Late Monthly Status Report (March 2021)

[Richard Levitte]

Apart from normal business, such as normal reviews, OMC business,
normal system administration tasks, small fixes, etc., key activities
this month:

* Development:
  - [not_yet_merged] Configure: add -fkeep-inline-functions to --strict-warnings
(PR openssl/openssl#8955)
  - [not_yet_closed] Propagate the no_store flag + consequences for 
evp_pkey_export_to_provider()
(Issue openssl/openssl#14164)
  - [not_yet_closed] OpenSSL 3.0 currently doesn't build on OpenVMS, adaptation 
needed
(Issue openssl/openssl#14247)
  - EVP_RAND should be renamed to OSSL_RAND
(Issue openssl/openssl#14297)
  - Provider side encoders and decoders need to stop using EVP_PKEY
(Issue openssl/openssl#14306)
  - Stop using EVP_PKEY in encoders and decoders
(PR openssl/openssl#14314)
  - Make 'tests' depend on a generated 'providers/fipsmodule.cnf'
(PR openssl/openssl#14320)
  - Fix threading issues in crypto/provider_core.c
(PR openssl/openssl#14354)
  - test/threadstest.c: Add a test to load providers concurrently
(PR openssl/openssl#14372)
  - DOCS: Fix provider-mac.pod and the docs of our implementations
(PR openssl/openssl#14380)
  - DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod
(PR openssl/openssl#14415)
  - Undo passing of params to provider side init/derive/instantiate
(PR openssl/openssl#14435)
  - [not_yet_closed] Introduce EVP level fetchable sigalg functionality
(Issue openssl/openssl#14467)
  - PROV: use EVP_CIPHER_CTX_set_params() rather than EVP_CIPHER_CTX_ctrl()
(PR openssl/openssl#14484)
  - TEST: Cleanup test recipes
(PR openssl/openssl#14505)
  - [not_yet_closed] Introduce EVP level fetchable PRF functionality
(Issue openssl/openssl#14543)
  - Configure: check all DEPEND values against GENERATE, not just .h files
(PR openssl/openssl#14598)
  - Fix a missing rand -> ossl_rand rename
(PR openssl/openssl#14609)
  - ASN1: Reset the content dump flag after dumping
(PR openssl/openssl#14627)
  - RSA-PSS: When printing parameters, always print the trailerfield ASN.1 value
(PR openssl/openssl#14676)
  - [not_yet_closed] test/pkits-test.pl not suitable for current OpenSSL
(Issue openssl/openssl#14709)
  - Unix build file template: symlink "simple" to "full" shlib selectively
(PR openssl/openssl#14726)
  - Re-implement ANSI C building with a Github workflow
(PR openssl/openssl#14729)
* Web:
  - REVIEWED: Update newsflash for the 3.0 alpha13 release
(PR openssl/web#223 by mattcaswell)
  - Complete the transition changelog.txt -> changelog.md
(PR openssl/web#224)
* Other:
  - Started over with buildbot master development / configuration / setup

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

Monthly Status Report (March 2021)

[Tomas Mraz]

My key activities this month were:

- triage of newly reported issues and responding to questions
- participation on the meetings
- participated on the openssl-1.1.1k security release by reviewing
  and doing the CVE-2021-3450 fix

- reviews of various PRs:
  - I've reviewed about 90 PRs this month
  - Major PRs reviewed:
- Stop using EVP_PKEY in encoders and decoders #14314
- Make 'tests' depend on a generated 'providers/fipsmodule.cnf'
#14320
- Add testing for non-default library context into evp_extra_test
#14478
- ESS for TSP and CAdES-BES: Correct logic of
ts_check_signing_certs() relating cert IDs to chain members #14503
- KDF life-cycle documentation #14522
- Fix Coverity resource leaks #14596
- Fix DER reading from stdin for BIO_f_readbuffer #14599
- HTTP: Fix method_POST param by moving it to
OSSL_HTTP_REQ_CTX_set_request_line() #14699

- submitted 31 PRs:
  - In particular:
- TODO cleanups in test, ssl, and providers directories #14367
- Another set of TODO 3.0 cleanups - this time mostly in crypto
#14404
- CI: add job with external tests (temporarily krb5 and gost_engine
only) #14416
- Change default algorithms in PKCS12_create() and PKCS12_set_mac()
#14450
- Do not call RAND_get0_public from within the FIPS provider
initialization #14497
- Make EVP_PKEY_missing_parameters work properly on provided RSA
keys #14511
- Added functions for printing EVP_PKEYs to FILE * #14577
- Implement EVP_PKEY_dup() function #14624
- EVP_PKCS82PKEY: Create provided keys if possible #14659
- Cleanups related to legacy nid support #14703
- Add "save-parameters" encoder parameter #14746
- Provider side decoder API documentation #14756

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
  Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]