Re: Monthly Status Report (September 2021)
Apart from normal business, such as normal reviews, OMC business, normal system administration tasks, small fixes, etc., key activities this month: * Development: - Release OpenSSL 3.0.0 - OpenSSL::Ordinals::set_version() should only be given the short version (PR openssl/openssl#16556) - Fix the build file templates where uplink matters (PR openssl/openssl#16577) - Configurations/platform/Unix.pm: account for variants in sharedlib_simple() (PR openssl/openssl#16608) * Web: - Take into account the OpenSSL 3.0 branch (PR openssl/web#255) - Make the manpage sidebar generated from template (PR openssl/web#258) * Internal: * Sysadm: - Drop all traces of Request-Tracker - Drop run.openssl.org - Install a Mac Mini Intel and a buildbot worker on it - Install Zenhub instance -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/
Monthly Status Report (September)
As well as normal reviews, responding to user queries, wiki user requests, OMC business, support customer issues, CLA submissions, handling security reports, etc., key activities this month: - Significant amount of time spent on various OMC tasks this month - Prepared various website updates ready for the 3.0 release - Wrote the blog post for the 3.0 release - Liased with mbed tls team (issue #16486) - Clarified the documentation around SSL_set_num_tickets() and SSL_get_session() - Fixed bug to correctly handle extensions in a Certificate message sent by a client - Performed the 1.0.2zb release - Wrote a blog about the FIPS submission - Significant investigation and a draft fix (later superseded) into #16614 Matt
Monthly Status Report (September 2021)
My key activities this month were: - triage of newly reported issues and responding to questions - participation on the meetings - studying the QUIC RFCs (8999-9002) - studying code (and documentation) of picoquic, ngtcp2, and LSQUIC libraries - infrastructure planning - release review of the 3.0.0 release - reviews of various PRs: - I've reviewed about 70 PRs this month - Notable PRs reviewed: - obj: make the OBJ_ calls thread safe #15713 - kdf: add PIN verification key KDF to providers #15968 - Fix OSSL_STORE 'file:' scheme implementation so it ignores objects in PEM files that the user isn't interested in #16466 - submitted 8 PRs: - In particular: - Last minute NEWS and CHANGES entries for the 3.0 release #16533 - providers: Do not use global EVP_CIPHERs and EVP_MDs #16600 I had also 2 days off. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
Late Monthly Status Report (September 2020)
Apart from normal business, such as normal reviews, OMC business, normal system administration tasks, small fixes, etc., key activities this month: * Development: - [WIP] EVP: retrieve EVP_CIPHER constants in the evp_cipher_from_dispatch() (PR openssl/openssl#11980) - [not_yet_merged] [WIP] APPS: Refactoring dsaparam and dhparam (PR openssl/openssl#12072) - DOC: Modify one example in EVP_PKEY_fromdata(3) (PR openssl/openssl#12389) - CORE: Implement unconditional provider autoactivation (PR openssl/openssl#12497) - [reviewed] Add SM2 key management (PR openssl/openssl#12536 by InfoHunter) - OSSL_STORE: Move 'file:' scheme loader to provider (PR openssl/openssl#12587) - dev/release.sh: Rework to be smoother (PR openssl/openssl#12614) - Building: Build Unix static libraries a limited number of object files at a time (PR openssl/openssl#12706) - PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys (PR openssl/openssl#12738) - EVP: Preserve the EVP_PKEY id in a few more spots (PR openssl/openssl#12785) - EVP: Add support for delayed EVP_PKEY operation parameters (PR openssl/openssl#12789) - TEST: skip POSIX errcode zero in test/recipes/02-test_errstr.t (PR openssl/openssl#12799) - [reviewed] NonStop port updates for 3.0.0. (PR openssl/openssl#12800 by rsbeckerca) - ENCODER: Refactor provider implementations, and some cleanup (PR openssl/openssl#12803) - Diverse build.info: Adjust paths (PR openssl/openssl#12816) - STORE: Fix OSSL_STORE_attach() to check |ui_method| before use (PR openssl/openssl#12831) - OSSL_DECODER 'decode' function must never be NULL. (PR openssl/openssl#12849) - EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers (PR openssl/openssl#12853) - EVP: Centralise fetching error reporting (PR openssl/openssl#12857) - ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER (PR openssl/openssl#12873) - OpenSSL::ParseC: recognise inline function bodies (PR openssl/openssl#12882) - util/mkerr.h: Restore header file rename (PR openssl/openssl#12910) - EVP: Enforce that EVP_PKEY_set_alias_type() only works with legacy keys (PR openssl/openssl#12920) - DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in (PR openssl/openssl#12924) - Streamline/Rationalize HPE NonStop Configuration (PR openssl/openssl#12933) - Configurations/unix-Makefile.tmpl: make cleanup kinder (PR openssl/openssl#12939) - Hide ECX_KEY again (PR openssl/openssl#12956) - Configuration: Make it possible to have an argument file (PR openssl/openssl#12960) - Build: Make NonStop shared libraries only export selected symbols (PR openssl/openssl#12962) - STORE: Clear a couple of TODOs that were there for the sake of SM2 (PR openssl/openssl#12986) - Configure: handle undefined shared_target. (PR openssl/openssl#13031) * Web: - [reviewed] Add a new section to the Coding Style about argument ordering (PR openssl/web#194 by mattcaswell) - [reviewed] Add a new section to the Coding Style about extending existing functions (PR openssl/web#195 by mattcaswell) -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/
Monthly Status Report (September)
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Continued work on and eventually merged a PR to add an HMAC implementation that was TLS aware - Managed the response to the Raccoon Attack and the associated 1.0.2w release - Fixed an EVP_MD_CTX related memory leak - Overhauled and fixed long standing issues with stafestack - Published a blog post on the OpenSSL Administrator and Manager position - Fixed the dgst app to not assume that it can send -1 for the length of a raw key - Implemented a fix for lhash along the same lines as the safestack fix - Drafted and attempted to get passed (only partially successfully) new coding style guidance about function arguments - Added support to the provider side EdDSA signature algorithm for AlgorithmIdentifiers. - Managed the release of 1.1.1h - Investigated and created a reproducer for an issue where EC based EVP_PKEYs fail to work in master where a private key is set but there is no public key, but the same code worked in 1.1.1 - Implemented provider side support for SM2 Asymmetric Encryption - Ongoing activity in the recruitment for the Administrator & Manager position - Renamed all *_with_libctx functions to *_ex() - Reviewed old issues for relevance to the beta1 milestone - Reviewed all the outstanding TODO(3.0) tags for relevance to the beta1 milestone - Attended 2 OTC vf2f meetings - Attended committer vf2f meeting - Ongoing attendance at regular developer meetings - Ongoing attendance at regular FIPS sponsor meetings Matt
Late Monthly Status Report (September 2019)
Apart from normal business, such as normal reviews, OMC business,
normal system administration tasks, small fixes, etc., key activities
this month:
* Development
- Rework the documentation of our individual MAC implementations
(PR openssl/openssl#9713)
- Refactor how KEYMGMT methods get associated with other methods
(PR openssl/openssl#9678)
- test/errtest.c: more conditions for checking __FILE__ and __LINE__
(PR openssl/openssl#9755)
- New functions EVP_MD_free() and EVP_CIPHER_free()
(PR openssl/openssl#9758)
- Move libapps.a source to apps/lib
(PR openssl/openssl#9723)
- Move KDFs and PRFs into providers
(PR openssl/openssl#9662)
- Rework the perl fallback functionality
(PR openssl/openssl#9826)
- test/evp_test.c: try fetching algorithms
(PR openssl/openssl#9121)
- doc/man3/OSSL_PARAM.pod: add details about multiple elements with
same key
(PR openssl/openssl#9741)
- util/perl/OpenSSL/Test.pm: Disable stdout/stderr redirection on
non-verbosity
(PR openssl/openssl#9862)
- Rework test/run_tests.pl to support selective verbosity and TAP copy
(PR openssl/openssl#9862)
- ERR fixups and additions
(PR openssl/openssl#9765)
- Refactor configdata.pm to be generated by template
(PR openssl/openssl#9693)
- Deprecate the public definition of ERR_STATE
(PR openssl/openssl#9462)
- Unify assembler scripts
(PR openssl/openssl#9884)
- crypto/bn/build.info: Correct use of SSE2 definition
(PR openssl/openssl#9879)
- Refactor TLS1-PRF to create the MAC contexts early
(PR openssl/openssl#9930)
- Use name identity instead of name in diverse methods
(PR openssl/openssl#9897)
- Refactor TLS-PRF's kdf_tls1_prf_mkmacctx() to a provider utility
(PR openssl/openssl#9946)
- Refactor SSKDF to create the MAC contexts early
(PR openssl/openssl#9946)
- include/openssl/macros.h: Rework OPENSSL_FUNC for div C standards
(PR openssl/openssl#9913)
- include/openssl/macros.h: better OPENSSL_FUNC fallback
(PR openssl/openssl#9976)
- Rework cipher / digest fetching for legacy nids with multiple name support
(PR openssl/openssl#9969)
- Configure, build.info: make it possible to use variables in indexes
(PR openssl/openssl#9637)
- When building of modules is disabled, build the legacy provider
into libcrypto
(PR openssl/openssl#9637)
- OSSL_PARAM.pod: document the mechanism to figure out buffer sizes
(PR openssl/openssl#10025)
- Make doc/man7/ and doc/internal/man3/ conform with man-pages(7)
(PR openssl/openssl#10034)
- Make relevant tests more sensitive to 'no-fips'
(PR openssl/openssl#10047)
- Make ASYNC manuals conform with man-pages(7)
(PR openssl/openssl#10043)
- [not yet merged] Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use
with provider.
(PR openssl/openssl#10008)
- [not yet merged] Replumbing: pre-populate the EVP namemap with
commonly known names
(PR openssl/openssl#8984)
- [not yet merged] Display multiple names
(PR openssl/openssl#9979)
- [unpublished] Continued work on flexible installation commands for
Makefiles
- [not yet merged] X509_LOOKUP_store: new X509_LOOKUP_METHOD that
works by OSSL_STORE URI
(PR openssl/openssl#8442)
* System administration
- Installed and set up internal github EE instance
- Fixed letsencrypt issues with our gitlab instance
- Modernized our apache config template usage
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
Late Monthly Status Report (September 2019)
Apart from normal business, such as normal reviews, OMC business,
normal system administration tasks, small fixes, etc., key activities
this month:
* Development
- Rework the documentation of our individual MAC implementations
(PR openssl/openssl#9713)
- Refactor how KEYMGMT methods get associated with other methods
(PR openssl/openssl#9678)
- test/errtest.c: more conditions for checking __FILE__ and __LINE__
(PR openssl/openssl#9755)
- New functions EVP_MD_free() and EVP_CIPHER_free()
(PR openssl/openssl#9758)
- Move libapps.a source to apps/lib
(PR openssl/openssl#9723)
- Move KDFs and PRFs into providers
(PR openssl/openssl#9662)
- Rework the perl fallback functionality
(PR openssl/openssl#9826)
- test/evp_test.c: try fetching algorithms
(PR openssl/openssl#9121)
- doc/man3/OSSL_PARAM.pod: add details about multiple elements with
same key
(PR openssl/openssl#9741)
- util/perl/OpenSSL/Test.pm: Disable stdout/stderr redirection on
non-verbosity
(PR openssl/openssl#9862)
- Rework test/run_tests.pl to support selective verbosity and TAP copy
(PR openssl/openssl#9862)
- ERR fixups and additions
(PR openssl/openssl#9765)
- Refactor configdata.pm to be generated by template
(PR openssl/openssl#9693)
- Deprecate the public definition of ERR_STATE
(PR openssl/openssl#9462)
- Unify assembler scripts
(PR openssl/openssl#9884)
- crypto/bn/build.info: Correct use of SSE2 definition
(PR openssl/openssl#9879)
- Refactor TLS1-PRF to create the MAC contexts early
(PR openssl/openssl#9930)
- Use name identity instead of name in diverse methods
(PR openssl/openssl#9897)
- Refactor TLS-PRF's kdf_tls1_prf_mkmacctx() to a provider utility
(PR openssl/openssl#9946)
- Refactor SSKDF to create the MAC contexts early
(PR openssl/openssl#9946)
- include/openssl/macros.h: Rework OPENSSL_FUNC for div C standards
(PR openssl/openssl#9913)
- include/openssl/macros.h: better OPENSSL_FUNC fallback
(PR openssl/openssl#9976)
- Rework cipher / digest fetching for legacy nids with multiple name support
(PR openssl/openssl#9969)
- Configure, build.info: make it possible to use variables in indexes
(PR openssl/openssl#9637)
- When building of modules is disabled, build the legacy provider
into libcrypto
(PR openssl/openssl#9637)
- OSSL_PARAM.pod: document the mechanism to figure out buffer sizes
(PR openssl/openssl#10025)
- Make doc/man7/ and doc/internal/man3/ conform with man-pages(7)
(PR openssl/openssl#10034)
- Make relevant tests more sensitive to 'no-fips'
(PR openssl/openssl#10047)
- Make ASYNC manuals conform with man-pages(7)
(PR openssl/openssl#10043)
- [not yet merged] Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use
with provider.
(PR openssl/openssl#10008)
- [not yet merged] Replumbing: pre-populate the EVP namemap with
commonly known names
(PR openssl/openssl#8984)
- [not yet merged] Display multiple names
(PR openssl/openssl#9979)
- [unpublished] Continued work on flexible installation commands for
Makefiles
- [not yet merged] X509_LOOKUP_store: new X509_LOOKUP_METHOD that
works by OSSL_STORE URI
(PR openssl/openssl#8442)
* System administration
- Installed and set up internal github EE instance
- Fixed letsencrypt issues with our gitlab instance
- Modernized our apache config template usage
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
Monthly Status Report (September)
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Implemented the ability for providers to perform signature operations and moved DSA to the default provider - Performed the release of 1.1.1d, 1.1.0l and 1.0.2t - Fixed an issue where a non-empty status_request extension was being sent in a CertificateRequest message - Investigated a failure when calling DH_check() in the pyca cryptography external tests - Fixed no-dsa - Fixed no-engine - Fixed an asan failure due to an incorrect value being passed to provider KDF functions - Fixed undefined behaviour where NULL was passed to memcpy - Made proposals for fixing the issue around FIPS self-test being triggered multiple times - Fixed an issue where EVP_MD_CTX_[gettable|settable]_params, did not actually take an EVP_MD_CTX as a parameter - Implemented PR for DigestSign/DigestVerify support in providers - Fixed documentation for stateless cookie callbacks, and added documentation for DTLSv1_listen() cookie callbacks Matt
[openssl-project] Monthly Status Report (September)
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Spent the week starting 3rd September attending the OpenSSL FIPS summit in Brisbane. Working on the OpenSSL strategy for FIPS and the design of the new module. - Clarified the documentation for the return values of SSL_client_version() - Fixed the handling of session tickets following a resumption with an external PSK, i.e. we treat it like a resumption and send one ticket back to the client - Updated and merged the fix for handling applications with clients that only write/servers that only read to avoid EPIPE while sending the new session tickets - Fix a problem where we were attempting to use an RSA-PSS cert for key exchange - A lot of work tracking and managing the release criteria status in the lead up to the 1.1.1 release - Performed the 1.1.1 release - Merged fixes for the EVP_DigestSign* docs - Updates to enable processing of NewSessionTickets and KeyUpdate messages even after we've sent a close_notify - Fixed a doc error wrt SSL_set_post_handshake_auth() - Wrote an published a blog entry about the 1.1.1 release - Fixed a bug in certificate callbacks when used with TLSv1.3 - Fixed a bug where SNI data can get reset mid-handshake - Fixed a number of issues identified by Coverity - Improve documentation around the -early_data option to s_server, and make sure we error out if attempting to use it in conjunction with -www - Significant and ongoing work on the OpenSSL Strategy and FIPS design documents - Fixed a bug with SNI in 1.1.1 - Fixed a bug with max psk len for TLSv1.3 - Fixed some no-* options Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
