Re: [openssl-project] build/test before merging

On 23/05/18 01:43, Salz, Rich wrote: > > I do the same, but I am reluctant having a script doing it for me using > some fixed recipe... > >>I'm happy doing the build/test manually before merging, too. > > > So do you guys use the ghmerge script or own procedures? I'm curious.

Re: [openssl-project] build/test before merging

On 23/05/18 16:50, Benjamin Kaduk wrote: > On Wed, May 23, 2018 at 03:12:30PM +, Dr. Matthias St. Pierre wrote: >>> So do you guys use the ghmerge script or own procedures? I'm curious. >> >> At the beginnning, I tried to use ghmerge but it was not flexible >> enough for my needs. In

[openssl-project] Please approve 6457 for backport

This is the PR for the CVE. I forgot to add the branches to the PR...this is for 1.1.0 and 1.0.2. Please can someone approve the backport asap? Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] stepping down from OMC

On 08/06/18 20:56, Emilia Käsper wrote: > Hi all, > > I'm leaving the project. This should come as no surprise. I've had > little to no time to work on OpenSSL lately, and I firmly believe that > OpenSSL should be driven by engineers that are actively engaged in the > project and writing code

[openssl-project] ECDSA blinding

FYI see commit a3e9d5aa98 (and equivalent commits in 1.1.0 and 1.0.2). These fixes were reviewed in private due to an embargo from the reporter. In spite of that we have chosen not to issue a CVE for these fixes since they are localhost side channels only. Matt

[openssl-project] Beta release today

Oops, there is supposed to be a beta release today... If someone is available to review it (any volunteers), I'll do it this evening. Starting around 17.30 UTC (although it looks like we might have to fix travis first). In the meantime please could someone freeze the repo? Matt

Re: [openssl-project] Beta release today

On 19/06/18 17:14, Matt Caswell wrote: > Actually, it feels a bit rushed, so I think I'm going to do it tomorrow > instead. > > It would still be good if someone can freeze the repo though please: > > ssh openssl-...@git.openssl.org freeze openssl matt The repo is now fr

Re: [openssl-project] Current votes FYI

On 29/05/18 06:45, Dr. Matthias St. Pierre wrote: >> VOTE: 1.1.1 beta release schedule changed so that the next two beta releases >> are now 29th May, 19 June and we will re-review release readiness after >> that. We will also ensure that there is at least one beta release post >> TLS-1.3

[openssl-project] Github to be acquired by Microsoft

See: https://blog.github.com/2018-06-04-github-microsoft/ Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Monthly Status Report (May)

As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Fixed a mem leak in CMS_RecipientInfo_set0_pkey() and added some CMS tests - Added a note around performance and Nagle's algorithm on the

[openssl-project] Milestones and the 1.1.1 release

I'm thinking that we should maybe re-asses the current milestones in github. We currently use the following milestones: Assessed - Anything against this milestone isn't relevant to the 1.1.1 release (e.g. 1.0.2 specific issue) 1.1.1 - This is relevant to the 1.1.1 release but may not be

Re: [openssl-project] Milestones and the 1.1.1 release

elease. At the moment though it is impossible to tell which are the high priority issues we should be focussing on. Matt > > > > On 6/26/18, 11:56 AM, "Matt Caswell" wrote: > > I'm thinking that we should maybe re-asses the current milestones in > github. >

Re: [openssl-project] Milestones and the 1.1.1 release

t seems justifiable to me. The latter. I mean it doesn't *prevent* us from fixing something that's in both 1.1.0 and 1.1.1 - but our focus should be on fixing issues that are newly introduced in 1.1.1. Matt > > On 6/26/18, 3:32 PM, "Matt Caswell" wrote: > > > >

Re: [openssl-project] Milestones and the 1.1.1 release

Well, no one has objected so far. I'm not around tomorrow and Friday to action this but, unless anyone shouts between now and then, I'll start doing this on Monday. Matt On 26/06/18 21:15, Matt Caswell wrote: > > > On 26/06/18 20:43, Salz, Rich wrote: >> That's interesting

Re: [openssl-project] [openssl-commits] Build failed in Jenkins: master_noec #574

Also - does this only happen with no-ec? Matt On 27/06/18 10:32, Matt Caswell wrote: > I am slightly confused because the code sample below and the commit id > you gave is for 1.1.0, but the original email seems to be about master. > > Is the same issue affectin

[openssl-project] Forthcoming holidays

FYI, I have a few days off coming up which will mean I am less responsive than normal. I will have very limited/no access to email during these periods: Thursday 28th - Friday 29th June and Sunday 8th - Thursday 12th July Matt ___ openssl-project

Re: [openssl-project] Milestones and the 1.1.1 release

On 02/07/18 18:36, Salz, Rich wrote: > Thanks for finishing this off. > > > https://github.com/openssl/openssl/issues?q=is%3Aopen+is%3Aissue+milestone%3A1.1.1 > > Are 6512 and 6396 the same, and closed because we made things more secure? They may be the same, or maybe not. Almost

Re: [openssl-project] Milestones and the 1.1.1 release

On 27/06/18 16:10, Matt Caswell wrote: > Well, no one has objected so far. I'm not around tomorrow and Friday to > action this but, unless anyone shouts between now and then, I'll start > doing this on Monday. All issues have been reviewed and their milestones updated accordingl

[openssl-project] Freezing the repo

Please could someone freeze the repo for me for tomorrow's release: $ ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] Beta release on Tuesday

On 27/04/18 12:12, Salz, Rich wrote: >>As normal we are planning a new beta release on Tuesday. This means that >>we will be freezing the repo from Monday afternoon (UTC). > > I'm in US but available if nobody "closer" can do it. Nobody else has stepped forward. Are you still

Re: [openssl-project] Style guide updates

On 26/01/18 17:03, Richard Levitte wrote: > In message <c20f5fd4-1c85-c96b-42e7-e2a84e411...@openssl.org> on Fri, 26 Jan > 2018 14:06:27 +, Matt Caswell <m...@openssl.org> said: > > matt> - Use size_t for sizes of things > > ... and, it seems, as array

Re: [openssl-project] Issues review

r whatever reason (to the point that we should hold up the release schedule for it) then we can argue that out on a case-by-case basis and amend the milestones accordingly. Alternatively just make sure you get it reviewed and committed before feature freeze. Matt On 23/01/18 17:49, Matt Caswell

Re: [openssl-project] 1.1.1 Release timetable (again)

On 24/01/18 17:32, Matt Caswell wrote: > 14th March 2018, beta release 1 (pre2) > OpenSSL_1_1_1-stable created (feature freeze) > master becomes basis for 1.1.2 or 1.2.0 (TBD) > 11th March 2018, beta release 2 (pre3) That should of course say 11th

Re: [openssl-project] travis builds failing with aligment errors?

On 30/01/18 14:30, Matt Caswell wrote: > > > On 30/01/18 14:27, Benjamin Kaduk wrote: >> It seems that we've started getting issues with a single build >> configuration, e.g., >> https://travis-ci.org/openssl/openssl/jobs/335110257 >> >> Lots of complai

Re: [openssl-project] 1.1.1 Release timetable (again)

On 25/01/18 19:08, Matt Caswell wrote: > > > On 25/01/18 11:59, Salz, Rich wrote: >> As long as we have the freedom to release earlier, this looks okay to me. > > I added this sentence to make that freedom crystal clear: > > "This may be amended at any time

[openssl-project] Monthly Status Report (January)

As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended Real World Crypto 2018 in Zürich in order to collect the Levchin prize on behalf of the team - Took part in an interview for RedHat -

[openssl-project] New Committer

Please welcome our newest committer David Benjamin! Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] 1.1.1 Release timetable (again)

On 29/01/18 11:04, Matt Caswell wrote: > > > On 25/01/18 19:08, Matt Caswell wrote: >> >> >> On 25/01/18 11:59, Salz, Rich wrote: >>> As long as we have the freedom to release earlier, this looks okay to me. >> >> I added this sentence to

[openssl-project] OS/X builds failing

The new travis OS/X builds are failing with this: -MT apps/enc.o -c -o apps/enc.o apps/enc.c apps/enc.c:567:54: error: format specifies type 'uintmax_t' (aka 'unsigned long') but the argument has type 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat] BIO_printf(bio_err, "bytes read

[openssl-project] Feature freeze for 1.1.1

I have now updated the release strategy page with the agreed plan for the 1.1.1 release: https://www.openssl.org/policies/releasestrat.html I'd like to draw everyone's attention to the key date of 13th March 2018. Which is when we do the feature freeze. In practice we typically freeze the repo

Re: [openssl-project] 1.1.1 Release timetable (again)

On 30/01/18 10:45, Matt Caswell wrote: > No feedback so I started the vote: > > topic: We should update the release strategy as shown in > https://github.com/openssl/web/pull/41, commit id 52d9ea8fb > Proposed by Matt Caswell > Public: yes > opened: 2018-01-30 >

[openssl-project] TLSv1.3

Now that the TLSv1.3 implementation is quite stable - should we switch it on by default? Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Code Freeze!!!

Please could someone freeze the repo for me? The tools don't let me do it for my own benefit: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] Style guide update -- summary so far

On 05/02/18 19:43, Dr. Matthias St. Pierre wrote: > > Wasn't there also the suggestion by someone that if one part of an > if-else statements needs braces that the other part should get some, too? That's already in the style guide: Do not unnecessarily use braces around a single statement:

Re: [openssl-project] tag for 1.1.1pre1?

(cc'ing openssl-project) On 15/02/18 22:36, Benjamin Kaduk wrote: > Hi Matt, > > I see git tags for 1.1.0pre[1-6], but not one for the 1.1.1 alpha.  Is > this intentional or an omission? Oops. 'cos we had a few problems during the release I had to run the mkrelease script more than once and

[openssl-project] Monthly Status Report (July)

As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended a number of meetings re FIPS - Fixed a bug in 1.1.0/1.0.2 which can result in an invalid CertificateRequest message being sent - Reviewed

[openssl-project] 1.1.1 Release criteria update

A quick update on the status of the 1.1.1 release criteria: - All open github issues/PRs older than 2 weeks at the time of release to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1 milestone to be closed Status: We have 5 open issues (4 of which were opened within the last 2

Re: [openssl-project] EdDSA and "default_md"?

On 08/08/18 21:22, Viktor Dukhovni wrote: > Don't know whether everyone here also reads openssl-users, so to recap, > Robert Moskowitz reports considerable frustration > as a result of "default_md = sha256" being incompatible with Ed25519 > (and Ed448). He's working around this with "-md

Re: [openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

On 08/08/18 11:28, Matt Caswell wrote: > For the full background to this issue see: > > https://github.com/openssl/openssl/issues/6490 > > TL;DR summary: > > The TLSv1.2 and TLSv1.3 PSK mechanisms are quite different to each > other. OpenSSL (along with at least

[openssl-project] Removal of NULL checks

We've had a policy for a while of not requiring NULL checks in functions. However there is a difference between not adding them for new functions and actively removing them for old ones. See https://github.com/openssl/openssl/pull/6893 In this case the removal of a NULL check in the stack code

[openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

For the full background to this issue see: https://github.com/openssl/openssl/issues/6490 TL;DR summary: The TLSv1.2 and TLSv1.3 PSK mechanisms are quite different to each other. OpenSSL (along with at least GnuTLS maybe others) has implemented an upgrade path which enables the reuse of a

Re: [openssl-project] Please freeze the repo

On 13/08/18 17:49, Andy Polyakov wrote: > It would be appropriate to merge > https://github.com/openssl/openssl/pull/6916 (1.0.2, commit message > would need adjustment for merged from) and This one appears to be not quite as ready as first thought. >

[openssl-project] Fwd: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'"

I went to approve this post, but I don't see it in the pending queue. Not sure why not - so forwarding this anyway. Please see below. Matt Forwarded Message Subject: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'" Date: Tue, 14 Aug

Re: [openssl-project] Releases tomorrow

On 14/08/18 11:05, Kurt Roeckx wrote: > On Tue, Aug 14, 2018 at 01:50:39AM +, Salz, Rich wrote: >>>- If we're going to make any changes for issue 6904 (broken pipe for >> clients that only write/server that only reads), then we should do that >> >> Yeah, I don't like the library

Re: [openssl-project] Forthcoming OpenSSL releases

On 07/08/18 15:15, Andy Polyakov wrote: >> Forthcoming OpenSSL releases >> > > I have some RSA hardening fixes in pipeline... Do you have PR numbers for them? Matt > ___ > openssl-project mailing list >

[openssl-project] Forthcoming OpenSSL releases

Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0i and 1.0.2p. These releases will be made available on 14th August 2018 between approximately 1200-1600 UTC. These are bug-fix releases.

[openssl-project] Releases tomorrow

Just a reminder that we are doing the 1.0.2p and 1.1.0i releases tomorrow so I will be freezing the repo later this afternoon. If you still have PRs to merge for the release please get them in asap! Thanks Matt ___ openssl-project mailing list

[openssl-project] Please freeze the repo

Please could someone freeze the repo for me? $ ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

On 09/08/18 10:31, Matt Caswell wrote: > I think perhaps a vote is the only way forward then. Does this vote text > seem reasonable? > > "We should remove the TLSv1.2 to TLSv1.3 PSK compatibility mechanism as > discussed in issue 6490. If TLSv1.2 PSKs are configured (an

Re: [openssl-project] Please freeze the repo

Release is done and the repo is unfrozen. Thanks again to Richard for all the help. Matt On 13/08/18 17:15, Mark J Cox wrote: > done. > > On Mon, Aug 13, 2018 at 5:11 PM, Matt Caswell wrote: >> Please could someone freeze the repo for me? >> >> $ ssh openssl

[openssl-project] Please freeze the repo

Please could someone freeze the repo for me for tomorrow's release: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Please freeze the repo

The repository is now unfrozen and the release is complete. Thanks to Tim for all the help. Matt On 20/08/18 18:00, Bernd Edlinger wrote: > Hi Matt, > > The repo should be frozen now. > > Bernd. > > On 08/20/18 18:01, Matt Caswell wrote: >> Please could som

[openssl-project] Current 1.1.1 status compared to Release criteria

I've done a review of the 1.1.1 release criteria against the current status. See below. TL;DR summary: Status is generally good. There are some outstanding issues and PRs that need input from various people. Specifically there are actions for: @levitte, @paulidale, @dot-asm, @mspncp, @t-j-h

Re: [openssl-project] Release Criteria Update

nd of reviews. Owner: Paul Yang #7073 Support EdDSA in apps/speed Updates made following earlier review. Awaiting another round of reviews. Owner: Paul Yang Matt On 04/09/18 17:11, Matt Caswell wrote: > Current status of the 1.1.1 PRs/issues: > > There are currently 6 open PRs for 1.1.1. H

[openssl-project] Please freeze the repo

Please can someone freeze the repo: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Monthly Status Report (August)

As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended a number of conference calls related to FIPS - Attended the week long FIPS summit in Brisbane. A lot was achieved and write ups of the

[openssl-project] Release Criteria Update

Current status of the 1.1.1 PRs/issues: There are currently 6 open PRs for 1.1.1. However in 2 cases there are 2 alternative implementations for the same thing - so really there are only 4 issues being addressed. One of these is in the "ready" state. The remaining 3 are: #7114 Process KeyUpdate

Re: [openssl-project] Release Criteria Update

On 06/09/18 17:32, Kurt Roeckx wrote: > On Tue, Sep 04, 2018 at 05:11:41PM +0100, Matt Caswell wrote: >> Current status of the 1.1.1 PRs/issues: > > Since we did make a lot of changes, including things that > applications can run into, would it make sense to have an other &g

[openssl-project] Release Criteria Update

We currently have 8 1.1.1 PRs that are open. 3 of which are in the "ready" state. There are 2 which are alternative implementations of the same thing - so there are really on 4 issues currently being addressed: #7145 SipHash: add separate setter for the hash size Owner: Richard Awaiting review

[openssl-project] Final check against the release criteria

A final check against the release criteria: - All open github issues/PRs older than 2 weeks at the time of release to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1 milestone to be closed (see below) There are no 1.1.1 flagged issues. There is one 1.1.1 flagged PR which was

Re: [openssl-project] Release Criteria Update

mapping to a C int32). > (no, we don't want to go back to using LONG) So...that PR seems to be labelled for 1.1.0 too? So why is the problem specific to 1.1.1? Matt > > Cheers, > Richard > > In message on Thu, 6 Sep > 2018 23:41:59 +0100, Matt Caswell said: > &

Re: [openssl-project] Release Criteria Update

On 07/09/18 10:09, Richard Levitte wrote: > In message on Fri, 7 Sep > 2018 09:56:01 +0100, Matt Caswell said: > >> >> >> On 07/09/18 01:51, Richard Levitte wrote: >>> I think this one should be part of the lot as well: >>> >>> #7

[openssl-project] Issues review

I completed my first pass review of all issues. I still need to look at PRs. I have put all PRs against a milestone using the following criteria: If it only applies to 1.0.2 or below: 1.0.2 milestone If it only applies to 1.1.0 or below: 1.1.0 milesone If it's API/ABI breaking to fix: 1.2.0

Re: [openssl-project] Issues review

On 23/01/18 20:55, Benjamin Kaduk wrote: > On Tue, Jan 23, 2018 at 06:11:50PM +0000, Matt Caswell wrote: >> >> >> On 23/01/18 18:05, Benjamin Kaduk wrote: >>> On Tue, Jan 23, 2018 at 05:51:41PM +, Matt Caswell wrote: >>>> >>>> >>&g

Re: [openssl-project] OID policy

On 14/03/18 23:40, Paul Dale wrote: >> We should have OID's for the things we implement > > Sounds like a policy :) > Vote time? In the past we've also put in OIDs on request (i.e. not necessarily for something we implement) if someone has given a reasonable argument for its inclusion. Matt

[openssl-project] Monthly Status Report (March)

As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Performed the 1.1.1 beta 1 (pre-3) release - Performed a security release for 1.1.0 and 1.0.2 - Carried out a number of different tasks around the

Re: [openssl-project] Some TLS 1.3 drafts don't have branches

On 12/04/18 02:42, Salz, Rich wrote: > ; g branch -r -v -a | grep -i draft > >   remotes/origin/tls1.3-draft-18 669c623 Update PR#3925 > >   remotes/origin/tls1.3-draft-19     d4d9864 Update PR#3925 > > ; > >   > > I recently had someone need draft-21 and they did > >  

Re: [openssl-project] build broken?

On 05/04/18 20:13, Salz, Rich wrote: > I thought someone else would beat me to it. Like, maybe, the person who > broke things :) > > But the fix is part of 5886 which you approved and I am merging now ... Oops! Sorry :-) The fix needs to go into 1.1.0 too to keep the numbers consistent:

Re: [openssl-project] Fwd: New Defects reported by Coverity Scan for openssl/openssl

> > BTW: isn't beta release 3 (pre5) due today? There was no announcement of > a code freeze yet. > > Am 16.04.2018 um 19:47 schrieb Matt Caswell: >> Can anyone enlighten me as to why I can't find half of these defects in >> the coverity dashboard? None of the reporte

[openssl-project] Constant time by default

I'd like to draw everyone's attention to PR #5969 Given CVE-2018-0737, and the fact that this is far from the first time this has happened I think we should change the default so that we always use the constant time implementation unless specifically flagged otherwise. E.g see these issues:

Re: [openssl-project] Potentially bad news on TLS 1.3 compatibility (sans SNI)

On 19/04/18 18:31, David Benjamin wrote: > I might suggest conditioning it on the compile-time version of OpenSSL > headers. This is a common transition strategy for systems working > through ABI constraints. (In some systems, this is implemented as some > target SDK version.) This is exactly

Re: [openssl-project] OpenSSL 1.1.1 library(OpenSSL 1.1.0 compile) Postfix to Postfix test

On 23/04/18 02:49, Viktor Dukhovni wrote: > > I tested a Postfix server and client built against OpenSSL 1.1.0, > using 1.1.1 run-time libraries. This exercised peer certificate > fingerprint matching and session resumption. No major issues. > > The only interesting observations are: > >

Re: [openssl-project] TLS 1.3 and SNI

On 17/04/18 23:36, Viktor Dukhovni wrote: > > Just wanted to check. The TLS 1.3 draft lists SNI as mandatory to implement, > but is not mandatory to use. Clients should, but do not have to send SNI, > and servers may require SNI, but can just use some default chain instead. > > Does

Re: [openssl-project] Repo frozen

The release is complete and the repo is unfrozen. Thanks to Richard yet again for all your help. Matt On 27/03/18 10:08, Matt Caswell wrote: > In case anyone was wondering the repo is currently frozen. > > Matt > ___ openssl-project

Re: [openssl-project] About PR 5702, etc.

On 27/03/18 14:00, Salz, Rich wrote: > Discussion seems to have stalled out on this.  Please review > https://github.com/openssl/openssl/pull/5702 if necessary. > >   > > Do folks want a general “TLS 1.3 is okay post-freeze” policy? I think that is ok and doesn't stray too far from what we

Re: [openssl-project] About PR 5702, etc.

On 29/03/18 11:06, Matt Caswell wrote: > "Feature changes in 1.1.1 directly related to TLSv1.3 will be allowed > during the beta as long as at least 3 OMC members approve the change" I started a vote with this text, and will report back here when I have th

Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

On 03/04/18 15:55, Salz, Rich wrote: > This is one reason why keeping around old assembly code can have a cost. :( Although in this case the code is <2 years old: commit e33826f01bd78af76e0135c8dfab3387927a82bb Author: Andy Polyakov AuthorDate: Sun May 15 17:01:15 2016

Re: [openssl-project] Is making tests faster a bugfix?

On 29/03/18 14:00, Salz, Rich wrote: > Please see https://github.com/openssl/openssl/pull/5788 > > I don’t think it is, but I’d like to know what others think. I do think this should be applied. The tests in question are not just slow but *really* slow to the point that I often exit them

[openssl-project] Code freeze later today

Just a reminder that beta1 is scheduled for release tomorrow so, in preparation for that, I will be freezing the repo later today. Of course this really means feature freeze as well since this will be your last opportunity to push features before the beta release. So if there is anything still

Re: [openssl-project] GitHub milestone for 1.1.1

ly "option"), like this: > > /DEFINE=(MACRO1, MACRO2="Foo", "Macro3=bar") > > The same goes for include paths, similarly collected in the qualifier /INCLUDE > > > Matt Caswell <m...@openssl.org> skrev: (19 mars 2018 10:12:06 CET) >

Re: [openssl-project] GitHub milestone for 1.1.1

f-12f99b44b...@openssl.org> on Mon, 19 Mar > 2018 11:14:27 +, Matt Caswell <m...@openssl.org> said: > > matt> > matt> > matt> On 19/03/18 10:58, Richard Levitte wrote: > matt> > Andy has indicated that the rather special construction to get > co

Re: [openssl-project] GitHub milestone for 1.1.1

On 19/03/18 08:27, Dr. Matthias St. Pierre wrote: > Hi, > > in view of the upcoming beta release and the release strategy (see > below) it is a little bit disturbing that our GitHub milestone for 1.1.1 > shows only 30% > completion. How are we

Re: [openssl-project] Code Repo

Of course I should have mentioned that although the feature freeze is in place, the code freeze is not, i.e. you can make pushes to the repo now. Matt On 20/03/18 14:17, Matt Caswell wrote: > The beta release is now complete. > > Important: > > We did *not* create the OpenS

[openssl-project] Code Repo

The beta release is now complete. Important: We did *not* create the OpenSSL_1_1_1-stable branch as planned (see https://github.com/openssl/openssl/pull/5690 for the discussion that led to that decision). For now the release was done from the master branch in the same way as we did for the

Re: [openssl-project] Anything else to go in before I call the freeze?

Please can someone freeze the repo for me: $ ssh openssl-...@git.openssl.org freeze openssl matt I will still take #5677 "Fix no-sm3 (and no-sm2)" after the freeze. Also if anyone can come up with a fix for the failing master in Travis that would be good. Matt On 19/03/18 16:48, Ma

[openssl-project] Anything else to go in before I call the freeze?

Let me know asap... Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Anything else to go in before I call the freeze?

BTW please review #5673. I'd like a clean run from run-checker for the release tomorrow. Matt On 19/03/18 16:33, Matt Caswell wrote: > Let me know asap... > > > Matt > ___ > openssl-project mailing list > openssl-projec

[openssl-project] Monthly Status Report (February)

As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Performed both the alpha1 and alpha2 1.1.1 releases - Completed work on the primitives, EVP layer and TLS implementation for X448 and Ed448. -

Re: [openssl-project] Next release is beta1

On 04/03/18 16:30, Kurt Roeckx wrote: > On Sun, Mar 04, 2018 at 02:44:01PM +, Salz, Rich wrote: >> I also intend to merge the config file .include PR (5351), and I want us to >> decide about 4848. > > I have to agree that I want to resolv 4848 (reading config file to > select things like

[openssl-project] Looking for Christophe Renou

Hi all As many of you know we are looking to change the licence for OpenSSL to the Apache Licence. To do that we are trying to trace all previous committers. We have a small number of people left to find. See: https://license.openssl.org/trying-to-find Of these one stands out as being a

Re: [openssl-project] to fully overlap or not to

On 28/02/18 17:09, Andy Polyakov wrote: I'd like to request more opinions on https://github.com/openssl/openssl/pull/5427. Key dispute question is whether or not following fragment should work unsigned char *inp = buf, *out = buf; for (i = 0; i <

Re: [openssl-project] to fully overlap or not to

On 28/02/18 16:32, Viktor Dukhovni wrote: > > >> On Feb 28, 2018, at 11:25 AM, Viktor Dukhovni >> wrote: >> >>> I'd like to request more opinions on >>> https://github.com/openssl/openssl/pull/5427. Key dispute question is >>> whether or not following fragment

[openssl-project] Freezing the repo soon

Just a reminder to everyone that we are doing the alpha2 release tomorrow, so we will be freezing the repo soon (in about an hour or so). Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] FYI: [postfix & TLS1.3 problems]

On 12/10/18 16:50, Viktor Dukhovni wrote: > On Thu, Oct 11, 2018 at 07:03:21PM -0500, Benjamin Kaduk wrote: > >> I would guess that the misbehaving clients are early openssl betas >> that receive the real TLS 1.3 version and then try to interpret >> as whatever draft versino they actually

Re: [openssl-project] FYI: [postfix & TLS1.3 problems]

On 15/10/18 20:41, Viktor Dukhovni wrote: > On Mon, Oct 15, 2018 at 06:56:06PM +0100, Matt Caswell wrote: > >>> What do you make of the >>> idea of making it possible for servers to accept downgrades (to some >>> floor protocol version or all supported ver

Re: [openssl-project] FYI: [postfix & TLS1.3 problems]

On 15/10/18 18:54, Viktor Dukhovni wrote: > > >> On Oct 15, 2018, at 9:19 AM, Matt Caswell wrote: >> >>> Early, partial reports of the cause seem to indicate that the sending >>> side was using OpenSSL with: >>> >>> SSL_CTX_set_mod

[openssl-project] Monthly Status Report (October)

As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Ongoing work on the Design documentation for the FIPS release - Fixed some coverity issues - Fixed BIO callback return code handling - Fixed an

[openssl-project] 1.1.1a milestone status

There are currently 5 PRs and 1 issue with the 1.1.1a milestone set against them. Of the 5 PRs, 3 are in the ready state: 7462: Test: link drbgtest statically against libcrypto 7437: rand_unix.c: open random devices on first use only 7391: Unbreak SECLEVEL 3 regression causing it to not accept

Re: [openssl-project] 1.1.1a milestone status

On 08/11/2018 13:35, David Woodhouse wrote: > On Thu, 2018-11-08 at 13:21 +0000, Matt Caswell wrote: >> There are currently 5 PRs and 1 issue with the 1.1.1a milestone set >> against them. >> >> Of the 5 PRs, 3 are in the ready state: >> >> 7462: Test: lin

Re: [openssl-project] 1.1.1a milestone status

On 08/11/2018 13:21, Matt Caswell wrote: > There are currently 5 PRs and 1 issue with the 1.1.1a milestone set > against them. > > Of the 5 PRs, 3 are in the ready state: > > 7462: Test: link drbgtest statically against libcrypto > 7437: rand_unix.c: open random devi

  1   2   3   4   5   6   >