Monthly Status Report (March 2022)

[Tomas Mraz]

My key activities this month were:

- triage of newly reported issues, investigating bugs, and responding 
  to questions
- participation on the meetings
- cooperation with Mark and Tim on the hiring process
- participation on QUIC design, proposal for congestion control
  pluggable algorithm API
- participation on the CVE-2022-0778 handling including the release
  review

- reviews of various PRs:
  - I've reviewed more than 80 PRs this month
  - Notable PRs reviewed:
    - Add TFO support to socket BIO and s_client/s_server #8962
- enable CMS sign/verify for provider-implemented PKEYs #17733
- Add ASYNC_set_mem_functions ASYNC_get_mem_functions #17762
- adding external oqsprovider testing #17832
- Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for
SECLEVEL >= 3 #17763
- EVP_MD performance fix (refcount cache contention) #17857
- Remove statistics tracking from LHASH #17935
- Decoder resolution performance optimizations #17921

- submitted 15 PRs:
  - In particular:
    - The PRs for all the branches handling CVE-2022-0778
    - Replace handling of negative verification result with
SSL_set_retry_verify() #17825
- DH: Make padding always on when X9.42 KDF is used #17859
- tls_process_server_hello: Disallow repeated HRR #17936
- Import only named params into FIPS module #17998

-- 
Tomáš Mráz, OpenSSL

Monthly Status Report (March 2022)

[Hugo Landau]

Apart from normal business, attending daily standup meetings, attending OTC
meetings, sprint planning meetings, etc., key activities this month:

- Read RFCs 8446 (TLS 1.3), 8999, 9000, 9001, 9002 (QUIC),
draft-ietf-quic-http, draft-ietf-dprive-dnsoquic
- Familiarised with/replied to #17184, #17185, #17253, #17577
(QUIC design issues)
- PR #17782 to fix bug #17736 (openssl req -x509 bug)
- PR #17783 to fix bug #17648 (BN_mod_exp2_mont bug)
- PR #17787 backporting fix for #17648 (BN_mod_exp2_mont bug)
- PR #17788 to fix #17503 (s_server -sendfile KTLS bug)
- Created issue #17789 (docs)
- PR #17790 (manpage typo)
- PR #17793 (EVP demo: SIPHASH) fixing #14121
- PR #17796 (EVP demo: Poly1305) fixing #14122
- PR #17799 (EVP demo: X25519) fixing #14118
- PR #17800 (EVP demo: RSA-PSS direct, hashed) fixing #14113
- Investigated, handled issue #17797 (CMS line ending issue)
- PR #17805 (backport of #17782)
- PR #17803 (EVP demo: XOF SHAKE256) fixing #14106
- (Experimental) PR #17807 rough draft of progress towards fixing #17267
(testing of s_server, s_client)
- Investigated method of fixing #17797 for 1.1
- PR #17808 fixing #13008 for 1.1 (OBJ_nid2obj error reporting)
- PR #17810 documenting bug in 1.1 (CMS -binary)
- Evaluated and responded to QUIC strawman API design (#17184)
- (Superceded) PR #17812 (revert #13906)
- PR #17815 (manpage for SSL_get_certificate, SSL_get_privatekey)
- Investigated feasibility of refactoring launch code out of TLSProxy
- Wrote up thoughts on QUIC connection migration
- Investigated alternative for SSL verification callback retry
- PR #17823 (fix bug using tests without TAP::Parser::Aggregator)
- PR #17824 (EVP demo: RSA keygen) fixing #14111
- PR #17826 (EVP demo: RSA key encode/decode) fixing #14116
- Investigated #17064 (performance issue) and wrote up findings
- PR #17857 implementing partial fix to #17064 (MAC)
- PR #17862 implementing further fix to #17064 (IV length caching)
- Investigated #16791 (msquic slowdown)
- PR #17870 to fix #17869 (signed integer overflow)
- PR #17872 to fix #17871 (signed integer overflow, 1.1)
- PR #17873 to fix bug in scrypt KDF provider
- PR #17881 (refactoring of libctx)
- Created an experimental rebase of quictls fork on master
- Reprofiling of #15199 and investigation of performance fixes
- PR #17912 fixing #17911 (declaration inconsistency)
- PR #17914 fixing #17909 (documentation)
- PR #17915 fixing #17910 (documentation)
- PR #17921 partially fixing #15199 (decoder optimization)
- (Superceded) PR #17931 (performance, LHASH operation counts)
- PR #17935 removing LHASH statistics
- (WIP) PR #17937 deprecating LHASH statistics functions
- Investigated libssl API usage as used by various FOSS projects
- Investigated #17950 (d2i_X509 performance issue)
- Wrote up demo-driven design proposal (#17939)
- Wrote the DDD demos
- Attended record layer design workshop
- Attended congestion control workshop
- PR #17977 fixing #17976 (manpage typo)
- PR #17991 merging DDD demos into OpenSSL repository
- Wrote a DDD blogpost
- Developed and published proposed diffs to DDD demos
- Cleanup of old issues which were still open despite fixes being merged
  (#17089, #17588)