Monthly Status Report (September)
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Continued work on and eventually merged a PR to add an HMAC implementation that was TLS aware - Managed the response to the Raccoon Attack and the associated 1.0.2w release - Fixed an EVP_MD_CTX related memory leak - Overhauled and fixed long standing issues with stafestack - Published a blog post on the OpenSSL Administrator and Manager position - Fixed the dgst app to not assume that it can send -1 for the length of a raw key - Implemented a fix for lhash along the same lines as the safestack fix - Drafted and attempted to get passed (only partially successfully) new coding style guidance about function arguments - Added support to the provider side EdDSA signature algorithm for AlgorithmIdentifiers. - Managed the release of 1.1.1h - Investigated and created a reproducer for an issue where EC based EVP_PKEYs fail to work in master where a private key is set but there is no public key, but the same code worked in 1.1.1 - Implemented provider side support for SM2 Asymmetric Encryption - Ongoing activity in the recruitment for the Administrator & Manager position - Renamed all *_with_libctx functions to *_ex() - Reviewed old issues for relevance to the beta1 milestone - Reviewed all the outstanding TODO(3.0) tags for relevance to the beta1 milestone - Attended 2 OTC vf2f meetings - Attended committer vf2f meeting - Ongoing attendance at regular developer meetings - Ongoing attendance at regular FIPS sponsor meetings Matt
Re: OTC VOTE: The PR #11359 (Allow to continue with further checks on UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch
0 On Fri, Oct 9, 2020 at 1:02 PM Tomas Mraz wrote: > > topic: The PR #11359 (Allow to continue with further checks on > UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch > As the change is borderline on bug fix/behaviour change OTC needs > to decide whether it is acceptable for 1.1.1 branch. > Proposed by Tomas Mraz > Public: yes > opened: 2020-10-09 > closed: 2020-mm-dd > accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) > > Matt [ ] > Mark [ ] > Pauli [ ] > Viktor [ ] > Tim[ ] > Richard[ ] > Shane [ ] > Tomas [+1] > Kurt [ ] > Matthias [ ] > Nicola [ ] > > -- > Tomáš Mráz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > >
Re: OTC VOTE: The PR #11359 (Allow to continue with further checks on UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch
-1 I don't see this as a bug fix. Tim On Fri, Oct 9, 2020 at 10:02 PM Tomas Mraz wrote: > topic: The PR #11359 (Allow to continue with further checks on > UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch > As the change is borderline on bug fix/behaviour change OTC needs > to decide whether it is acceptable for 1.1.1 branch. > Proposed by Tomas Mraz > Public: yes > opened: 2020-10-09 > closed: 2020-mm-dd > accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) > > Matt [ ] > Mark [ ] > Pauli [ ] > Viktor [ ] > Tim[ ] > Richard[ ] > Shane [ ] > Tomas [+1] > Kurt [ ] > Matthias [ ] > Nicola [ ] > > -- > Tomáš Mráz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > > >
Re: OTC VOTE: The PR #11359 (Allow to continue with further checks on UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch
On 11/10/2020 11:34, Nicola Tuveri wrote: > I am basing my vote on the feedback provided by @DDvO [0] and @t8m [1]. > In particular I am convinced to vote in favor, as I can see this as a > bug fix, fixing an undocumented inconsistency, and that it is very > unlikely it would affect existing applications. IMO this is not a bug fix. It does correct an undocumented inconsistency and so I have no problem with this being applied to master. But I think it is a stretch to describe it as a bug fix. Matt > > > Nicola > > > [0]: https://github.com/openssl/openssl/pull/11359#issuecomment-706189632 > [1]: https://github.com/openssl/openssl/pull/11359#issuecomment-706191205 > > > On Fri, 9 Oct 2020 at 15:02, Tomas Mraz wrote: >> >> topic: The PR #11359 (Allow to continue with further checks on >> UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch >> As the change is borderline on bug fix/behaviour change OTC needs >> to decide whether it is acceptable for 1.1.1 branch. >> Proposed by Tomas Mraz >> Public: yes >> opened: 2020-10-09 >> closed: 2020-mm-dd >> accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) >> >> Matt [ ] >> Mark [ ] >> Pauli [ ] >> Viktor [ ] >> Tim[ ] >> Richard[ ] >> Shane [ ] >> Tomas [+1] >> Kurt [ ] >> Matthias [ ] >> Nicola [ ] >> >> -- >> Tomáš Mráz >> No matter how far down the wrong road you've gone, turn back. >> Turkish proverb >> [You'll know whether the road is wrong if you carefully listen to your >> conscience.] >> >> >
Re: OTC VOTE: The PR #11359 (Allow to continue with further checks on UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch
-1 On 09/10/2020 13:02, Tomas Mraz wrote: > topic: The PR #11359 (Allow to continue with further checks on > UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch > As the change is borderline on bug fix/behaviour change OTC needs > to decide whether it is acceptable for 1.1.1 branch. > Proposed by Tomas Mraz > Public: yes > opened: 2020-10-09 > closed: 2020-mm-dd > accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) > > Matt [ ] > Mark [ ] > Pauli [ ] > Viktor [ ] > Tim[ ] > Richard[ ] > Shane [ ] > Tomas [+1] > Kurt [ ] > Matthias [ ] > Nicola [ ] >