a2i_IPADDRESS Beat Bolli (3): doc: use the documented =item markers doc: replace markdown backticks with perlpod syntax doc: fix a mistyped "=item" perldoc marker Bernd Edlinger (3): Fix the array size of dtlsseq in tls1_enc Avoid using undefined value in generate_stateless_cookie_callback Fix the "Out of memory" EVP KDF scrypt test Billy Brumley (1): [doc/man3] documentation: BN_cmp manpage updates Christian Heimes (1): Test case for a2i_IPADDRESS Daniel Bevenius (1): Fix indentation of tls13_hkdf_expand parameters Daniel Krügler (1): Ensure that _GNU_SOURCE is defined for bss_dgram.c David Bohman (1): MacOS: Add an include of David Carlier (1): Darwin platform allows to build on releases before Yosemite/ios 8. Dmitry Belyavskiy (6): If we have passed the private key, don't copy it implicitly Document necessary error code processing Omitted signature_algorithms extension alerts updated Disclaimer about the default provider activation added to config Get rid of warn_binary Adjust the list of default provider's algorithms Dr. David von Oheimb (7): apps/pkeyutl.c: call ERR_print_errors() on all errors, including Signature Verification Failure Fix CMP app TLS connection not respecting vpm options like -crl_check APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL CMS app: Fix new -wrap option APPS/x509: fix -extfile option, which was ignored with -x509toreq APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509 APPS/req: Fix AKID generation in case -CA option is used Ingo Franzki (2): s390x: AES OFB/CFB: Maintain running IV from cipher context Test EVP Cipher updating the context's IV Jaime Hablutzel (1): Typo correction. Kelvin Lee (1): Fix VS2019 compile error C4703: potentially uninitialized local pointer variable used. Matt Caswell (25): Prepare for 3.0 beta 3 Fix i2v_GENERAL_NAME to not assume NUL terminated strings Fix POLICYINFO printing to not assume NUL terminated strings Fix GENERAL_NAME_print to not assume NUL terminated strings Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings Fix the name constraints code to not assume NUL terminated strings Fix CMP code to not assume NUL terminated strings Fix test code to not assume NUL terminated strings Fix append_ia5 function to not assume NUL terminated strings Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings Fix EC_GROUP_new_from_ecparameters to check the base length Allow fuzz builds to detect string overruns Fix the error handling in i2v_AUTHORITY_KEYID Correctly calculate the length of SM2 plaintext given the ciphertext Extend tests for SM2 decryption Check the plaintext buffer is large enough when decrypting SM2 Updates CHANGES.md and NEWS.md for new 1.1.1 release When activating providers via config check we've not already activated them Add locking for the provider_conf.c Add a test for running the config twice Add commentary about lock usage in provider_core.c Refactor provider_core.c to adhere to the locking rules Add a warning about locking in the child provider callback docs Ensure that we check the ASN.1 type of an "otherName" before using it Add a test for verifying an email with a bad othername type Mattias Ellert (1): Openssl fails to compile on Debian with kfreebsd kernels (kfreebsd-amd64, kfreebsd-i386). The error reported by the compiler is: Nicola Tuveri (4): Add tests for i2d_TYPE_fp and d2i_TYPE_fp Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID Use applink to fix windows tests Omair Majid (1): Fix documentation referring to 'function code' PW Hu (4): EVP_PKEY_gettable_params.pod: Update argument names imporve documentation fix documentation error caused by commit 9067cf6ccdce0a73922f06937e54c2fce2752038 fix documentation error caused by commit 6882652e65d39310c98ba506ceb55a87c702d419
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 50a0298a71fe2cdd5fc7f4e71c1deb1d4e901f1e (commit) via 89cd17a031e022211684eb7eb41190cf1910f9fa (commit) via ef8d663699776d9b45f0d5aa1c0d00855b840bed (commit) from b933c390cccdb69be09ed9738770368fe7cd1eb4 (commit) - Log - commit 50a0298a71fe2cdd5fc7f4e71c1deb1d4e901f1e Author: Richard Levitte Date: Tue Sep 7 13:47:29 2021 +0200 Prepare for 3.0.1 Reviewed-by: Tomas Mraz commit 89cd17a031e022211684eb7eb41190cf1910f9fa Author: Richard Levitte Date: Tue Sep 7 13:46:32 2021 +0200 Prepare for release of 3.0.0 Reviewed-by: Tomas Mraz commit ef8d663699776d9b45f0d5aa1c0d00855b840bed Author: Richard Levitte Date: Tue Sep 7 13:46:24 2021 +0200 make update Reviewed-by: Tomas Mraz --- Summary of changes: CHANGES.md | 6 +- NEWS.md | 6 +- VERSION.dat | 4 ++-- providers/fips-sources.checksums | 44 providers/fips.checksum | 2 +- providers/fips.module.sources| 4 ++-- 6 files changed, 37 insertions(+), 29 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 00d9246274..6177b57c2e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -28,7 +28,11 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod -### Changes between 1.1.1 and 3.0 [xx XXX ] +### Changes between 3.0.0 and 3.0.1 [xx XXX ] + + * + +### Changes between 1.1.1 and 3.0.0 [7 sep 2021] * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now deprecated. diff --git a/NEWS.md b/NEWS.md index cec9cd48e0..f3dde1a2f7 100644 --- a/NEWS.md +++ b/NEWS.md @@ -18,7 +18,11 @@ OpenSSL Releases OpenSSL 3.0 --- -### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] +### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [under development] + + * + +### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [7 sep 2021] * Enhanced 'openssl list' with many new options. * Added migration guide to man7. diff --git a/VERSION.dat b/VERSION.dat index d5c6836ce5..ec88dfb703 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=0 -PRE_RELEASE_TAG=beta3-dev +PATCH=1 +PRE_RELEASE_TAG=dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3 diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 37fff3a49d..afa31bf80c 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -188,7 +188,7 @@ b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_ 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c 847e039a249a1f9af42dfc6427de2ad4925f1116f86619dd420cf8cec9d3bbfe crypto/evp/digest.c 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c -bd8cdd250f64cc314133a1c3cdef8eba3de5a40f1a9ef1d26729c5361690a368 crypto/evp/evp_enc.c +37b5e0bdb30a24c925a26f818828fd3b4ab4c1725f84797260556c0f47f2b76d crypto/evp/evp_enc.c 363dda606a23f1cbb6eefc713903bb353b8fc8661dee0e853366c7798f050483 crypto/evp/evp_fetch.c 6e0a2b11440a3cfd80d5539aa6a4b133dbfefc6a646736980dbbd504b3f16ac8 crypto/evp/evp_lib.c 34574e474d3f5daf24981200cae9e24a427d165cd43d8fb738844fa9b0fc991f crypto/evp/evp_local.h @@ -203,7 +203,7 @@ df82657d18fb15d4da3218e33e7326248db509443304889b1dbee5810cbcb78b crypto/evp/key e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c f9988dfed6253c30b08a966496f188763671cb72a2fcb25455f65f8d270027cc crypto/evp/mac_lib.c e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c -0b3714cb5ff9deb5e17081b8dc12922910de9b8693e644dd2ac67a53fe25c7ff crypto/evp/p_lib.c +cd2902a111d200417d04f0422451b3760a67fc21cd1f9ca3b02200dc91b8b916 crypto/evp/p_lib.c 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c bbce11755bcc5ba2ee8e9c1eb95905447136f614fdc2b0f74cf785fe81ead6a5 crypto/evp/pmeth_gn.c fdaddf5c4b274d83292a5121d9b0541dce82fb83e59d64d48a93964840421f30 crypto/evp/pmeth_lib.c @@ -214,7 +214,7 @@ ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d crypto/ffc/ffc 82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888 crypto/ffc/ffc_key_generate.c 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c 67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346 crypto/ffc/ffc_params.c -916d93b50c8a1e69b94ac5d0949a762f3b1580a40b72eb269a764b9905450204 crypto/ffc/ffc_params_generate.c
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via b933c390cccdb69be09ed9738770368fe7cd1eb4 (commit) from 54d987b92ce57c1cc38c6d9b6bf879b003f4cbd4 (commit) - Log - commit b933c390cccdb69be09ed9738770368fe7cd1eb4 Author: Richard Levitte Date: Tue Aug 31 12:07:33 2021 +0200 dev/release.sh: Adjust release branch names to votes The OTC voted today that the release branch for OpenSSL 3.0 should be openssl-3.0 rather than openssl-3.0.x. The release script is changed accordingly. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16481) (cherry picked from commit 8e706c8ae5d6abf69b1b0aa0c4ab3517607522d0) --- Summary of changes: dev/release.sh | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dev/release.sh b/dev/release.sh index 3e7fc27ea9..4b778f3b75 100755 --- a/dev/release.sh +++ b/dev/release.sh @@ -20,7 +20,7 @@ Usage: release.sh [ options ... ] --final Get out of "alpha" or "beta" and make a final release. Implies --branch. ---branchCreate a release branch 'openssl-{major}.{minor}.x', +--branchCreate a release branch 'openssl-{major}.{minor}', where '{major}' and '{minor}' are the major and minor version numbers. @@ -218,7 +218,7 @@ if (echo "$orig_branch" \ | grep -E -q \ -e '^master$' \ -e '^OpenSSL_[0-9]+_[0-9]+_[0-9]+[a-z]*-stable$' \ - -e '^openssl-[0-9]+\.[0-9]+\.x$'); then + -e '^openssl-[0-9]+\.[0-9]+$'); then : elif $force; then : @@ -253,7 +253,7 @@ get_version # changes for the release, the update branch is where we make the post- # release changes update_branch="$orig_branch" -release_branch="openssl-$SERIES.x" +release_branch="openssl-$SERIES" # among others, we only create a release branch if the patch number is zero if [ "$update_branch" = "$release_branch" ] || [ $PATCH -ne 0 ]; then @@ -694,9 +694,9 @@ This implies B<--branch>. =item B<--branch> -Create a branch specific for the I.x release series, if it doesn't +Create a branch specific for the I release series, if it doesn't already exist, and switch to it. The exact branch name will be -C<< openssl-I.x >>. +C<< openssl-I >>. =item B<--no-upload> @@ -751,7 +751,7 @@ C<< OpenSSL_I >> for regular releases, or C<< OpenSSL_I-preI >> for pre-releases. From OpenSSL 3.0 ongoing, the release branches are named -C<< openssl-I.x >>, and the release tags are named +C<< openssl-I >>, and the release tags are named C<< openssl-I >> for regular releases, or C<< openssl-I-alphaI >> for alpha releases and C<< openssl-I-betaI >> for beta releases.
[openssl] master update
The branch master has been updated via a8d9bd8114510d3a1708da3922f07e7f707674bc (commit) from 95a444c9adcad04035704ab3b5d749a185ef0960 (commit) - Log - commit a8d9bd8114510d3a1708da3922f07e7f707674bc Author: Richard Levitte Date: Tue Sep 7 13:29:33 2021 +0200 Update copyright year Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16534) (cherry picked from commit 54d987b92ce57c1cc38c6d9b6bf879b003f4cbd4) --- Summary of changes: Configurations/shared-info.pl| 2 +- crypto/asn1/a_print.c| 2 +- crypto/asn1/t_spki.c | 2 +- crypto/cmp/cmp_status.c | 2 +- dev/release-aux/release-state-fn.sh | 2 +- doc/internal/man3/ossl_method_construct.pod | 2 +- doc/internal/man7/deprecation.pod| 2 +- doc/man7/EVP_KDF-X942-CONCAT.pod | 2 +- doc/man7/passphrase-encoding.pod | 2 +- providers/implementations/ciphers/cipher_camellia.c | 2 +- ssl/ssl_stat.c | 2 +- test/cmp_status_test.c | 2 +- test/destest.c | 2 +- test/recipes/30-test_evp_data/evpciph_aes_cts.txt| 2 +- test/recipes/30-test_evp_data/evpkdf_scrypt.txt | 2 +- test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt | 2 +- test/recipes/80-test_cipherbytes.t | 2 +- test/recipes/80-test_cipherlist.t| 2 +- test/recipes/80-test_ciphername.t| 2 +- test/rsa_sp800_56b_test.c| 2 +- test/x509_internal_test.c| 2 +- 21 files changed, 21 insertions(+), 21 deletions(-) diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index abf2d98dcc..edd16f4055 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index e04f9b1f2e..d2768f74bd 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index 3d85e08686..0397f1f9ee 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c index f1e7b4bc02..46be6b6899 100644 --- a/crypto/cmp/cmp_status.c +++ b/crypto/cmp/cmp_status.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/dev/release-aux/release-state-fn.sh b/dev/release-aux/release-state-fn.sh index 635b82a8b9..267d8753d5 100644 --- a/dev/release-aux/release-state-fn.sh +++ b/dev/release-aux/release-state-fn.sh @@ -1,5 +1,5 @@ #! /bin/sh -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index b05ea9845c..46a17ba7b6 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -147,7 +147,7 @@ This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 54d987b92ce57c1cc38c6d9b6bf879b003f4cbd4 (commit) from 00dbc7cc77d702c59a776b7726e54f3d29059f05 (commit) - Log - commit 54d987b92ce57c1cc38c6d9b6bf879b003f4cbd4 Author: Richard Levitte Date: Tue Sep 7 13:29:33 2021 +0200 Update copyright year Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16534) --- Summary of changes: Configurations/shared-info.pl| 2 +- crypto/asn1/a_print.c| 2 +- crypto/asn1/t_spki.c | 2 +- crypto/cmp/cmp_status.c | 2 +- dev/release-aux/release-state-fn.sh | 2 +- doc/internal/man3/ossl_method_construct.pod | 2 +- doc/internal/man7/deprecation.pod| 2 +- doc/man7/EVP_KDF-X942-CONCAT.pod | 2 +- doc/man7/passphrase-encoding.pod | 2 +- providers/implementations/ciphers/cipher_camellia.c | 2 +- ssl/ssl_stat.c | 2 +- test/cmp_status_test.c | 2 +- test/destest.c | 2 +- test/recipes/30-test_evp_data/evpciph_aes_cts.txt| 2 +- test/recipes/30-test_evp_data/evpkdf_scrypt.txt | 2 +- test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt | 2 +- test/recipes/80-test_cipherbytes.t | 2 +- test/recipes/80-test_cipherlist.t| 2 +- test/recipes/80-test_ciphername.t| 2 +- test/rsa_sp800_56b_test.c| 2 +- test/x509_internal_test.c| 2 +- 21 files changed, 21 insertions(+), 21 deletions(-) diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index abf2d98dcc..edd16f4055 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index e04f9b1f2e..d2768f74bd 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index 3d85e08686..0397f1f9ee 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c index f1e7b4bc02..46be6b6899 100644 --- a/crypto/cmp/cmp_status.c +++ b/crypto/cmp/cmp_status.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/dev/release-aux/release-state-fn.sh b/dev/release-aux/release-state-fn.sh index 635b82a8b9..267d8753d5 100644 --- a/dev/release-aux/release-state-fn.sh +++ b/dev/release-aux/release-state-fn.sh @@ -1,5 +1,5 @@ #! /bin/sh -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index b05ea9845c..46a17ba7b6 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -147,7 +147,7 @@ This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file diff --git a/doc/internal/man7/deprecation.pod
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 00dbc7cc77d702c59a776b7726e54f3d29059f05 (commit) from 4c4ab4d7efdf8c9b49c9838742a0fcd7321d88ff (commit) - Log - commit 00dbc7cc77d702c59a776b7726e54f3d29059f05 Author: Tomas Mraz Date: Tue Sep 7 13:18:22 2021 +0200 Last minute NEWS and CHANGES entries for the 3.0 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/16533) (cherry picked from commit 95a444c9adcad04035704ab3b5d749a185ef0960) --- Summary of changes: CHANGES.md | 48 ++-- NEWS.md| 8 +--- 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5578b0e7e5..00d9246274 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,37 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX ] + * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now + deprecated. + + *Matt Caswell* + + * The `OPENSSL_s390xcap` environment variable can be used to set bits in the + S390X capability vector to zero. This simplifies testing of different code + paths on S390X architecture. + + *Patrick Steuer* + + * Encrypting more than 2^64 TLS records with AES-GCM is disallowed + as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from + SP 800-38D". The communication will fail at this point. + + *Paul Dale* + + * The EC_GROUP_clear_free() function is deprecated as there is nothing + confidential in EC_GROUP data. + + *Nicola Tuveri* + + * The byte order mark (BOM) character is ignored if encountered at the + beginning of a PEM-formatted file. + + *Dmitry Belyavskiy* + + * Added CMS support for the Russian GOST algorithms. + + *Dmitry Belyavskiy* + * Due to move of the implementation of cryptographic operations to the providers, validation of various operation parameters can be postponed until the actual operation is executed where previously @@ -513,6 +544,11 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* + * Added various `_ex` functions to the OpenSSL API that support using + a non-default `OSSL_LIB_CTX`. + + *OpenSSL team* + * Handshake now fails if Extended Master Secret extension is dropped on renegotiation. @@ -1226,11 +1262,19 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* - * Add Single Step KDF (EVP_KDF_SS) to EVP_KDF. + * Added KB KDF (EVP_KDF_KB) to EVP_KDF. + + *Robbie Harwood* + + * Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF. + + *Simo Sorce* + + * Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF. *Shane Lontis* - * Add KMAC to EVP_MAC. + * Added KMAC to EVP_MAC. *Shane Lontis* diff --git a/NEWS.md b/NEWS.md index f2097f1dd4..cec9cd48e0 100644 --- a/NEWS.md +++ b/NEWS.md @@ -21,9 +21,9 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] * Enhanced 'openssl list' with many new options. - * Added migration guide to man7 - * Implemented support for fully "pluggable" TLSv1.3 groups - * Added suport for Kernel TLS (KTLS) + * Added migration guide to man7. + * Implemented support for fully "pluggable" TLSv1.3 groups. + * Added suport for Kernel TLS (KTLS). * Changed the license to the Apache License v2.0. * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider. @@ -39,6 +39,8 @@ OpenSSL 3.0 * Remove the `RAND_DRBG` API. * Deprecated the `ENGINE` API. * Added `OSSL_LIB_CTX`, a libcrypto library context. + * Added various `_ex` functions to the OpenSSL API that support using +a non-default `OSSL_LIB_CTX`. * Interactive mode is removed from the 'openssl' program. * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are included in the FIPS provider.
[openssl] master update
The branch master has been updated via 95a444c9adcad04035704ab3b5d749a185ef0960 (commit) from 8e7d941ade3a86e352d9c3d601f61c033dc6788b (commit) - Log - commit 95a444c9adcad04035704ab3b5d749a185ef0960 Author: Tomas Mraz Date: Tue Sep 7 13:18:22 2021 +0200 Last minute NEWS and CHANGES entries for the 3.0 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/16533) --- Summary of changes: CHANGES.md | 48 ++-- NEWS.md| 8 +--- 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5ed84e657a..58dffb15ef 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -38,6 +38,37 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX ] + * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now + deprecated. + + *Matt Caswell* + + * The `OPENSSL_s390xcap` environment variable can be used to set bits in the + S390X capability vector to zero. This simplifies testing of different code + paths on S390X architecture. + + *Patrick Steuer* + + * Encrypting more than 2^64 TLS records with AES-GCM is disallowed + as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from + SP 800-38D". The communication will fail at this point. + + *Paul Dale* + + * The EC_GROUP_clear_free() function is deprecated as there is nothing + confidential in EC_GROUP data. + + *Nicola Tuveri* + + * The byte order mark (BOM) character is ignored if encountered at the + beginning of a PEM-formatted file. + + *Dmitry Belyavskiy* + + * Added CMS support for the Russian GOST algorithms. + + *Dmitry Belyavskiy* + * Due to move of the implementation of cryptographic operations to the providers, validation of various operation parameters can be postponed until the actual operation is executed where previously @@ -521,6 +552,11 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* + * Added various `_ex` functions to the OpenSSL API that support using + a non-default `OSSL_LIB_CTX`. + + *OpenSSL team* + * Handshake now fails if Extended Master Secret extension is dropped on renegotiation. @@ -1234,11 +1270,19 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* - * Add Single Step KDF (EVP_KDF_SS) to EVP_KDF. + * Added KB KDF (EVP_KDF_KB) to EVP_KDF. + + *Robbie Harwood* + + * Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF. + + *Simo Sorce* + + * Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF. *Shane Lontis* - * Add KMAC to EVP_MAC. + * Added KMAC to EVP_MAC. *Shane Lontis* diff --git a/NEWS.md b/NEWS.md index 5d836031c4..7cf0d8a7b7 100644 --- a/NEWS.md +++ b/NEWS.md @@ -29,9 +29,9 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] * Enhanced 'openssl list' with many new options. - * Added migration guide to man7 - * Implemented support for fully "pluggable" TLSv1.3 groups - * Added suport for Kernel TLS (KTLS) + * Added migration guide to man7. + * Implemented support for fully "pluggable" TLSv1.3 groups. + * Added suport for Kernel TLS (KTLS). * Changed the license to the Apache License v2.0. * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider. @@ -47,6 +47,8 @@ OpenSSL 3.0 * Remove the `RAND_DRBG` API. * Deprecated the `ENGINE` API. * Added `OSSL_LIB_CTX`, a libcrypto library context. + * Added various `_ex` functions to the OpenSSL API that support using +a non-default `OSSL_LIB_CTX`. * Interactive mode is removed from the 'openssl' program. * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are included in the FIPS provider.
[openssl] master update
The branch master has been updated via 8e7d941ade3a86e352d9c3d601f61c033dc6788b (commit) from 6d55d27b2da7a84c9f4b872060be979b5f64af2c (commit) - Log - commit 8e7d941ade3a86e352d9c3d601f61c033dc6788b Author: Richard Levitte Date: Tue Sep 7 11:28:12 2021 +0200 Mention the concept of providers in NEWS.md and CHANGES.md Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16528) (cherry picked from commit 4c4ab4d7efdf8c9b49c9838742a0fcd7321d88ff) --- Summary of changes: CHANGES.md | 17 + NEWS.md| 2 ++ 2 files changed, 19 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 0b3004d1a8..5ed84e657a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1397,6 +1397,23 @@ breaking changes, and mappings for the large list of deprecated functions. *Raja Ashok* + * Added a new concept for OpenSSL plugability: providers. This + functionality is designed to replace the ENGINE API and ENGINE + implementations, and to be much more dynamic, allowing provider + authors to introduce new algorithms among other things, as long as + there's an API that supports the algorithm type. + + With this concept comes a new core API for interaction between + libcrypto and provider implementations. Public libcrypto functions + that want to use providers do so through this core API. + + The main documentation for this core API is found in + doc/man7/provider.pod, doc/man7/provider-base.pod, and they in turn + refer to other manuals describing the API specific for supported + algorithm types (also called operations). + + *The OpenSSL team* + OpenSSL 1.1.1 - diff --git a/NEWS.md b/NEWS.md index 011f35a849..5d836031c4 100644 --- a/NEWS.md +++ b/NEWS.md @@ -95,6 +95,8 @@ OpenSSL 3.0 * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions have been deprecated. * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. + * Added providers, a new pluggability concept that will replace the +ENGINE API and ENGINE implementations. OpenSSL 1.1.1 -
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 4c4ab4d7efdf8c9b49c9838742a0fcd7321d88ff (commit) from 76b45e5ac8e133ee672639125267bda6f0b5a4b0 (commit) - Log - commit 4c4ab4d7efdf8c9b49c9838742a0fcd7321d88ff Author: Richard Levitte Date: Tue Sep 7 11:28:12 2021 +0200 Mention the concept of providers in NEWS.md and CHANGES.md Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16528) --- Summary of changes: CHANGES.md | 17 + NEWS.md| 2 ++ 2 files changed, 19 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index bc6d9516ff..5578b0e7e5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1389,6 +1389,23 @@ breaking changes, and mappings for the large list of deprecated functions. *Raja Ashok* + * Added a new concept for OpenSSL plugability: providers. This + functionality is designed to replace the ENGINE API and ENGINE + implementations, and to be much more dynamic, allowing provider + authors to introduce new algorithms among other things, as long as + there's an API that supports the algorithm type. + + With this concept comes a new core API for interaction between + libcrypto and provider implementations. Public libcrypto functions + that want to use providers do so through this core API. + + The main documentation for this core API is found in + doc/man7/provider.pod, doc/man7/provider-base.pod, and they in turn + refer to other manuals describing the API specific for supported + algorithm types (also called operations). + + *The OpenSSL team* + OpenSSL 1.1.1 - diff --git a/NEWS.md b/NEWS.md index 9d198fca8d..f2097f1dd4 100644 --- a/NEWS.md +++ b/NEWS.md @@ -87,6 +87,8 @@ OpenSSL 3.0 * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions have been deprecated. * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. + * Added providers, a new pluggability concept that will replace the +ENGINE API and ENGINE implementations. OpenSSL 1.1.1 -
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 76b45e5ac8e133ee672639125267bda6f0b5a4b0 (commit) via f075267c1921c4f1fc307c9e738a4edf39b04a1c (commit) via 385e5fb4dcfe4ca0135c30de33a2813cdd18ff7c (commit) from f43c1241c28526588f59e56c7f56422e0d23f411 (commit) - Log - commit 76b45e5ac8e133ee672639125267bda6f0b5a4b0 Author: PW Hu Date: Fri Sep 3 15:18:02 2021 +0800 fix documentation error caused by commit 6882652e65d39310c98ba506ceb55a87c702d419 CLA:trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16502) (cherry picked from commit 6d55d27b2da7a84c9f4b872060be979b5f64af2c) commit f075267c1921c4f1fc307c9e738a4edf39b04a1c Author: PW Hu Date: Fri Sep 3 15:09:54 2021 +0800 fix documentation error caused by commit 9067cf6ccdce0a73922f06937e54c2fce2752038 CLA:trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16502) (cherry picked from commit 48b3ad05680ba3e3668bcb6491bf4447033464ed) commit 385e5fb4dcfe4ca0135c30de33a2813cdd18ff7c Author: PW Hu Date: Fri Sep 3 14:40:17 2021 +0800 imporve documentation CLA:trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16502) (cherry picked from commit b9f96f30eea550650a8d9f8000cea940c6ee8150) --- Summary of changes: doc/internal/man3/ossl_method_construct.pod | 12 +--- doc/man3/OSSL_STORE_LOADER.pod | 8 doc/man3/X509_digest.pod| 2 +- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index d2202bccfa..b05ea9845c 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -10,15 +10,13 @@ OSSL_METHOD_CONSTRUCT_METHOD, ossl_method_construct #include "internal/core.h" struct ossl_method_construct_method_st { - /* Create store */ - void *(*alloc_tmp_store)(OSSL_LIB_CTX *ctx); - /* Remove a store */ - void (*dealloc_tmp_store)(void *store); + /* Get a temporary store */ + void *(*get_tmp_store)(void *data); /* Get an already existing method from a store */ - void *(*get)(OSSL_LIB_CTX *libctx, void *store, void *data); + void *(*get)(void *store, void *data); /* Store a method in a store */ - int (*put)(OSSL_LIB_CTX *libctx, void *store, void *method, -const OSSL_PROVIDER *prov, int operation_id, const char *name, + int (*put)(void *store, void *method, +const OSSL_PROVIDER *prov, const char *name, const char *propdef, void *data); /* Construct a new method */ void *(*construct)(const char *name, const OSSL_DISPATCH *fns, diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index d150d24b49..fc1153eb21 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -45,9 +45,9 @@ unregister STORE loaders for different URI schemes int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *scheme); void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, -void (*fn)(OSSL_STORE_LOADER *loader, +void (*user_fn)(OSSL_STORE_LOADER *loader, void *arg), -void *arg); +void *user_arg); int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, void (*fn)(const char *name, void *data), void *data); @@ -142,8 +142,8 @@ I implementation. OSSL_STORE_LOADER_do_all_provided() traverses all store implementations by all activated providers in the library context I, and for each -of the implementations, calls I with the implementation method and -I as arguments. +of the implementations, calls I with the implementation method and +I as arguments. OSSL_STORE_LOADER_names_do_all() traverses all names for the given I, and calls I with each name and I. diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod index 8213bd06ca..f4921dbc18 100644 --- a/doc/man3/X509_digest.pod +++ b/doc/man3/X509_digest.pod @@ -67,7 +67,7 @@ to a place where the digest size will be stored. =head1 RETURN VALUES -X509_digest_sig() returns an ASN1_OCTET_STRING on success, else NULL. +X509_digest_sig() returns an ASN1_OCTET_STRING pointer on success, else NULL. All other functions described here return 1 for success and 0 for
[openssl] master update
The branch master has been updated via 6d55d27b2da7a84c9f4b872060be979b5f64af2c (commit) via 48b3ad05680ba3e3668bcb6491bf4447033464ed (commit) via b9f96f30eea550650a8d9f8000cea940c6ee8150 (commit) from e567367afd2e3339597e984fa3ae2fecad4d6735 (commit) - Log - commit 6d55d27b2da7a84c9f4b872060be979b5f64af2c Author: PW Hu Date: Fri Sep 3 15:18:02 2021 +0800 fix documentation error caused by commit 6882652e65d39310c98ba506ceb55a87c702d419 CLA:trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16502) commit 48b3ad05680ba3e3668bcb6491bf4447033464ed Author: PW Hu Date: Fri Sep 3 15:09:54 2021 +0800 fix documentation error caused by commit 9067cf6ccdce0a73922f06937e54c2fce2752038 CLA:trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16502) commit b9f96f30eea550650a8d9f8000cea940c6ee8150 Author: PW Hu Date: Fri Sep 3 14:40:17 2021 +0800 imporve documentation CLA:trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16502) --- Summary of changes: doc/internal/man3/ossl_method_construct.pod | 12 +--- doc/man3/OSSL_STORE_LOADER.pod | 8 doc/man3/X509_digest.pod| 2 +- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index d2202bccfa..b05ea9845c 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -10,15 +10,13 @@ OSSL_METHOD_CONSTRUCT_METHOD, ossl_method_construct #include "internal/core.h" struct ossl_method_construct_method_st { - /* Create store */ - void *(*alloc_tmp_store)(OSSL_LIB_CTX *ctx); - /* Remove a store */ - void (*dealloc_tmp_store)(void *store); + /* Get a temporary store */ + void *(*get_tmp_store)(void *data); /* Get an already existing method from a store */ - void *(*get)(OSSL_LIB_CTX *libctx, void *store, void *data); + void *(*get)(void *store, void *data); /* Store a method in a store */ - int (*put)(OSSL_LIB_CTX *libctx, void *store, void *method, -const OSSL_PROVIDER *prov, int operation_id, const char *name, + int (*put)(void *store, void *method, +const OSSL_PROVIDER *prov, const char *name, const char *propdef, void *data); /* Construct a new method */ void *(*construct)(const char *name, const OSSL_DISPATCH *fns, diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index d150d24b49..fc1153eb21 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -45,9 +45,9 @@ unregister STORE loaders for different URI schemes int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *scheme); void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, -void (*fn)(OSSL_STORE_LOADER *loader, +void (*user_fn)(OSSL_STORE_LOADER *loader, void *arg), -void *arg); +void *user_arg); int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, void (*fn)(const char *name, void *data), void *data); @@ -142,8 +142,8 @@ I implementation. OSSL_STORE_LOADER_do_all_provided() traverses all store implementations by all activated providers in the library context I, and for each -of the implementations, calls I with the implementation method and -I as arguments. +of the implementations, calls I with the implementation method and +I as arguments. OSSL_STORE_LOADER_names_do_all() traverses all names for the given I, and calls I with each name and I. diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod index 8213bd06ca..f4921dbc18 100644 --- a/doc/man3/X509_digest.pod +++ b/doc/man3/X509_digest.pod @@ -67,7 +67,7 @@ to a place where the digest size will be stored. =head1 RETURN VALUES -X509_digest_sig() returns an ASN1_OCTET_STRING on success, else NULL. +X509_digest_sig() returns an ASN1_OCTET_STRING pointer on success, else NULL. All other functions described here return 1 for success and 0 for failure.
[openssl] master update
The branch master has been updated via e567367afd2e3339597e984fa3ae2fecad4d6735 (commit) via 0264910413ff7a85348cc3c35e9c59cb7906278b (commit) from 1e7479e8a4f33b1afa7d62b07c682f6987e6a515 (commit) - Log - commit e567367afd2e3339597e984fa3ae2fecad4d6735 Author: Richard Levitte Date: Tue Sep 7 09:44:58 2021 +0200 Added a NEWS entry about the enhanced 'openssl list' Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16522) (cherry picked from commit f43c1241c28526588f59e56c7f56422e0d23f411) commit 0264910413ff7a85348cc3c35e9c59cb7906278b Author: Richard Levitte Date: Tue Sep 7 09:33:16 2021 +0200 Add missing OSSL_DECODER entry in NEWS.md and CHANGES.md The text in CHANGES.md got fleshed out a bit more as well. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16522) (cherry picked from commit d1a786e99b162793a8f4a70fe12d2c4e6f5ee608) --- Summary of changes: CHANGES.md | 15 +-- NEWS.md| 2 ++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5dca90464a..0b3004d1a8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -813,8 +813,19 @@ breaking changes, and mappings for the large list of deprecated functions. *Rich Salz* - * Introduced a new method type and API, OSSL_ENCODER, to - represent generic encoders. + * Introduced a new method type and API, OSSL_ENCODER, to represent + generic encoders. These do the same sort of job that PEM writers + and d2i functions do, but with support for methods supplied by + providers, and the possibility for providers to support other + formats as well. + + *Richard Levitte* + + * Introduced a new method type and API, OSSL_DECODER, to represent + generic decoders. These do the same sort of job that PEM readers + and i2d functions do, but with support for methods supplied by + providers, and the possibility for providers to support other + formats as well. *Richard Levitte* diff --git a/NEWS.md b/NEWS.md index 290671e091..011f35a849 100644 --- a/NEWS.md +++ b/NEWS.md @@ -28,6 +28,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Enhanced 'openssl list' with many new options. * Added migration guide to man7 * Implemented support for fully "pluggable" TLSv1.3 groups * Added suport for Kernel TLS (KTLS) @@ -65,6 +66,7 @@ OpenSSL 3.0 BIOs (allowing implicit connections), and timeout checks. * Added util/check-format.pl for checking adherence to the coding guidelines. * Added OSSL_ENCODER, a generic encoder API. + * Added OSSL_DECODER, a generic decoder API. * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. * Added error raising macros, ERR_raise() and ERR_raise_data(). * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(),
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via f43c1241c28526588f59e56c7f56422e0d23f411 (commit) via d1a786e99b162793a8f4a70fe12d2c4e6f5ee608 (commit) from 437d4202212daae86b66ef776706d2e1a27a7953 (commit) - Log - commit f43c1241c28526588f59e56c7f56422e0d23f411 Author: Richard Levitte Date: Tue Sep 7 09:44:58 2021 +0200 Added a NEWS entry about the enhanced 'openssl list' Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16522) commit d1a786e99b162793a8f4a70fe12d2c4e6f5ee608 Author: Richard Levitte Date: Tue Sep 7 09:33:16 2021 +0200 Add missing OSSL_DECODER entry in NEWS.md and CHANGES.md The text in CHANGES.md got fleshed out a bit more as well. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16522) --- Summary of changes: CHANGES.md | 15 +-- NEWS.md| 2 ++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index a24b30e651..bc6d9516ff 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -805,8 +805,19 @@ breaking changes, and mappings for the large list of deprecated functions. *Rich Salz* - * Introduced a new method type and API, OSSL_ENCODER, to - represent generic encoders. + * Introduced a new method type and API, OSSL_ENCODER, to represent + generic encoders. These do the same sort of job that PEM writers + and d2i functions do, but with support for methods supplied by + providers, and the possibility for providers to support other + formats as well. + + *Richard Levitte* + + * Introduced a new method type and API, OSSL_DECODER, to represent + generic decoders. These do the same sort of job that PEM readers + and i2d functions do, but with support for methods supplied by + providers, and the possibility for providers to support other + formats as well. *Richard Levitte* diff --git a/NEWS.md b/NEWS.md index c269e370e0..9d198fca8d 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Enhanced 'openssl list' with many new options. * Added migration guide to man7 * Implemented support for fully "pluggable" TLSv1.3 groups * Added suport for Kernel TLS (KTLS) @@ -57,6 +58,7 @@ OpenSSL 3.0 BIOs (allowing implicit connections), and timeout checks. * Added util/check-format.pl for checking adherence to the coding guidelines. * Added OSSL_ENCODER, a generic encoder API. + * Added OSSL_DECODER, a generic decoder API. * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. * Added error raising macros, ERR_raise() and ERR_raise_data(). * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(),
[openssl] master update
The branch master has been updated via 1e7479e8a4f33b1afa7d62b07c682f6987e6a515 (commit) from 3dd74e21fa04c7d8d7793b25b9a4609625e314cd (commit) - Log - commit 1e7479e8a4f33b1afa7d62b07c682f6987e6a515 Author: Richard Levitte Date: Tue Sep 7 07:27:01 2021 +0200 Correct the "Out of memory" EVP tests This affects test/recipes/30-test_evp_data/evpkdf_scrypt.txt and test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt, where the "Out of memory" stanza weren't up to the task, as they didn't hit the default scrypt memory limit like they did in OpenSSL 1.1.1. We solve this by setting the |n| value to the next power of two, and correcting the expected result. Fixes #16519 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16521) (cherry picked from commit 437d4202212daae86b66ef776706d2e1a27a7953) --- Summary of changes: test/recipes/30-test_evp_data/evpkdf_scrypt.txt | 4 ++-- test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/recipes/30-test_evp_data/evpkdf_scrypt.txt b/test/recipes/30-test_evp_data/evpkdf_scrypt.txt index 64176091fc..29ae89b5be 100644 --- a/test/recipes/30-test_evp_data/evpkdf_scrypt.txt +++ b/test/recipes/30-test_evp_data/evpkdf_scrypt.txt @@ -57,7 +57,7 @@ Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d543295 KDF = id-scrypt Ctrl.pass = pass:pleaseletmein Ctrl.salt = salt:SodiumChloride -Ctrl.N = n:1048576 +Ctrl.N = n:2097152 Ctrl.r = r:8 Ctrl.p = p:1 -Result = KDF_MISMATCH +Result = KDF_DERIVE_ERROR diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt b/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt index 1f7c06c6d4..c9c7f3ca78 100644 --- a/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt +++ b/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt @@ -57,7 +57,7 @@ Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d543295 PKEYKDF = scrypt Ctrl.pass = pass:pleaseletmein Ctrl.salt = salt:SodiumChloride -Ctrl.N = N:1048576 +Ctrl.N = n:2097152 Ctrl.r = r:8 Ctrl.p = p:1 -Result = KDF_MISMATCH +Result = KDF_DERIVE_ERROR
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 437d4202212daae86b66ef776706d2e1a27a7953 (commit) from 7364545e0734ad25e08d7d5ad0e2c9dac85d2d0d (commit) - Log - commit 437d4202212daae86b66ef776706d2e1a27a7953 Author: Richard Levitte Date: Tue Sep 7 07:27:01 2021 +0200 Correct the "Out of memory" EVP tests This affects test/recipes/30-test_evp_data/evpkdf_scrypt.txt and test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt, where the "Out of memory" stanza weren't up to the task, as they didn't hit the default scrypt memory limit like they did in OpenSSL 1.1.1. We solve this by setting the |n| value to the next power of two, and correcting the expected result. Fixes #16519 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16521) --- Summary of changes: test/recipes/30-test_evp_data/evpkdf_scrypt.txt | 4 ++-- test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/recipes/30-test_evp_data/evpkdf_scrypt.txt b/test/recipes/30-test_evp_data/evpkdf_scrypt.txt index 64176091fc..29ae89b5be 100644 --- a/test/recipes/30-test_evp_data/evpkdf_scrypt.txt +++ b/test/recipes/30-test_evp_data/evpkdf_scrypt.txt @@ -57,7 +57,7 @@ Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d543295 KDF = id-scrypt Ctrl.pass = pass:pleaseletmein Ctrl.salt = salt:SodiumChloride -Ctrl.N = n:1048576 +Ctrl.N = n:2097152 Ctrl.r = r:8 Ctrl.p = p:1 -Result = KDF_MISMATCH +Result = KDF_DERIVE_ERROR diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt b/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt index 1f7c06c6d4..c9c7f3ca78 100644 --- a/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt +++ b/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt @@ -57,7 +57,7 @@ Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d543295 PKEYKDF = scrypt Ctrl.pass = pass:pleaseletmein Ctrl.salt = salt:SodiumChloride -Ctrl.N = N:1048576 +Ctrl.N = n:2097152 Ctrl.r = r:8 Ctrl.p = p:1 -Result = KDF_MISMATCH +Result = KDF_DERIVE_ERROR
[openssl] master update
The branch master has been updated via 3dd74e21fa04c7d8d7793b25b9a4609625e314cd (commit) from 6929c8fb5b46c9c2a383a7c212ee052e0dcef021 (commit) - Log - commit 3dd74e21fa04c7d8d7793b25b9a4609625e314cd Author: Richard Levitte Date: Mon Sep 6 21:49:34 2021 +0200 Fix a few tests that fail on VMS In one spot, files aren't properly closed, so the sub-process program that's supposed to read them can't, because it's locked out. In another spot, srctop_file() was used where srctop_dir() should be used to properly format a directory specification. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16518) (cherry picked from commit 7364545e0734ad25e08d7d5ad0e2c9dac85d2d0d) --- Summary of changes: test/recipes/25-test_verify.t| 6 -- test/recipes/30-test_defltfips.t | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index f7a9f626ca..bcd823bcfb 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -461,7 +461,8 @@ SKIP: { skip "Couldn't create certplusrsa.pem", 1 unless ( open $certplusrsa, '>', $certplusrsa_file and copy($cert_file, $certplusrsa) - and copy($rsa_file, $certplusrsa) ); + and copy($rsa_file, $certplusrsa) + and close $certplusrsa ); ok(run(app([ qw(openssl verify -trusted), $certplusrsa_file, $cert_file ])), 'Mixed cert + key file test'); @@ -474,7 +475,8 @@ SKIP: { skip "Couldn't create rsapluscert.pem", 1 unless ( open $rsapluscert, '>', $rsapluscert_file and copy($rsa_file, $rsapluscert) - and copy($cert_file, $rsapluscert) ); + and copy($cert_file, $rsapluscert) + and close $rsapluscert ); ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])), 'Mixed key + cert file test'); diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t index f0338bb3e0..426bd660d1 100644 --- a/test/recipes/30-test_defltfips.t +++ b/test/recipes/30-test_defltfips.t @@ -36,7 +36,7 @@ unless ($no_fips) { #Configured to run FIPS but the module-mac is bad $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "fips.cnf")); -$ENV{OPENSSL_CONF_INCLUDE} = srctop_file("test", "recipes", "30-test_defltfips"); +$ENV{OPENSSL_CONF_INCLUDE} = srctop_dir("test", "recipes", "30-test_defltfips"); ok(run(test(["defltfips_test", "badfips"])), "running defltfips_test badfips"); #Test an alternative way of configuring fips (but still with bad module-mac)
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 7364545e0734ad25e08d7d5ad0e2c9dac85d2d0d (commit) from 9d3cb1b2fa4752410dd79b55c4402cee66fe3c24 (commit) - Log - commit 7364545e0734ad25e08d7d5ad0e2c9dac85d2d0d Author: Richard Levitte Date: Mon Sep 6 21:49:34 2021 +0200 Fix a few tests that fail on VMS In one spot, files aren't properly closed, so the sub-process program that's supposed to read them can't, because it's locked out. In another spot, srctop_file() was used where srctop_dir() should be used to properly format a directory specification. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16518) --- Summary of changes: test/recipes/25-test_verify.t| 6 -- test/recipes/30-test_defltfips.t | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index f7a9f626ca..bcd823bcfb 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -461,7 +461,8 @@ SKIP: { skip "Couldn't create certplusrsa.pem", 1 unless ( open $certplusrsa, '>', $certplusrsa_file and copy($cert_file, $certplusrsa) - and copy($rsa_file, $certplusrsa) ); + and copy($rsa_file, $certplusrsa) + and close $certplusrsa ); ok(run(app([ qw(openssl verify -trusted), $certplusrsa_file, $cert_file ])), 'Mixed cert + key file test'); @@ -474,7 +475,8 @@ SKIP: { skip "Couldn't create rsapluscert.pem", 1 unless ( open $rsapluscert, '>', $rsapluscert_file and copy($rsa_file, $rsapluscert) - and copy($cert_file, $rsapluscert) ); + and copy($cert_file, $rsapluscert) + and close $rsapluscert ); ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])), 'Mixed key + cert file test'); diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t index f0338bb3e0..426bd660d1 100644 --- a/test/recipes/30-test_defltfips.t +++ b/test/recipes/30-test_defltfips.t @@ -36,7 +36,7 @@ unless ($no_fips) { #Configured to run FIPS but the module-mac is bad $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "fips.cnf")); -$ENV{OPENSSL_CONF_INCLUDE} = srctop_file("test", "recipes", "30-test_defltfips"); +$ENV{OPENSSL_CONF_INCLUDE} = srctop_dir("test", "recipes", "30-test_defltfips"); ok(run(test(["defltfips_test", "badfips"])), "running defltfips_test badfips"); #Test an alternative way of configuring fips (but still with bad module-mac)