Monthly Status Report (May 2022)
My key activities this month were:
- triage of newly reported issues, investigating bugs, and responding
to questions
- participation on the meetings
- Youtrack workflow experimentation and proposal
- participation on QUIC design and implementation
- preparation of Technical Policies changes proposals
- reviews of various PRs:
- I've reviewed more than 80 PRs this month
- Notable PRs reviewed:
- X509{,_LOOKUP}: Improve distinction between not found and
fatal/internal error #14417
- Make configuration (and therefore builds) leaner
#16378
- Clear method store / query cache confusion
#18151
- tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and
above #18236
- Non-locale dependent OPENSSL_strcasecmp #18344
- QUIC wire format support #18382
- http_client.c: trace HTTP requests and responses when enabled
#18386
- submitted 15 PRs:
- In particular:
- Fix build on OPENSSL_SYS_TANDEM and older POSIXes
#18241
- Add design requirements for QUIC packet demuxer #18249
- Add a testcase for OSSL_PROVIDER_unload() being fully effective
#18254
- OPENSSL_strcasecmp build, cleanup, and initialization fixes
#18282
- Always try to construct methods as new provider might be added
#18269
- QUIC empty protocol implementation #18307
- ossl_namemap_name2_num: Avoid unnecessary OPENSSL_strndup().
#18341
- High level overview of QUIC Implementation #18406
I also took 1 day off this month.
--
Tomáš Mráz, OpenSSL
Monthly Status Report (May 2022)
Apart from normal business, attending daily standup meetings, attending OTC meetings, sprint planning meetings, etc., key activities this month: - Wrote up discussion of options for BIO_dgram API - PR #18238 (synthesized API proposals and DDD diffs into single PR) - PR #18270 (BIO_dgram sendmmsg/recvmmsg implementation work) - Updated lhash deprecation PR to implement chosen option - Setup YouTrack instance - Backported a bug fix to 1.0.2 for a premium support customer - PR #18305 fixing #18243 and #18242 (dev/release.sh --release) - PR tools#117 fixiing tools#116 (addrev release mode) - PR to fix Git hooks (release mode) - PR #18320 porting 1.1 EC compression compatibility tests to 3.x and incorporating changes from #16624 - Investiigated #18226 (OSSL_LIB_CTX_load_config thread safety) - PR #18323 (move modules lists to OSSL_LIB_CTX) - PR #18331 (make OSSL_LIB_CTX_load_config thread safe) fixing #18226 - Proposed deprecating long (#18338, technical-poliicies#51) - Moved YouTrack instance to production - Setup VCS integrations with YouTrack - Patched YouTrack GitHub importer to work with GHE and imported issues - PR #18382 (QUIC wire format support) - Implemented BIO_dgram_pair - Attended SSL object structure workshop - Attended 3.1 release and risk assessment meetings
Monthly status report: May 2022
Significant activities throughout February included: * Investigation and mitigation of performance problems with MS QUIC. * Banned older TLS/DTLS & SSL protocols as security levels above zero. * Removed unused and untested _fetch_by_number functions. * Design and implementation of a timer subsystem. * Investigated code generation problem with clang-14 (strict aliasing being broken in a non-obvious way). * Review of event queue design. * Merge event queue and timer subsystems. * Blog post about Spectre gadgets in our source code. * Participating in ongoing FIPS related discussions. * Fixes for Coverity raise problems. * Fix case insensitive string comparisons so that they don't rely on locale support. * Wrote (unpublished) blog post and emails relevant parties (also unpublished). * Begin working on the QUIC packisation design. * Reviews the substantial feature PRs. This is in addition to the usual nightly meetings, issue triage, small pull requests, pull request reviews and responding to questions etc Pauli
