Re: [openssl-project] Style question

2018-02-12 Thread Salz, Rich
The error return is not documented. We are definitely moving to a "don't check params for NULL". I would like to see this changed to be the obvious one-liner. Tim will disagree, but he's on the wrong side of history :) ___ openssl-project mailing

Re: [openssl-project] Style question

2018-02-12 Thread Matt Caswell
On 12/02/18 16:05, Short, Todd wrote: > My 2cents (since I can’t reply to the list), is that other functions > (e.g. most SSL and SSL_CTX functions) require a non-NULL object. I’m not > sure this is any different. Good point. Although that then changes the question slightly to be can we assume

[openssl-project] Style question

2018-02-12 Thread Matt Caswell
I've been looking at our use of EVP_MD_size() (prompted by Coverity). That function can return a -1 on error: int EVP_MD_size(const EVP_MD *md) { if (!md) { EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); return -1; } return md->md_size; } The only

Re: [openssl-project] Code Freeze!!!

2018-02-12 Thread Richard Levitte
In message <48d370b8-6fbc-2047-3b02-35049d010...@openssl.org> on Mon, 12 Feb 2018 15:04:36 +, Matt Caswell said: matt> Please could someone freeze the repo for me? The tools don't let me do matt> it for my own benefit: matt> matt> ssh openssl-...@git.openssl.org freeze

[openssl-project] Code Freeze!!!

2018-02-12 Thread Matt Caswell
Please could someone freeze the repo for me? The tools don't let me do it for my own benefit: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] Code freeze later today

2018-02-12 Thread Salz, Rich
Please try to walk through and use the release instructions in the tool repo and fix any errors. On 2/12/18, 6:24 AM, "Matt Caswell" wrote: Tomorrow we are doing our first alpha release. Therefore I plan to call a code freeze from later today until after the release

Re: [openssl-project] Code freeze later today

2018-02-12 Thread Richard Levitte
In message <0334edc9-5b9c-8fd4-66a8-ea0b277e9...@openssl.org> on Mon, 12 Feb 2018 11:24:24 +, Matt Caswell said: matt> Tomorrow we are doing our first alpha release. Therefore I plan to call matt> a code freeze from later today until after the release is complete matt>

[openssl-project] Mitre GIT CVE pilot, vulnerability JSON files

2018-02-12 Thread Mark J Cox
Mostly this is a note for any future release managers but also a FYI to anyone interested. We're participating in the CVE Automation Working Group pilot to provide CVE information via git[1]. This means when we do any future security release of OpenSSL we can send information about each CVE