from:"Matt Caswell"

OpenSSL Security Advisory

2024-06-27 Thread Matt Caswell

and commit 99472514130 for (1.0.2).

This issue was reported on 2nd May 2024 by Joseph Birr-Pixton. Additional
analysis was provided by David Benjamin (Google). The fix was developed by
Matt Caswell.

General Advisory Notes
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20240627.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmZ9PXcACgkQ2cTSbQ5g
RJEIfQgAvZAwWKfgrrsYeS2MpgADl2oJXLiKWt02H6r6YqnFV1pyWcBnf2wY3ynC
68lBa6cifxzr2j44+mpQtMOm+/imho7CFaolJjseB/fU5oCnSqRm5k78KR8FbrwI
Plt+eajpSwL2NlkKeu48BqcR6JSdq5GzlnEQdD7mBtM67983hN9KJo+Z2AVWBmch
WX9eWOEn2EX1cUb7L/3N0Q8gSMLskIGK5eM81wGvHkBtDDXp0DHxbLTMsxART8Ly
0xFoUfbTTyLNfXHlORXtusBjmFrqU5D5WXVagCMOn2ODfUzwXjaC2ZVDlD9lsBUP
cAREgXKTeGbcFXldAIXxzA2MVASkeg==
=A6hJ
-END PGP SIGNATURE-

[openssl/technical-policies] 9aaea0: Record Nicola's vote

2024-06-18 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 9aaea0fd5f8453c6f2d68562d780c52e7aa08718
  
https://github.com/openssl/technical-policies/commit/9aaea0fd5f8453c6f2d68562d780c52e7aa08718
  Author: Matt Caswell 
  Date:   2024-06-18 (Tue, 18 Jun 2024)

  Changed paths:
M votes/vote-20240604-aes-xts-optimization-backport.txt

  Log Message:
  ---
  Record Nicola's vote



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/technical-policies/settings/notifications

[openssl/technical-policies] e99a4d: Record Kurt's vote and correct the issue link

2024-06-14 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: e99a4d4b8112d70da47bf5d81712756d76bcf343
  
https://github.com/openssl/technical-policies/commit/e99a4d4b8112d70da47bf5d81712756d76bcf343
  Author: Matt Caswell 
  Date:   2024-06-14 (Fri, 14 Jun 2024)

  Changed paths:
M votes/vote-20240604-aes-xts-optimization-backport.txt

  Log Message:
  ---
  Record Kurt's vote and correct the issue link



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/technical-policies/settings/notifications

[openssl/technical-policies] 01ced1: Add AES-XTS optimization vote

2024-06-04 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 01ced135b96e585df33a89151feb65bf7325e4c3
  
https://github.com/openssl/technical-policies/commit/01ced135b96e585df33a89151feb65bf7325e4c3
  Author: Matt Caswell 
  Date:   2024-06-04 (Tue, 04 Jun 2024)

  Changed paths:
A votes/vote-20240604-aes-xts-optimization-backport.txt

  Log Message:
  ---
  Add AES-XTS optimization vote



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/technical-policies/settings/notifications

OTC Vote: Allow the backport of the AES-XTS optimization on Power platform

2024-06-04 Thread Matt Caswell

OTC members who were not present in today's meeting please vote on the 
following topic:


Topic: Allow the backport of the AES-XTS optimization on Power platform 
as per

#24531 to all branches back to 3.0 subject to the standard review process
normal review process

Please place your votes here:

https://github.com/openssl/technical-policies/issues/96

Matt

[openssl/technical-policies] 61a970: Correct issue link in vote

2024-06-03 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 61a97034868bcc026acd955d0996834a964a7a1c
  
https://github.com/openssl/technical-policies/commit/61a97034868bcc026acd955d0996834a964a7a1c
  Author: Matt Caswell 
  Date:   2024-06-03 (Mon, 03 Jun 2024)

  Changed paths:
M votes/vote-20240528-fips-indicator-design.txt

  Log Message:
  ---
  Correct issue link in vote



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/technical-policies/settings/notifications

OpenSSL Security Advisory

2024-05-28 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

OpenSSL Security Advisory [28th May 2024]
=

Use After Free with SSL_free_buffers (CVE-2024-4741)


Severity: Low

Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
memory to be accessed that was previously freed in some situations

Impact summary: A use after free can have a range of potential consequences such
as the corruption of valid data, crashes or execution of arbitrary code.
However, only applications that directly call the SSL_free_buffers function are
affected by this issue. Applications that do not call this function are not
vulnerable. Our investigations indicate that this function is rarely used by
applications.

The SSL_free_buffers function is used to free the internal OpenSSL buffer used
when processing an incoming record from the network. The call is only expected
to succeed if the buffer is not currently in use. However, two scenarios have
been identified where the buffer is freed even when still in use.

The first scenario occurs where a record header has been received from the
network and processed by OpenSSL, but the full record body has not yet arrived.
In this case calling SSL_free_buffers will succeed even though a record has only
been partially processed and the buffer is still in use.

The second scenario occurs where a full record containing application data has
been received and processed by OpenSSL but the application has only read part of
this data. Again a call to SSL_free_buffers will succeed even though the buffer
is still in use.

While these scenarios could occur accidentally during normal operation a
malicious attacker could attempt to engineer a stituation where this occurs.
We are not aware of this issue being actively exploited.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

OpenSSL 1.0.2 is also not affected by this issue.

OpenSSL 3.3, 3.2, 3.1, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 3.3 users should upgrade to OpenSSL 3.3.1 once it is released.

OpenSSL 3.2 users should upgrade to OpenSSL 3.2.2 once it is released.

OpenSSL 3.1 users should upgrade to OpenSSL 3.1.6 once it is released.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.14 once it is released.

OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1y once it is released
(premium support customers only).

Due to the low severity of this issue we are not issuing new releases of
OpenSSL at this time. The fix will be included in the next releases when they
become available. The fix is also available in commit e5093133c3 (for 3.3),
commit c88c3de510 (for 3.2), commit 704f725b96 (for 3.1) and commit b3f0eb0a29
(for 3.0) in the OpenSSL git repository. It is available to premium support
customers in commit f7a045f314 (for 1.1.1).

This issue was reported on 10th April 2024 by William Ahern (Akamai). The fix
was developed by Matt Caswell and Watson Ladd (Akamai).

General Advisory Notes
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20240528.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmZV9w0ACgkQ2cTSbQ5g
RJFleggAunT15ijQEKk29rztc82qEl01c/mDCAKCNLD0WqCr/D00lIjYhOjAcj7W
f4h9c7N8TqX4fkc1pBmV3KMM4qCzMkNdFE+lxYiDn2A/HAsZgSmh+WGpcMju7obI
5TvaINrBZbndXTa3o+10Wo4QT7oVGji/WLwsc06QzofZRLWj7BxU1h7i2JDR9Gd/
SYkg5ivgwixAgMzxpy7nQetQYKAfl6spKSUDHDymkYk0ATTvr9P14pQ5+Sr2T/gT
V8V5uTOYcxjpJCRipUbUPDN5ZUy379thry3XmR9wd2GE0AeXoVOJQMpOVK7TDhzm
TFookLZ04kCDtSU6gM0XXI8WAoEDUQ==
=UFjh
-END PGP SIGNATURE-

OTC VOTE: FIPS indicator design

2024-05-28 Thread Matt Caswell

OTC members who were not present in today's OTC meeting, please vote on 
the following:


Topic: OTC approve the FIPS indicator design presented in PR#23609 
subject to the normal review process


Please record your votes here:

https://github.com/openssl/technical-policies/issues/95


Matt

[openssl/technical-policies] 0acf9e: Add FIPS indicators vote

2024-05-28 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 0acf9e537ae5a0831da2a8094204bc4701ced54d
  
https://github.com/openssl/technical-policies/commit/0acf9e537ae5a0831da2a8094204bc4701ced54d
  Author: Matt Caswell 
  Date:   2024-05-28 (Tue, 28 May 2024)

  Changed paths:
A votes/vote-20240528-fips-indicator-design.txt

  Log Message:
  ---
  Add FIPS indicators vote



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/technical-policies/settings/notifications

Re: Design Contributions?

2022-11-02 Thread Matt Caswell


Hi Randall,

The logo is managed by the OpenSSL Management Committee (OMC):

https://www.openssl.org/community/omc.html

I'm not sure we were necessarily looking for a new logo, but if you have 
some ideas for alternatives we'd love to see them. You can contact the 
OMC by emailing osf-cont...@openssl.org.


Matt


On 02/11/2022 15:18, Randall Degges wrote:

Hello, friends.

I’m new to the OpenSSL mailing list, but am reaching out to see who 
manages the OpenSSL logo, and if they’d potentially be interested in 
contributions? One of our designers here at Snyk would love to 
contribute some design work for the project, but based on the Getting 
Started  page on 
the site, design doesn’t really fall into any of those categories that 
I’m aware of.


Thank you!

-R

*Randall Degges*
Head of Developer Relations & Community
https://snyk.io/

New Blog Post: CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

2022-11-01 Thread Matt Caswell


Please see the new blog post here:

https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/



OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

[openssl/technical-policies] 95b43d: Correct summary total in a vote

2022-10-18 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 95b43d3949d5dc28c119069a9613db21a6ebe645
  
https://github.com/openssl/technical-policies/commit/95b43d3949d5dc28c119069a9613db21a6ebe645
  Author: Matt Caswell 
  Date:   2022-10-18 (Tue, 18 Oct 2022)

  Changed paths:
M votes/vote-20221011-pr17984-is-a-bug-fix.txt

  Log Message:
  ---
  Correct summary total in a vote

[openssl/technical-policies] 27e90c: Close a vote

2022-10-18 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 27e90c5a782bdc500efa0c86d5e625740b4c54f8
  
https://github.com/openssl/technical-policies/commit/27e90c5a782bdc500efa0c86d5e625740b4c54f8
  Author: Matt Caswell 
  Date:   2022-10-18 (Tue, 18 Oct 2022)

  Changed paths:
M votes/vote-20221011-pr17984-is-a-bug-fix.txt

  Log Message:
  ---
  Close a vote

Withdrawal of OpenSSL 3.0.6 and 1.1.1r

2022-10-12 Thread Matt Caswell

We have received a report of a significant regression in the latest 
3.0.6 and 1.1.1r versions. The regression is not thought to have
security consequences. While the regression is further investigated we 
have taken the decision to withdraw the 3.0.6 and 1.1.1r versions and
instead recommend that users remain on the previous 3.0.5 and 1.1.1q 
versions for now.


We will issue a new plan for the release of 3.0.7 and 1.1.1s soon.


Yours
The OpenSSL Project Team


OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

OpenSSL Security Advisory

2022-10-11 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

OpenSSL Security Advisory [11 October 2022]
===

Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358)


Severity: Low

OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new()
function and associated function calls. This function was deprecated in OpenSSL
3.0 and application authors are instead encouraged to use the new provider
mechanism in order to implement custom ciphers.

OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed
to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2()
functions (as well as other similarly named encryption and decryption
initialisation functions). Instead of using the custom cipher directly it
incorrectly tries to fetch an equivalent cipher from the available providers.
An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new().
This NID is supposed to represent the unique NID for a given cipher. However it
is possible for an application to incorrectly pass NID_undef as this value in
the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the
OpenSSL encryption/decryption initialisation function will match the NULL cipher
as being equivalent and will fetch this from the available providers. This will
succeed if the default provider has been loaded (or if a third party provider
has been loaded that offers this cipher). Using the NULL cipher means that the
plaintext is emitted as the ciphertext.

Applications are only affected by this issue if they call EVP_CIPHER_meth_new()
using NID_undef and subsequently use it in a call to an encryption/decryption
initialisation function. Applications that only use SSL/TLS are not impacted by
this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.6.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

This issue was reported to OpenSSL on 9th August 2022 by Chris Rapier of the
Pittsburgh Supercomputing Center. The fix was developed by Matt Caswell.

References
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20221011.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmNFgFcACgkQ2cTSbQ5g
RJFEZwf/WiGIlYQfuis0lbwvqPHEpBZkuQgnXtkZ2nOe2SAera+fUNMKGf6/Pmbx
3orhrG9xEpTyZjczccRTjZ1pimGRpF0Lyvnv/N+RjrywpD3nTpanhKPlw8cnpH6p
xlqSNEgXog9E5i3y27SYbdDw2Pu4I61vZe/zzJfI/pnpgsFkJRwAKFOPDHnS9hgh
J8DdaVa6iW8/cOtWBiNHpNKebpjJ+pl5ZpbGt8CYMBHAAc1V/hmuOTesybyGeI9a
I2qL5WXXl0VR5bPNNkUXLLm+q0XYFahL58lx7R2qn/HL3r3YeNtFVd7u/UV581vM
dLhh43faekIct7eN3TXlsSkpKEwCQg==
=EO32
-END PGP SIGNATURE-

OpenSSL version 3.0.6 published

2022-10-11 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 3.0.6 released
   ==

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 3.0.6 of our open source toolkit for SSL/TLS.
   For details of the changes, see the release notes at:

https://www.openssl.org/news/openssl-3.0-notes.html

   Specific notes on upgrading to OpenSSL 3.0 from previous versions are
   available in the OpenSSL Migration Guide, here:

https://www.openssl.org/docs/man3.0/man7/migration_guide.html

   OpenSSL 3.0.6 is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-3.0.6.tar.gz
  Size: 15101953
  SHA1 checksum:  df7c98f7780babdedd0810fb3c2b55332a8f6b89
  SHA256 checksum:  
e4a10a2986945e3f1a1f2ebd68ac780449a1773b96b6a174fdf650d6bc9611f1

   The checksums were calculated using the following commands:

openssl sha1 openssl-3.0.6.tar.gz
openssl sha256 openssl-3.0.6.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmNFY/AACgkQ2cTSbQ5g
RJEGTAf8DfSCPD4kU2ybbjdsP9S11gVwMWFFNbA+IWFoL434JywzZTerfHDWcC92
tyRBf4WsP+Dtv0+6E8+B20WluCp2uKHCmiHb3Zmgz6Ljg2kNhvYu6bZXwbzPE1pW
46VIqJ8FrSm81B7UoTPLkHC4WDW+YX2iEDPFTBgSdlWZliNLoXjgqVBUO5DaP/oT
sdPPvc/M6x0XCc8rvM4eteHHZ+0naLKQX661tRtNcTdnledA6NcomPG+Y5Xk8h2O
tRAITh3huTNdbiMJJkhveIs2Zyd9vNUYD//pebXjD8IghX6G5NBC2fXzo6th3Bis
Aq3AlcbjTfaibXycCYtu59fs3WgVVw==
=szfs
-END PGP SIGNATURE-

OpenSSL version 1.1.1r published

2022-10-11 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 1.1.1r released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1r of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1r is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.1.1r.tar.gz
  Size: 9868506
  SHA1 checksum: 1a7d07ebc91a4e834be3db861453a79b0fe8d259
  SHA256 checksum: 
e389352ae3d5ae4d38597bf8a54f1dcb6fb3c8b50f4fe58a94bb1bf7f85d82a0

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.1.1r.tar.gz
openssl sha256 openssl-1.1.1r.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmNFZYwACgkQ2cTSbQ5g
RJGuSgf9FDZQeKdowwxbXRamGvcoQflKsRypla/nMBOEyWpR6zS2HnbYtlcNxlfg
2+cilT/KRK5BQ/egMcCqXJ8bpQRcdbh9NixUdN3z9qhedp4NTwK51X12s1EdUZOp
4LCn31IDRYvYqY55ufvgLz6g8EC3eZADM9Ph8H/rawyGN8ieM8SVrzSxd/4RNcov
iVqX4ECejMRW1/s3iZmkBhMDUw6HDUc/8Wbbq1Dychr65L8l3r7k58MSN1b/ZUyQ
u8Vsjt3UZoJ9WE5uP604j+LNCiU9kODWGrMuCl2ElSyLIPqU4iH1b/ckHxThfYGG
fi7r97ZvDrFvX7f2PLYODtwTqvSzrQ==
=p2qv
-END PGP SIGNATURE-

[openssl/technical-policies] 4d4adb: Start a vote on PR17984

2022-10-11 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 4d4adbb1222a01924656f14def143a9327ac253d
  
https://github.com/openssl/technical-policies/commit/4d4adbb1222a01924656f14def143a9327ac253d
  Author: Matt Caswell 
  Date:   2022-10-11 (Tue, 11 Oct 2022)

  Changed paths:
A votes/vote-20221011-pr17984-is-a-bug-fix.txt

  Log Message:
  ---
  Start a vote on PR17984


  Commit: 0cd28ca706143aa31bce28c26821225e3551d7ba
  
https://github.com/openssl/technical-policies/commit/0cd28ca706143aa31bce28c26821225e3551d7ba
  Author: Matt Caswell 
  Date:   2022-10-11 (Tue, 11 Oct 2022)

  Changed paths:
M votes/vote-20221011-pr17984-is-a-bug-fix.txt

  Log Message:
  ---
  Update the vote with an issue link


Compare: 
https://github.com/openssl/technical-policies/compare/3d519e6578b6...0cd28ca70614

OTC VOTE: OTC considers PR#17984 as a bug fix

2022-10-11 Thread Matt Caswell


OTC members please vote on the following issue:

https://github.com/openssl/technical-policies/issues/55

Matt

Forthcoming OpenSSL Releases

2022-10-04 Thread Matt Caswell


Hello,

The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.6 and 1.1.1r.

These releases will be made available on Tuesday 11th October 2022
between 1300-1700 UTC.

OpenSSL 3.0.6 is a security-fix release. The highest severity issue 
fixed in OpenSSL 3.0.6 is Low:


https://www.openssl.org/policies/secpolicy.html

OpenSSL 1.1.1 is a bug-fix release. There are no security issues fixed 
in this release.


Yours
The OpenSSL Project Team


OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

OMC VOTE: Provider ABI testing

2022-09-14 Thread Matt Caswell


Vote called on https://github.com/openssl/general-policies/pull/27

Matt

OpenSSL 3.0 FIPS 140-2 Validation Certificate Issued

2022-08-24 Thread Matt Caswell


Please read the blog post about this here:

https://www.openssl.org/blog/blog/2022/08/24/FIPS-validation-certificate-issued/

Matt

Monthly Status Report (July)

2022-08-04 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up and sprint planning meetings, responding to 
user queries, wiki user requests, OMC business, sys-admin, support 
customer issues, responding to public github issues, CLA submissions, 
handling security reports, etc., key activities this month:


Catching up after vacation
Reviewed the QUIC wire encoding PR
Fixed a problem with no-dtls1_2 in the master branch
Wrote a test for DTLS buffered app data
Found a fixed a bug with SSL_pending() and SSL_has_pending()
Significant work cleaning up after the read record layer refactor
Got the read record layer refactor work ready for review
Rebased the read record layer PR following the merge of the SSL Object 
Refactor code

Review of the ACK Manager PR


I took some vacation during July so my list is shorter than normal.

Matt

[openssl/technical-policies] e83bed: Record vote results

2022-08-02 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: e83bed7a99ddb318c4e21008f86405a744f291cc
  
https://github.com/openssl/technical-policies/commit/e83bed7a99ddb318c4e21008f86405a744f291cc
  Author: Matt Caswell 
  Date:   2022-08-02 (Tue, 02 Aug 2022)

  Changed paths:
M votes/vote-20220726-deprecate-long-add-notes.txt

  Log Message:
  ---
  Record vote results

[openssl/technical-policies] 22c31c: Record some votes

2022-08-01 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 22c31c1a4d4c7edb6880225b17b00302576551ab
  
https://github.com/openssl/technical-policies/commit/22c31c1a4d4c7edb6880225b17b00302576551ab
  Author: Matt Caswell 
  Date:   2022-08-01 (Mon, 01 Aug 2022)

  Changed paths:
M votes/vote-20220726-deprecate-long-add-notes.txt

  Log Message:
  ---
  Record some votes

[openssl/technical-policies] 257a19: Start vote for deprecate long and add notes on int...

2022-07-25 Thread Matt Caswell

  Branch: refs/heads/master
  Home:   https://github.com/openssl/technical-policies
  Commit: 257a198460f3c5333f12e141af187b0cbdf905b0
  
https://github.com/openssl/technical-policies/commit/257a198460f3c5333f12e141af187b0cbdf905b0
  Author: Matt Caswell 
  Date:   2022-07-25 (Mon, 25 Jul 2022)

  Changed paths:
A votes/vote-20220726-deprecate-long-add-notes.txt

  Log Message:
  ---
  Start vote for deprecate long and add notes on integer types

OTC VOTE: Deprecate long and add notes on integer types

2022-07-25 Thread Matt Caswell


Topic: Deprecate long and add notes on integer types
Proposed by: Matt Caswell
Issue link: https://github.com/openssl/technical-policies/pull/51
Public: yes
Opened: 2022-07-25
Closed: -MM-DD
Accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: W)

  Dmitry [  ]
  Matt   [  ]
  Pauli  [  ]
  Tim[  ]
  Richard[  ]
  Shane  [  ]
  Tomas  [  ]
  Kurt   [  ]
  Matthias   [  ]
  Nicola [  ]


OTC members, please vote in the PR.

Matt

Monthly Status Report (June)

2022-07-18 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up and sprint planning meetings, responding to 
user queries, wiki user requests, OMC business, sys-admin, support 
customer issues, responding to public github issues, CLA submissions, 
handling security reports, etc., key activities this month:


Significant review of the threading and signal masking PR 12255
Worked on moving the DTLS code into the new read record layer
Fixed a mem leak in the property definition caching code
Fixed a NULL pointer deref in CONF_modules_unload
Investigated a problem building on Android
Reviewed the dgram API design document
Reviewed the certificate compression PR
Investigated and fixed a mem leak in evp_pkey_copy_downgraded()
Reviewed the BIO_sendmmsg/BIO_recvmmsg PR
Investigated an EVP_PKEY_fromdata crash
Interviewed candidates for the Business Admin role
Processed some security issue reports
Fixed a mem leak in DSA export and other export functions
Fixed range_should_be_prefix() to actually return the correct result
Fixed a crash in v2i_IPAddrBlocks()
Fixed a crash in X509v3_asid_subset()
Investigated a gost digest issue
Reviewed issues for the security release
Reviewed the security release advisory
Preparation and communication regarding the security release
Added a datagram mem BIO
Added a test case for out-of-order DTLS packets that span epochs
Prepared for and performed the release of 3.0.4, 1.1.1p and 1.0.2zf
Investigated and fixed a DTLS bug failing to retransmit in some situations
Implemented moving of unprocessed records from one record layer to the 
next for DTLS in the new read record layer

Reviewed the RX and TX packetiser PRs

Matt

OpenSSL Security Advisory

2022-06-21 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

OpenSSL Security Advisory [21 June 2022]


The c_rehash script allows command injection (CVE-2022-2068)


Severity: Moderate

In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.

When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.

This script is distributed by some operating systems in a manner where
it is automatically executed.  On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.

Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.

This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.

OpenSSL 1.0.2 users should upgrade to 1.0.2zf (premium support customers only)
OpenSSL 1.1.1 users should upgrade to 1.1.1p
OpenSSL 3.0 users should upgrade to 3.0.4

This issue was reported to OpenSSL on the 20th May 2022.  It was found by
Chancen of Qingteng 73lab.  A further instance of the issue was found by
Daniel Fiala of OpenSSL during a code review of the script.  The fix for
these issues was developed by Daniel Fiala and Tomas Mraz from OpenSSL.

Note


OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
The impact of these issues on OpenSSL 1.1.0 has not been analysed.

Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.

References
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20220621.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmKx1vMACgkQ2cTSbQ5g
RJFo3gf/XY0cjt1lXtTrGBGu5lDf6Gou7USlUy4lo0wQwkHJ11b2PDxINS+xGNzp
GoOSxCGcQEPrUPkQTwbTtVxSDKuIkQmQG0py155zUrKzsRTad3rIsHy+NzfweBW+
RSwTYZT702J5XRMkeaLhzqG2WY5fxibydaKRKIU2IcyvOQP4tEdrRBQ1taaYKORG
ZZmlcL8Et96YgbFDotLJAeZQ9nbOnHEti7zGCvp48klOqc4llH+0QnHmRsJFxO2F
QHNd0ZUsb0gzVajEOz1rBEIotS4tYDltRCkgJz7evJSPrXrbbacXflfHGsveWjgw
h8Wr4I7UK1liE3lmb5LuW/BXf7CAQg==
=31ys
-END PGP SIGNATURE-

OpenSSL version 3.0.4 published

2022-06-21 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 3.0.4 released
   ==

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 3.0.4 of our open source toolkit for SSL/TLS.
   For details of the changes, see the release notes at:

https://www.openssl.org/news/openssl-3.0-notes.html

   Specific notes on upgrading to OpenSSL 3.0 from previous versions are
   available in the OpenSSL Migration Guide, here:

https://www.openssl.org/docs/man3.0/man7/migration_guide.html

   OpenSSL 3.0.4 is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-3.0.4.tar.gz
  Size: 15069605
  SHA1 checksum:  cde0c343646ce10600e6b28fc7000e9096e7959f
  SHA256 checksum:  
2831843e9a668a0ab478e7020ad63d2d65e51f72977472dc73efcefbafc0c00f

   The checksums were calculated using the following commands:

openssl sha1 openssl-3.0.4.tar.gz
openssl sha256 openssl-3.0.4.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmKxyBUACgkQ2cTSbQ5g
RJEQbgf+OKc54bvXn9b9y6HsTIO5mRr1DqVzSkg8l6UC3T2TJSTDIQJVp0JaQmMr
xNo6v/jYq+ZSVyX6lIa0+0YukJsnvlhaUc857KuuqnS6plBA7K5RIeUhjC2MZayw
XSjAw3styH45l8Mm3v0R4s9pGySUC0h3t1mLwcJ+gv1XgQYbDxqWUabsLPoeDRJz
j3Ph10KvSPBDNR9FxYwK0BGhkuPkz4bZaNXJgd5MJCBF+0inUr+owDdprIAARve+
hiP+qBFIfQsokbJDbn7hQ5OB5LyQRLekvNUb3euaKSTlc2xpmsyoVIgLtCrAWp5F
DMinUzLD+q+/YgW/g4i3vFepc7R7Tw==
=vtQZ
-END PGP SIGNATURE-

OpenSSL version 1.1.1p published

2022-06-21 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 1.1.1p released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1p of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1p is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.1.1p.tar.gz
  Size: 9860217
  SHA1 checksum: 707daabab923ef2d9f05fdb8e0664944be7f5eba
  SHA256 checksum: 
bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.1.1p.tar.gz
openssl sha256 openssl-1.1.1p.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmKxyiAACgkQ2cTSbQ5g
RJGpiAgAp0GN7gCRELpsJNvHnvuwwgOxUx3ata0EhCKfmj2tpJLQ3E+ImnuQBs5m
+EDaOwRSTNORqJguy+BLlez1ySTAK9Pce8AHAYiC0VaUE18Y7X3S/E4t1sEjmHLl
LxQi8DHEwIpuYe3ITO881cZ26tGo4gflrpqwVWPT1aqfRExguNY3GAzJIEMxDHNb
oGsRH2sEMTBhR/ToLRV+ryr9L5rB7i29lSAT9GTPNCHko/j30cJ+9l1b2UehkZay
N2oJu/2nvXORcXbLDY5m4jiBwfTQNMzGrAjtz/LLDqnFhC79gUPui90Q53o8EmSJ
kJAF+DR1hZM9xnsgGZp+WSLrf1pfKw==
=iyXg
-END PGP SIGNATURE-

Proposal to stop supporting Windows XP and Windows Server 2003 from OpenSSL 3.1

2022-06-08 Thread Matt Caswell




There was some discussion during the OMC meeting today about stopping 
Windows XP and Windows Server 2003 support. No decision was made but it 
led me to write up this proposal:


https://github.com/openssl/general-policies/issues/22

I'm not calling an actual vote yet just gathering feedback. Please add 
any comments to the issue.


Matt

OpenSSL is looking to hire a Platform Engineer

2022-06-08 Thread Matt Caswell

OpenSSL is looking to hire a Platform Engineer (a sysadmin role). 
Details of the role are here:


https://www.openssl.org/blog/blog/2022/05/30/hiring-platform-engineer/

Matt

Monthly Status Report (May)

2022-06-02 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up and sprint planning meetings, responding to 
user queries, wiki user requests, OMC business, sys-admin, support 
customer issues, responding to public github issues, CLA submissions, 
handling security reports, etc., key activities this month:


Performed the 3.0.3, 1.1.1o and 1.0.2ze releases
Started the vote on the security policy
Wrote up various issues for problems that occurred during the release
Reviewed the latest API proposal
Completed the conversion of TLSv1.3 decryption code to the new record layer
Reorganised files in the new record layer to make things clearer
Implemented KTLS in the new record layer
Took part in a retrospective of the recent release
Implemented support for moving data from one epoch to the next in the 
record layer

Incorporated oqs-provider updates into record layer changes to fix CI issue
Removed use of SSL_IS_TLS13() from the record layer methods
Removed use of SSL_USE_EXPLICIT_IV() from the record layer methods
Removed use of s->hello_retry_request from the record layer methods
Removed use of ossl_statem_in_error from the record layer methods
Made the read record layer EtM aware
Reviewed the competing event queue designs
Reviewed the wire format encoding implementation
Moved the read sequence storage into the record layer
Removed dependence on SSL object for record layer early data code
Add record layer specific msg callback and ssl_security callback
Removed separation between enc_read_ctx and enc_write_ctx in the record 
layer

Removed separation between read_hash and write_hash in the record layer
Removed some final SSL object references in the record layer
Located and fixed 2 memory leaks in the decoder code
Located and fixed a memory leak in the provider doall code
Located and fixed a memory leak when constructing a new provider
Started implementation of DTLS in the read record layer
Attended an interview for the new Business Administrator role


Matt

Re: HPKE PR process question

2022-06-01 Thread Matt Caswell





On 23/05/2022 22:41, Stephen Farrell wrote:


Hi,

Back in November 2021 (~6 months ago) I created a PR [1]
suggesting an implementation of RFC 9180. In discussion,
the  "need OMC decision" tag was added to the PR on Dec
14th.

Since then, I have heard nothing at all and so far as I
can see, from bits of the openssl-project list archive
that I've checked, the OMC has had no discussion of this
PR at all.


Sorry that it has taken so long to get to this point. I assure you that 
the OMC have been discussing this PR and have now voted to lift the hold 
on it (which I have now done).


Matt




So, now I'm wondering how to make process-progress with
this PR - can you assist or point me at the correct place
to ask? (I can start a thread on openssl-users I guess if
that's better?)

Please note that this is about trying to unblock the
process - the details of HPKE APIs are separate. (I
remain happy to do work to get my code in a shape that
the project likes, but to be honest, 6 months of seeming
process-blockage with no feedback is a tad de-motivating.)

Thanks,
Stephen.

[1] https://github.com/openssl/openssl/pull/17172

Re: HPKE PR process question

2022-05-25 Thread Matt Caswell


Acknowledging receipt of this. We'll get back to you on it.

Matt

On 23/05/2022 22:41, Stephen Farrell wrote:


Hi,

Back in November 2021 (~6 months ago) I created a PR [1]
suggesting an implementation of RFC 9180. In discussion,
the  "need OMC decision" tag was added to the PR on Dec
14th.

Since then, I have heard nothing at all and so far as I
can see, from bits of the openssl-project list archive
that I've checked, the OMC has had no discussion of this
PR at all.

So, now I'm wondering how to make process-progress with
this PR - can you assist or point me at the correct place
to ask? (I can start a thread on openssl-users I guess if
that's better?)

Please note that this is about trying to unblock the
process - the details of HPKE APIs are separate. (I
remain happy to do work to get my code in a shape that
the project likes, but to be honest, 6 months of seeming
process-blockage with no feedback is a tad de-motivating.)

Thanks,
Stephen.

[1] https://github.com/openssl/openssl/pull/17172

OpenSSL is looking to hire a Business Operations Administrator

2022-05-19 Thread Matt Caswell


Please see the following blog post for details of the role:

https://www.openssl.org/blog/blog/2022/05/18/hiring-business-operations-administrator/


Matt

Monthly Status Report (April)

2022-05-04 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up meetings, responding to user queries, wiki user 
requests, OMC business, sys-admin, support customer issues, CLA 
submissions, handling security reports, etc., key activities this month:


Started looking at the QUIC demuxer design - subsequently handed to Tomas
Substantial amount of work to convert the existing read side (D)TLS 
record layer to the new OSSL_RECORD_METHOD approach

 - Moved the "read_n" code
 - Moved the ssl3_get_record code
 - Moved the TLSv1.0/TLSv1.1/TLSv1.2 decrypt code
 - Subsequent work also moved the SSLv3 decrypt code
 - Started work on moving the TLSv1.3 code
 - Reorganised the record layer directory
Investigated, fixed and wrote the advisory for CVE-2022-1343
Investigated, fixed and wrote the advisory for CVE-2022-1434
Prepared for the release (that was subsequently cancelled)
Helped Richard investigate method store and child libctx issues
Attended numerous 3.1 planning and estimation workshops
Attended a sysadmin meeting

Matt

OMC VOTE: Accept the security policy

2022-05-04 Thread Matt Caswell


The vote is as shown below.

Note: this is just converts the existing security policy into markdown 
format and pulls it into the general-policies repo. There are no other 
changes.


OMC members should cast their vote here:

https://github.com/openssl/general-policies/pull/18

Matt


Topic: Accept the security policy as of 
53b2fdfc640960da03ab9519e27de6c0fefe7dd6

Proposed by: Matt Caswell
Issue link: https://github.com/openssl/general-policies/pull/18
Public: yes
Opened: 2022-05-04
Closed: -MM-DD
Accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: W)

  Kurt   [  ]
  Mark   [  ]
  Matt   [+1]
  Pauli  [  ]
  Richard[  ]
  Tim[  ]

OpenSSL Security Advisory

2022-05-03 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

OpenSSL Security Advisory [03 May 2022]
===

The c_rehash script allows command injection (CVE-2022-1292)


Severity: Moderate

The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection.  This script is distributed by some operating
systems in a manner where it is automatically executed.  On such operating
systems, an attacker could execute arbitrary commands with the privileges
of the script.

Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.

This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.

OpenSSL 1.0.2 users should upgrade to 1.0.2ze (premium support customers only)
OpenSSL 1.1.1 users should upgrade to 1.1.1o
OpenSSL 3.0 users should upgrade to 3.0.3

This issue was reported to OpenSSL on the 2nd April 2022.  It was found by
Elison Niven of Sophos.  The fix was developed by Tomas Mraz from OpenSSL.

OCSP_basic_verify may incorrectly verify the response signing certificate 
(CVE-2022-1343)
=

Severity: Moderate

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP
response. In the case where the (non-default) flag OCSP_NOCHECKS is used then
the response will be positive (meaning a successful verification) even in the
case where the response signing certificate fails to verify.

It is anticipated that most users of `OCSP_basic_verify` will not use the
OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return
a negative value (indicating a fatal error) in the case of a certificate
verification failure. The normal expected return value in this case would be 0.

This issue also impacts the command line OpenSSL "ocsp" application. When
verifying an ocsp response with the "-no_cert_checks" option the command line
application will report that the verification is successful even though it has
in fact failed. In this case the incorrect successful response will also be
accompanied by error messages showing the failure and contradicting the
apparently successful result.

This issue affects OpenSSL version 3.0.

OpenSSL 3.0 users should upgrade to 3.0.3

This issue was reported to OpenSSL on the 6th April 2022 by Raul Metsma. The fix
was developed by Matt Caswell from OpenSSL.

Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
=

Severity: Low

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the
AAD data as the MAC key. This makes the MAC key trivially predictable.

An attacker could exploit this issue by performing a man-in-the-middle attack to
modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that
the modified data would still pass the MAC integrity check.

Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint
will always be rejected by the recipient and the connection will fail at that
point. Many application protocols require data to be sent from the client to the
server first. Therefore, in such a case, only an OpenSSL 3.0 server would be
impacted when talking to a non-OpenSSL 3.0 client.

If both endpoints are OpenSSL 3.0 then the attacker could modify data being
sent in both directions. In this case both clients and servers could be
affected, regardless of the application protocol.

Note that in the absence of an attacker this bug means that an OpenSSL 3.0
endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the
handshake when using this ciphersuite.

The confidentiality of data is not impacted by this issue, i.e. an attacker
cannot decrypt data that has been encrypted using this ciphersuite - they can
only modify it.

In order for this attack to work both endpoints must legitimately negotiate the
RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0,
and is not available within the default provider or the default ciphersuite
list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In
order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must
have occurred:

1) OpenSSL must have been compiled with the (non-default) compile time option
   enable-weak-ssl-ciphers

2) OpenSSL must have had the legacy provider explicitly loaded (either through
   application code or via configuration)

3) The ciphersuite must have been explicitly added to the ciphersuite list

4) The libssl security level must have been set to 0 (default is 1)

5) A version of SSL/TLS below TLSv1.3 must have been negotiated

6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any
   others that both endpoints have in common

This issue affects OpenSSL version 3.0.

OpenSSL 3.0 use

OpenSSL version 1.1.1o published

2022-05-03 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 1.1.1o released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1o of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1o is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.1.1o.tar.gz
  Size: 9856386
  SHA1 checksum: 860fa10381ff0a121833583ccaa011bf266bcc63
  SHA256 checksum: 
9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.1.1o.tar.gz
openssl sha256 openssl-1.1.1o.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmJxMQAACgkQ2cTSbQ5g
RJH4Tgf/QsyDzhnR6G+WdEb7HYGHvVhHrmI+aJ7X+h4pmySoLUQ6bFIfRowndsyl
0sfpkmMTqbRBS6B5buehZYyL7pN1VMizOOvYtXznw5iRM6gTMZNSioD775pglp2H
K1JMiWHUFrfcFwukr82F8L7YO19vRf6QC1FQAoA3qBKhrW9t67ihyrJMWtISYNS1
gu7B2Mu5cGlur+V9wlJDqSA9vc8gXRNIhc7bzTTtIv/zrhXGi/izTgruj9XCe5rA
JiWMm4qpa/IRlpsdHTOcAglbNbumC0mCLUig4UFCpK0T9d/h2eBeXQH+dKmUPV73
iV+sJay2B3B6vlmywKp91C29LIzwRw==
=GnSQ
-END PGP SIGNATURE-

OpenSSL version 3.0.3 published

2022-05-03 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 3.0.3 released
   ==

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 3.0.3 of our open source toolkit for SSL/TLS.
   For details of the changes, see the release notes at:

https://www.openssl.org/news/openssl-3.0-notes.html

   Specific notes on upgrading to OpenSSL 3.0 from previous versions are
   available in the OpenSSL Migration Guide, here:

https://www.openssl.org/docs/man3.0/man7/migration_guide.html

   OpenSSL 3.0.3 is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-3.0.3.tar.gz
  Size: 15058905
  SHA1 checksum:  1138de3f1a2f573ae69302ab52ecd9bbf5e063ca
  SHA256 checksum:  
ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b

   The checksums were calculated using the following commands:

openssl sha1 openssl-3.0.3.tar.gz
openssl sha256 openssl-3.0.3.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmJxLtUACgkQ2cTSbQ5g
RJFbOAgAktEl5DvfJrwinwX7AJmS77kgDKwgFYJo9RgKzSPUOzFJVMxrmrMH2uzF
hErm1DgaWMKFChI1Vb3d29gblvT43hDDG77yEH4qVHx0bWpUc8fr9JHfUyEz3ziQ
66V7t4NhHo67ifw2YOgiA/9wOGLvIxRYKGKLVBRnn+Jckz6uo3qZ0HS/irgqjREs
lVt775WtXdH/RWkEpLSRFMVo77HaGLFzMv9qZ/jKB0TgjW+QuoET34x61+iLc5x0
SqdKWr7YZzR7ixmoiumBpICcvzXZEdeFicvrdut2uyOD7EyIbuX5kY3S7TopDw2p
HrIsnnUXqOvipX4VqFF/txW/zA4gfw==
=Ydig
-END PGP SIGNATURE-

Re: Forthcoming OpenSSL Releases

2022-04-26 Thread Matt Caswell

The OpenSSL Project team have decided to postpone the releases of 3.0.3 
and 1.1.1o planned for today.


These releases will now be made available on Tuesday 3rd May 2022 
between 1300-1700 UTC.


These are security-fix releases. The highest severity issue fixed in 
these releases is MODERATE:

https://www.openssl.org/policies/secpolicy.html#moderate

Yours

The OpenSSL Project Team

On 19/04/2022 20:51, Matt Caswell wrote:

The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.3 and 1.1.1o.

These releases will be made available on Tuesday 26th April 2022
between 1300-1700 UTC.

These are security-fix releases. The highest severity issue
fixed in these releases is MODERATE:
https://www.openssl.org/policies/secpolicy.html#moderate

Yours

The OpenSSL Project Team



OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Forthcoming OpenSSL Releases

2022-04-19 Thread Matt Caswell


The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.3 and 1.1.1o.

These releases will be made available on Tuesday 26th April 2022
between 1300-1700 UTC.

These are security-fix releases. The highest severity issue
fixed in these releases is MODERATE:
https://www.openssl.org/policies/secpolicy.html#moderate

Yours

The OpenSSL Project Team



OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Monthly Status Report (March)

2022-04-01 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up meetings, responding to user queries, wiki user 
requests, OMC business, sys-admin, support customer issues, CLA 
submissions, handling security reports, etc., key activities this month:


Wrote the QUIC SSL API proposal
Responded to various feedback on the QUIC SSL API proposal
Updates to the SSL API proposal following OTC review
Proposed and started the vote on new primary platforms
Created an SSL Record layer strawman API proposal
Wrote a draft record layer design document
Handled pre-notification for the security issue
Developed a patch for missing pthread_atfork
Wrote up documentation on how to use ZenHub
Reviewed lots of "New Issues" in ZenHub awaiting triage
Prepared for the 3.0.2/1.1.1n and 1.0.2zd releases
Performed the 3.0.2/1.1.1n and 1.0.2zd releases
Responded to press and other enquiries regarding the release as well as 
other follow ups

Took part in workshops on the SSL record layer proposal
Updated the record layer proposal based on feedback received
Significant review of PR#5257
Updates to the technical requirements document
Investigated a test failure in PR#17936
Reviewed the congestion control design and took part in a congestion 
control workshop

Investigated ZenHub permissions issue for new contractors
Investigated an aarch64 issue resulting in TLSv1.3 failed connections
Reviewed the reference ("demo") client applications and investigated an 
EOF problem and other related issues

Organised some on-boarding releated items for the new manager
Investigated a security report (result was "not a CVE")

Matt

OTC VOTE: Accept the technical requirements document

2022-03-25 Thread Matt Caswell

Topic: Accept the technical requirements document provided in 
openssl/openssl#17577


OTC members please cast your votes here:

https://github.com/openssl/technical-policies/issues/37


Matt

Re: OMC VOTE: Extend the primary platforms support

2022-03-22 Thread Matt Caswell


Due to a procedural issue this vote has been restarted.

OMC members should cast their vote here (even if they previously voted 
on this):


https://github.com/openssl/general-policies/issues/12


Matt


On 02/03/2022 10:54, Matt Caswell wrote:

The proposal is:

We should add linux-x86, linux-generic32 and linux-generic64 as primary 
platforms in the platform policy



OMC members should vote here:

https://github.com/openssl/general-policies/issues/12

OpenSSL Security Advisory

2022-03-15 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

OpenSSL Security Advisory [15 March 2022]


Infinite loop in BN_mod_sqrt() reachable when parsing certificates 
(CVE-2022-0778)
==

Severity: High

The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli.

Internally this function is used when parsing certificates that contain
elliptic curve public keys in compressed form or explicit elliptic curve
parameters with a base point encoded in compressed form.

It is possible to trigger the infinite loop by crafting a certificate that
has invalid explicit curve parameters.

Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may thus
be subject to a denial of service attack. The infinite loop can also be
reached when parsing crafted private keys as they can contain explicit
elliptic curve parameters.

Thus vulnerable situations include:

 - TLS clients consuming server certificates
 - TLS servers consuming client certificates
 - Hosting providers taking certificates or private keys from customers
 - Certificate authorities parsing certification requests from subscribers
 - Anything else which parses ASN.1 elliptic curve parameters

Also any other applications that use the BN_mod_sqrt() where the attacker
can control the parameter values are vulnerable to this DoS issue.

In the OpenSSL 1.0.2 version the public key is not parsed during initial
parsing of the certificate which makes it slightly harder to trigger
the infinite loop. However any operation which requires the public key
from the certificate will trigger the infinite loop. In particular the
attacker can use a self-signed certificate to trigger the loop during
verification of the certificate signature.

This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.  It was
addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022.

OpenSSL 1.0.2 users should upgrade to 1.0.2zd (premium support customers only)
OpenSSL 1.1.1 users should upgrade to 1.1.1n
OpenSSL 3.0 users should upgrade to 3.0.2

This issue was reported to OpenSSL on the 24th February 2022 by Tavis Ormandy
from Google. The fix was developed by David Benjamin from Google and Tomáš Mráz
from OpenSSL.

Note


OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
It is affected by the issue.

Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.

References
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20220315.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmIwtOcACgkQ2cTSbQ5g
RJGd6wf/VColq7YEnA1dKQvd75ytnFkV8tUhb1uQ9eCjhxk76ASg3QToEar3yDd3
ykGXJZy5oPCl0zG33GORz9Pq8oWjIoCDLfhlTh3aORjWZ9uMkd+RWxVEjxyidgZp
4Rb8p5qSncxJ1EcYLoeUWu/lrDh67q1hDnwGNtNxyzVC0sqxWz++YoFXGJA2OH0m
lcYZilUdZ4HLVKmFKEfQGX/xwdvxj3VTaJNjsEI+2h1xysXBN+TpXsEL2yOGx8Cq
KzQXnRUrNhsdIQYEAJ7i3HXYmY0wHehTXvBoZsI/2yWiC19WWK8u/qZxdc3Y88v3
JDKNJRCyKGbji+ESZPnWB14yE3yZ0g==
=9ROi
-END PGP SIGNATURE-

OpenSSL version 1.1.1n published

2022-03-15 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 1.1.1n released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1n of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1n is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.1.1n.tar.gz
  Size: 9850712
  SHA1 checksum: 4b0936dd798f60c97c68fc62b73033ecba6dfb0c
  SHA256 checksum: 
40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.1.1n.tar.gz
openssl sha256 openssl-1.1.1n.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmIwpMEACgkQ2cTSbQ5g
RJHEZgf+KWdz0hwZ32JMsmgKGLpfMtPBuKEJy6fgYQltp8CBdN5TgJxdlfI50rW4
6NjECRsbkfvl9cz3eMmxpktPoYtvP99vC3gTrHgBf1rvTrlPjDoJhh/nVUI5e7FB
MpEg79NzrbK8bnu+2/mIx7IcSVhuKCr5vS5nYxovSbtgBbivr+PErFpq9363DB3O
UDhlDCOl/dZh63vtyvEtsXkZlTIY3Je3XX600kqVMgs2Obm8IAT1UkyRkKyYLV6y
zWBvl6jkH9j6Aa2bDR0kBLyaiTfTlrVEvO45sQT/EjOa8oWCE6OxeEscJRRGppyD
IHFS/t/e7gvlfyoJvxKIbLZJv5mv5w==
=+pTj
-END PGP SIGNATURE-

OpenSSL version 3.0.2 published

2022-03-15 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 3.0.2 released
   ==

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 3.0.2 of our open source toolkit for SSL/TLS.
   For details of the changes, see the release notes at:

https://www.openssl.org/news/openssl-3.0-notes.html

   Specific notes on upgrading to OpenSSL 3.0 from previous versions are
   available in the OpenSSL Migration Guide, here:

https://www.openssl.org/docs/man3.0/man7/migration_guide.html

   OpenSSL 3.0.2 is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-3.0.2.tar.gz
  Size: 15038141
  SHA1 checksum:  c97166014243779a4b1b3613e1fce6087f2e17bc
  SHA256 checksum:  
98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63

   The checksums were calculated using the following commands:

openssl sha1 openssl-3.0.2.tar.gz
openssl sha256 openssl-3.0.2.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmIwowMACgkQ2cTSbQ5g
RJGM7Af+Kx4G/JDh14Djb4NQhnq3pryEv55PTG3MChJBzsEWFhzYc0aXmz6LaPl0
YugY2OT09LRPMTAijoDJ6AVeObS2QAniFpIPS58UnHK5gzoNLmzRpuflp7oeSzv2
lxqtfL36FNfnGhEWJlfG8IYLIeQnjaEw05PY9FWNScCjN7vt9y0OsDxdv9jsOt8q
OEw42b/EESSF568E2LQuZRLLf/DL4KQc9F9atGaPjtAldZI+GgQM/rl8hea/xooe
BIMWRruhFM5yGP1tx9CC+9los8uvccULtuhni6eI6N9ryu5HBHEdGmRHvjW7ZdkT
946RJUuJjfJ2PgUpO20HxKDAMdjyqQ==
=XQgF
-END PGP SIGNATURE-

Re: Auto github PR script and 3.0

2022-03-14 Thread Matt Caswell

That script should really be moved to the tools repo.

Also I think there are a large number of PRs which the script isn't
pinging at the moment, but which are completely stale and haven't been
touched (for years in some cases). Perhaps we could have a "no activity"
ping...and after so long of continued pinging and still no activity it
gets auto-closed. Activity being counted as a comment or push from
anyone (not just a label/milestone change).

Matt

On 14/03/2022 10:37, Mark J Cox wrote:

Unfortunately the autocloses happened due to the bug now fixed[1].
But they can always be reopened again.

[1]
https://github.com/iamamoose/openssl-metrics/commit/49927d122e39d0a534e82f4a611fc9a06e84a95b

Mark

On Mon, 14 Mar 2022 at 10:35, Tomas Mraz wrote:

On Mon, 2022-03-14 at 10:29 +, Mark J Cox wrote:

We have a script that runs daily and makes sure things needing action
for OTC/OMC are pinged if they get old. It also autocloses issues
where it was waiting for the reporter with no action, or waiting for
a
NDA for a significant amount of time.

Because 3.0 wasn't out, it ignored everything with the "post 3.0.0"
milestone. It's time to turn off that exception. However looking at
the PR list this will cause a large number of PR's to change state:

It will ping OMC about 4 stale issues waiting for OMC
It will ping OTC about 14 stale issues waiting for OTC
It will ping committers about 12 stale issues waiting for committers
It will close 5 issues waiting for the creator to make changes >90
days
It will close 4 issues waiting for a CLA for >180 days

Any objections to this, or a preferred time in the future to make the
change?

I would not autoclose the issues to be autoclosed - IMO the script
should just ping at least once and autoclose only after a week or so,
if there is no update.

--
Tomáš Mráz, OpenSSL

Re: Auto github PR script and 3.0

2022-03-14 Thread Matt Caswell





On 14/03/2022 10:29, Mark J Cox wrote:

We have a script that runs daily and makes sure things needing action
for OTC/OMC are pinged if they get old. It also autocloses issues
where it was waiting for the reporter with no action, or waiting for a
NDA for a significant amount of time.


I assume you meant CLA!



Because 3.0 wasn't out, it ignored everything with the "post 3.0.0"
milestone.  It's time to turn off that exception.  However looking at
the PR list this will cause a large number of PR's to change state:

It will ping OMC about 4 stale issues waiting for OMC
It will ping OTC about 14 stale issues waiting for OTC
It will ping committers about 12 stale issues waiting for committers
It will close 5 issues waiting for the creator to make changes >90 days
It will close 4 issues waiting for a CLA for >180 days

Any objections to this, or a preferred time in the future to make the change?



No objections from me. I'd say just do it.

Matt



Mark

Forthcoming OpenSSL releases

2022-03-08 Thread Matt Caswell


The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.2 and 1.1.1n.

These releases will be made available on Tuesday 15th March 2022
between 1300-1700 UTC.

These are security-fix releases. The highest severity issue
fixed in these releases is HIGH:
https://www.openssl.org/policies/secpolicy.html#high

Yours

The OpenSSL Project Team


OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

OpenSSL 3.0 LTS

2022-03-04 Thread Matt Caswell

OpenSSL 3.0 has recently been designated as a Long Term Support (LTS) 
release. This means that it will now be supported until 7th September 
2026 (5 years after its initial release).


Our previous LTS release (1.1.1) will continue to be supported until 
11th September 2023.


We encourage all users to upgrade to 3.0.

Yours,
The OpenSSL Project Team


OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

OMC VOTE: Extend the primary platforms support

2022-03-02 Thread Matt Caswell


The proposal is:

We should add linux-x86, linux-generic32 and linux-generic64 as primary 
platforms in the platform policy



OMC members should vote here:

https://github.com/openssl/general-policies/issues/12

Monthly Status Report (February)

2022-03-01 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up meetings, responding to user queries, wiki user 
requests, OMC business, sys-admin, support customer issues, CLA 
submissions, handling security reports, etc., key activities this month:


Worked on Proof of Concept for an SSL compatibility layer
Reviewed the proposed documentation policy
Reviewed the TCP Fast Open Submission
Investigated a tsan error report
Completed a proof-of-concept SSL compatibility layer using a toy protocol
Investigated two different third party QUIC libraries for a proof of 
concept/learning purposes

Fixed a compilation problem with "no-deprecated --api=1.1.1"
Investigated a strange fragmentation problem with max_fragment_length=4096
Wrote two test client applications using two different third party QUIC 
libraries
Updated the OTC requirements doc to include additional requirements, and 
split out the MVP requirements

Wrote a strawman proposal for the QUIC SSL API
Started the vote on the next LTS release
Attended a workshop to discuss the QUIC SSL API
Further refinement of the QUIC SSL API proposal
Investigated some DTLS design deficiencies to feed into the SSL API proposal
Wrote a demo client using the proposed QUIC SSL API
Raised a PR to fix addrev to adhere to the new review rules
Proposed an update to the commit hooks to adhere to the new review rules
Performed 1.0.2zc release
Investigated and fixed a 1.0.2 bug
Set up a new committer
Took part in sprint planning for the two sprints started during this month
Reviewed Spectre issues
Started onboarding process for the new developer


Matt

Please welcome our newest committer

2022-02-25 Thread Matt Caswell

I am pleased to be able to welcome Todd Short as the newest member of 
the OpenSSL committer team. Todd has been a long time member of the 
OpenSSL community and already has many commits to his name.


Welcome on board!

Matt

OMC VOTE: The next LTS release

2022-02-16 Thread Matt Caswell


The OMC vote for the following proposal has now started:

"We should announce that the next LTS release will be 3.0"

OMC members please cast your votes here:

https://github.com/openssl/general-policies/issues/9

Matt

Monthly Status Report (January)

2022-02-03 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up meetings, responding to user queries, wiki user 
requests, OMC business, sys-admin, support customer issues, CLA 
submissions, handling security reports, etc., key activities this month:


Created a PR to clarify the EVP_PKEY_get_int_param() documentation (and 
similar

functions)
Investigated trust checking question
Investigated and fixed a problem with OSSL_DECODER_fetch
Backported an EVP_DigestInit_ex() memory leak fix to 1.1.1
Worked on the OMC voting policy, and tweaked the OTC one
Worked on the OTC testing policy
Wrote some documentation for X509_STORE_CTX_set0_purpose() and related 
functions

Wrote a proposal for a QUIC Proof of Concept
Reviewed the TFO submission
Investigated KTLS issues
Created a QUIC technical requirements document
Investigated OPENSSL_init_crypto problems and interaction with atexit
Started implementing a toy protocol for the API PoC
Started work on an SSL compat layer proof of concept based on a toy protocol
Looked at possible design for a generic comms API
Investigated the TAPS API 
(https://datatracker.ietf.org/doc/draft-ietf-taps-interface/)
Worked with other staff to consider estimates and forward planning of 
releases

beyond 3.1
Wrote a demo to illustrate a problem with PR17483
Took part in various discussions about the future of atexit()
Fixed a problem with openssl ciphers not honouring a propquery
Investigated and resolved an issue for a user regarding "openssl req"
Backported X509_STORE_CTX_set0_purpose() fix to 3.0 and 1.1.1
Issued security advisory for CVE-2021-4160

Matt

OMC Vote for the policy change process has started

2022-02-02 Thread Matt Caswell


The OMC vote for this policy proposal has now started.

OMC members please cast your votes here:

https://github.com/openssl/general-policies/pull/2

Matt

OpenSSL Security Advisory

2022-01-28 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

OpenSSL Security Advisory [28 January 2022]
===

BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)


Severity: Moderate

There is a carry propagation bug in the MIPS32 and MIPS64 squaring
procedure.  Many EC algorithms are affected, including some of the
TLS 1.3 default curves.  Impact was not analyzed in detail, because the
pre-requisites for attack are considered unlikely and include reusing
private keys.  Analysis suggests that attacks against RSA and DSA as
a result of this defect would be very difficult to perform and are
not believed likely.  Attacks against DH are considered just feasible
(although very difficult) because most of the work necessary to deduce
information about a private key may be performed offline.  The amount of
resources required for such an attack would be significant.  However,
for an attack on TLS to be meaningful, the server would have to share
the DH private key among multiple clients, which is no longer an option
since CVE-2016-0701.

This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0.  It was
addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For
the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to
premium support customers only. It will be made available in 1.0.2zc when it is
released.

The issue only affects OpenSSL on MIPS platforms. If that applies then:

OpenSSL 1.0.2 users should apply git commit 6fc1aaaf3 (premium support
customers only)
OpenSSL 1.1.1 users should upgrade to 1.1.1m
OpenSSL 3.0.0 users should upgrade to 3.0.1

This issue was found on the 10th of December 2021 and subsequently fixed
by Bernd Edlinger.

Note


OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
The impact of these issues on OpenSSL 1.1.0 has not been analysed.

Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.

References
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20220128.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmH0AK4ACgkQ2cTSbQ5g
RJG4Agf9HqZVxd3uG7Jq8TnM4HIR5lrQaJAq6pszxqGvSSmjmK6fkVf8G0PI6I4M
J8gmlLMfnvDiE2a1yfmzAlXQu3+nTFRMlkkrpfPoBPIrX3ceHa+uRLIlvDm6jTeu
vEV+Zko71AlgDb4cGGP9beAEh6l2pPS2DZ94nEiK2LWl6nIUTaTWuV0WACVHnadk
Xj6YrDtbM9LpW/yELg4nUvrLCn72D+T3rjaDZVfQHCjw97/TJnSOApv5u0EgBiIi
lT3zXBT83qHDsPEfXvQ3Mk4wQiloAmOO4g9B68S84qXq/J8JSowydCQBKhOVQ9uo
u3EDFqOsMHS6ahex7RfBnvML0FBXbA==
=RvBK
-END PGP SIGNATURE-

OTC Vote for the voting policy update

2022-01-28 Thread Matt Caswell


The OTC vote for this policy proposal has now started.

OTC members please cast your votes here:

https://github.com/openssl/technical-policies/pull/17

Matt

OMC Vote for the voting policy has started

2022-01-25 Thread Matt Caswell


The OMC vote for this policy proposal has now started.

OMC members please cast your votes here:

https://github.com/openssl/general-policies/pull/1

Matt

OTC Vote for the testing policy has started

2022-01-25 Thread Matt Caswell


The OTC vote for this policy proposal has now started.

OTC members please cast your votes here:

https://github.com/openssl/technical-policies/pull/13

Matt

Monthly Status Report (December)

2022-01-10 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up meetings, responding to user queries, wiki user 
requests, OMC business, sys-admin, support customer issues, CLA 
submissions, handling security reports, etc., key activities this month:


- Attended many QUIC design meetings
- Provided input on the HPKE submission
- Clarified the deprecation warnings in the docs which were confusing
- Published QUIC design blog post and associated PRs
- Developed tests and a patch for the name constraints/libssl bug 
(CVE-2021-4044)

- Fixed a bug in the *set0_tmp_dh_pkey() functions
- Fixed a documentation bug in the tlsext_ticket_key_cb() functions
- Provided user support for finding replacements to deprecated functions
- Investigated the abstract record layer and what it needs to do
- Investigated whether DH key security level was checked at time of use
- Disabled TLSv1.0 and TLSv1.1 in the CDN for www.openssl.org
- Enabled TLSv1.3 in the CDN for www.openssl.org
- Created a voting policy proposal for OMC
- Created a policy change proposal for OMC
- Created a support and stability policy proposal for OMC
- Reviewed AES-GCM optimisation PR
- Investigated a regression with the s_client -proxy option in master
- Found and fixed a bug with SNI data in combination with s_client -proxy
- Fixed a leak and other proboems in EVP_DigestInit_ex()
- Created a draft testing policy
- Fixed a bug in the tracing code
- Fixed the symbol presence test when used with shlib_variant
- Investigated CVE-2002-20001
- Fixed a bug in X509_STORE_CTX_set_purpose()
- Performed the 3.0.1 and 1.1.1m releases
- Produced a tentative fix for test_encoder_decoder failure on non-stop

Matt

OpenSSL Security Advisory

2021-12-14 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

OpenSSL Security Advisory [14 December 2021]


Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044)


Severity: Moderate

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to
verify a certificate supplied by a server. That function may return a negative
return value to indicate an internal error (for example out of memory). Such a
negative return value is mishandled by OpenSSL and will cause an IO function
(such as SSL_connect() or SSL_do_handshake()) to not indicate success and a
subsequent call to SSL_get_error() to return the value
SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned
by OpenSSL if the application has previously called
SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the
SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally
unexpected and applications may not behave correctly as a result. The exact
behaviour will depend on the application but it could result in crashes,
infinite loops or other similar incorrect responses.

This issue is made more serious in combination with a separate bug in OpenSSL
3.0 that will cause X509_verify_cert() to indicate an internal error when
processing a certificate chain. This will occur where a certificate does not
include the Subject Alternative Name extension but where a Certificate Authority
has enforced name constraints. This issue can occur even with valid chains.

By combining the two issues an attacker could induce incorrect, application
dependent behaviour.

OpenSSL 3.0.0 SSL/TLS clients are affected by this issue. Users of this version
should upgrade to OpenSSL 3.0.1.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

This issue was reported to OpenSSL on 29th November 2021 by Tobias Nießen. The
fix was developed by Matt Caswell and Tobias Nießen.

Note


OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
The impact of these issues on OpenSSL 1.1.0 has not been analysed.

Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.

References
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20211214.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmG4zbUACgkQ2cTSbQ5g
RJG+TggAsQHgwpwy2j4FPzKFAar5hM+3cMI9hZUECu5VJBZaVUQM3fBY5Um16T5L
n6weB9EFe+xpA2ncuuDeUWGvACW5oj6j/obfse4cIRc2K4XfHNydzCi/EB1cG1Qi
d4/dqw4I8KgyZkk7iyZawtQ+vslSefsUbYSqrslBiETK7VMGjIrxNy7ohMadFdA7
E8dYicPPjkYX/4+vs/W0RiAe4kFAHKTFZIvh2ab65CBubAOGDS0CFavd57FvC10Y
UquSKdBIWIIlfueQ8IhYx3v/VEOvS4Q8OpkPkfuoRu0j3qX8lvyHV+gipHD9MK9q
zI7Kj9oa+mUqyT5cp3mhIbSqq3Qm0A==
=xJgY
-END PGP SIGNATURE-

OpenSSL version 3.0.1 published

2021-12-14 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 3.0.1 released
   ==

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 3.0.1 of our open source toolkit for SSL/TLS.
   For details of the changes, see the release notes at:

https://www.openssl.org/news/openssl-3.0-notes.html

   Specific notes on upgrading to OpenSSL 3.0 from previous versions are
   available in the OpenSSL Migration Guide, here:

https://www.openssl.org/docs/man3.0/man7/migration_guide.html

   OpenSSL 3.0.1 is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-3.0.1.tar.gz
  Size: 15011207
  SHA1 checksum:  33b00311e7a910f99ff041deebc6dd7bb9f459de
  SHA256 checksum:  
c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1

   The checksums were calculated using the following commands:

openssl sha1 openssl-3.0.1.tar.gz
openssl sha256 openssl-3.0.1.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmG4w10ACgkQ2cTSbQ5g
RJETYQgAjRoCClgeA+HaqG8t+dnYgBdlvXtRqdcPaBpWPO0E4hoSE09jgfJrs2Hj
oKiH844DXxfQTDAexG08X5sw/YL1hp5bchoHGz2L8ZzbaXNSt/4tUYRM+/DKo3t0
SWMCNNeu6PG2HUxv0VaDujAUnPqG0K7bZ9zjeXP3OepTSa8FR0QQG4oN+dBamYQi
k8rL6+VOxxq2mjcAfBj8pybKcxiGXtEy+evBwSGdVPOXhogvzIO0JyPfpS08UZke
CvIMcqR0k4CzmBlVeveKUKqF+EOJWTgcYDPjIzuP9FKFdYcEis0+dzMzg5CeLPbn
MMMnbatP918MZIIeC4L6U02AT3I4Ew==
=0RgY
-END PGP SIGNATURE-

OpenSSL version 1.1.1m published

2021-12-14 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 1.1.1m released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1m of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1m is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.1.1m.tar.gz
  Size: 9847315
  SHA1 checksum: 39d424c4411e45f1570073d7a71b1830b96007ca
  SHA256 checksum: 
f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.1.1m.tar.gz
openssl sha256 openssl-1.1.1m.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmG4vAIACgkQ2cTSbQ5g
RJFRjgf+LXWwOHLNWh4XBVIwbQgaCF7mHMQqfa0LGzke/xA+K41Mb7h5+LRGsyDS
NxHPiI1Qj4brhpVDQWF4D0aNi+BaWYU72tb7vaFneO1lVvRXBntYxw8ioyCKGRfZ
weCw0Jl9+fH5KKQ2SMoSeXKwdeZWgm+JaUcIgIt9oDrlNHhv2lTYbaqXWZ9t0dwY
HMjR78zdbcnmOJ3mqBzVlwfdBuGqC6iuk+J9SgZNTCn//X5PDj3gbcDjS22CWMQH
ViMHOaN+ZxZii1HMELpEWE0RBotC5UxlWXq8PZFqXvwLISGeyokTcTCElxTuh3os
OnZf+Jd35FlKihCKqaYFiRGboOKPjA==
=Ac7r
-END PGP SIGNATURE-

Testing policy

2021-12-13 Thread Matt Caswell


See this PR for a first pass attempt at writing a testing policy:

https://github.com/openssl/technical-policies/pull/13

Matt

Re: OTC VOTE: Accept PR #16705 into 3.0

2021-12-08 Thread Matt Caswell

I forgot I was now supposed to record these votes as issues in the 
technical policies repository.


I have now done so:
https://github.com/openssl/technical-policies/issues/12

Matt


On 07/12/2021 10:35, Matt Caswell wrote:

topic: Accept PR #16705 into 3.0 subject to the normal review process
Proposed by Matt Caswell
Public: yes
opened: 2021-12-07
closed: 2021-12-07
accepted:  yes  (for: 4, against: 1, abstained: 3, not voted: 2)

   Dmitry [+0]
   Matt   [+1]
   Pauli  [-0]
   Tim    [-1]
   Richard    [+1]
   Shane  [+1]
   Tomas  [+1]
   Kurt   [  ]
   Matthias   [+0]
   Nicola [  ]

Support and Stability Policy

2021-12-08 Thread Matt Caswell


I've created a proposal for an OMC support and Stability Policy here:

https://github.com/openssl/general-policies/pull/3

This is intended to be complementary to the OTC's Stable Release 
Update's Policy currently in review here:


https://github.com/openssl/technical-policies/pull/8

The contents of the proposed policy is just existing text pulled from 
this page (with some minor editorial tweaks):


https://www.openssl.org/policies/releasestrat.html

Matt

General policy drafts

2021-12-08 Thread Matt Caswell

The OTC have previously created policies for how voting and policy 
updates should occur.


The policies are here:

https://github.com/openssl/technical-policies/blob/master/policies/voting-procedure.md
https://github.com/openssl/technical-policies/blob/master/policies/policy-change-process.md

I've now created PRs for equivalent policies for the OMC. You can see 
the draft PRs here:


https://github.com/openssl/general-policies/pull/1
https://github.com/openssl/general-policies/pull/2


Matt

Forthcoming OpenSSL Releases

2021-12-07 Thread Matt Caswell


The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.1.1m and 3.0.1.

These releases will be made available on Tuesday 14th December 2021
between 1300-1700 UTC.

OpenSSL 3.0.1 is a security and bug fix release. The highest severity 
issue fixed in this release is MODERATE:

https://www.openssl.org/policies/secpolicy.html#moderate

OpenSSL 1.1.1m is a bug fix release. There are no security issues 
addressed in this release.


Yours

The OpenSSL Project Team


OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

OTC VOTE: Accept PR #16705 into 3.0

2021-12-07 Thread Matt Caswell


topic: Accept PR #16705 into 3.0 subject to the normal review process
Proposed by Matt Caswell
Public: yes
opened: 2021-12-07
closed: 2021-12-07
accepted:  yes  (for: 4, against: 1, abstained: 3, not voted: 2)

  Dmitry [+0]
  Matt   [+1]
  Pauli  [-0]
  Tim[-1]
  Richard[+1]
  Shane  [+1]
  Tomas  [+1]
  Kurt   [  ]
  Matthias   [+0]
  Nicola [  ]

Re: Starting the QUIC Design

2021-12-03 Thread Matt Caswell


Oops. Thanks Matthias. Fixed now.

Matt

On 03/12/2021 13:04, Dr. Matthias St. Pierre wrote:

Sorry, the links to the pull requests are broken. This will be fixed as soon as 
possible.

Here the correct links:

#17184 - QUIC API Design
https://github.com/openssl/openssl/pull/17184

#17185 - QUIC Event Loop Design
https://github.com/openssl/pull/17185



-Original Message-
From: openssl-users  On Behalf Of Matt 
Caswell
Sent: Friday, December 3, 2021 1:05 PM
To: openssl-project@openssl.org; openssl-us...@openssl.org
Subject: Starting the QUIC Design

Please see my blog post on starting the QUIC design here:

https://www.openssl.org/blog/blog/2021/12/03/starting-the-quic-design/

Matt

Starting the QUIC Design

2021-12-03 Thread Matt Caswell


Please see my blog post on starting the QUIC design here:

https://www.openssl.org/blog/blog/2021/12/03/starting-the-quic-design/

Matt

Monthly Status Report (November)

2021-12-03 Thread Matt Caswell

As well as normal reviews, attending regular OMC and OTC meetings, 
attending daily stand up meetings, responding to user queries, wiki user 
requests, OMC business, sys-admin, support customer issues, CLA 
submissions, handling security reports, etc., key activities this month:


- Investigated an issue where using a short ECX key resulted in an assertion
 failure. Created PR #17041 to fix this.

- Investigated a segfault on program exit (#17040) which was caused by 
having

 multiple versions of OpenSSL linked at the same time

- Wrote and subsequently merged the OTC design policy
- Investigated and found a solution for a user with connectivity issues 
(#17039)


- Wrote a proposed policy for accepting assembler optimisations
- Fixed an SSL_get_error() problem when used in async mode

- Fixed some errors in the EVP_PKEY_fromdata doc examples
- Investigated a problem with encoding of EC Public keys
- Investigated and fixed numerous threading issues
- Clarified the PEM docs to explain how to use libctx/propq with them
- Fixed an issue with incorrect detection of short ECX keys
- Clarified the EVP_CTRL_AEAD_SET_TAG documentation
- Investigated and fixed a symbol_presence test failure on windows
- Attended numerous design meeting
s
- Investigated a report of custom RSA_METHOD code not working as expected

- Investigated performance issues

- Created PR to not remove the doc/html directories when cleaning

- Attended a meeting with other open source groups regarding post quantum
- Various work transitioning our internal git repositories to Github 
Enterprise



Matt

OTC vote for the assembler optimisations policy

2021-11-30 Thread Matt Caswell


The OTC vote for this policy proposal has now started.

OTC members please cast your votes here:

https://github.com/openssl/technical-policies/pull/9

Matt

New Blog Post

2021-11-25 Thread Matt Caswell

Please see the new blog post by Tim Hudson giving an update on the 
OpenSSL Project.


https://www.openssl.org/blog/blog/2021/11/25/openssl-update/

Matt

Vote on the design process policy

2021-11-23 Thread Matt Caswell

As per our new policy voting procedure the vote on the design process 
policy is now open in this PR:


https://github.com/openssl/technical-policies/pull/3

Matt

Re: OTC VOTE: Accept Policy change process proposal

2021-11-01 Thread Matt Caswell


+1

On 01/11/2021 10:23, Tomas Mraz wrote:

topic: Accept openssl/technical-policies PR#1 - the policy change
process proposal as of commit 3bccdf6. This will become an official OTC
policy.

comment: This will implement the formal policy change process so we can
introduce and amend further policies as set by OTC via a public
process.

Proposed by Tomáš Mráz
Public: yes
opened: 2021-11-01
closed: 2021-mm-dd
accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: T)

    Dmitry [  ]
    Matt   [  ]
    Pauli  [  ]
    Tim    [  ]
    Richard    [  ]
    Shane  [  ]
    Tomas  [+1]
    Kurt   [  ]
    Matthias   [  ]
    Nicola [  ]

Proposed design process policy

2021-11-01 Thread Matt Caswell


I have proposed a new policy for creating designs here:

https://github.com/openssl/technical-policies/pull/3

Please take a look. It would be good to discuss this at tomorrow's OTC.

Matt

Monthly Status Report (October)

2021-11-01 Thread Matt Caswell


As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, CLA submissions,
handling security reports, etc., key activities this month:

- Numerous OMC related tasks
- Investigated issue with RSA and padding with RSA_PKCS1_WITH_TLS_PADDING
- Investigated and developed a fix for dynamic engine loading (currently 
pending)

- QUIC investigations
- Identified and fixed an issue in pkey_set_type() which was mishandling 
ENGINE references

- Changed the default security level to 2 in master
- Fixes for short buffer handling
- Updates to the platform policy as per OMC decisions
- Fixed signature newctx documentation
- Fixed the s_server psk_server_cb to correctly handle DTLS
- Fixed some engine related problems
- Investigated a regression in the DES code
- Updated the documentation for EVP_get_cipherbyname/EVP_get_digestbyname
- Fixed a gcc 11.2.0 warning
- Fixed no-cmac
- Fixed a crash when encoding a public key with no public key value
- Worked on a design process for OTC
- Investigated MAC XOF interface issue


Matt

Re: OTC VOTE: Accept PR#16725

2021-10-20 Thread Matt Caswell


I have now closed this vote:


topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to the 
normal

   review process
Proposed by Matt Caswell
Public: yes
opened: 2021-10-19
closed: 2021-10-20
accepted:  yes  (for: 4, against: 2, abstained: 4, not voted: 0)

  Dmitry [+0]
  Matt   [+1]
  Pauli  [ 0]
  Tim[ 0]   # Vote changed 2021-10-20
  Richard[+0]
  Shane  [+1]
  Tomas  [+1]
  Kurt   [+1]
  Matthias   [-1]
  Nicola [-1]


On 20/10/2021 09:43, Dr Paul Dale wrote:

0

Pauli

On 19/10/21 8:07 pm, Matt Caswell wrote:
topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to 
the normal review process

Proposed by Matt Caswell
Public: yes
opened: 2021-10-19
closed: 2021-mm-dd
accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: T)

  Dmitry [+0]
  Matt   [+1]
  Pauli  [  ]
  Tim    [-1]
  Richard    [+0]
  Shane  [+1]
  Tomas  [+1]
  Kurt   [  ]
  Matthias   [-1]
  Nicola [-1]

Re: OTC VOTE: Accept PR#16725

2021-10-20 Thread Matt Caswell

On 19/10/2021 19:31, Nicola Tuveri wrote:

I believe Matt will find the time at some point to post the minutes
from today's meeting, but until then here is my recap.

We decided in the meeting that posting the minutes to the list wasn't
necessary and we would just push them to the repo:

https://git.openssl.org/gitweb/?p=otc.git;a=blob;f=meeting-minutes/minutes-2021-10-19.txt;h=8bae2b86ecd7c4f967ba2aa822535dc0facbbfa9;hb=HEAD

Matt

The discussion mostly focused on why the changes in #16725 are a
bugfix and not a new feature, which would be a prerequisite to be
admissible to be merged in the 3.0 branch.
As I recall it, there were no objections to the final outcome of the
PR to be desirable, the vote is entirely about this being a bugfix or
not.

It would be on those who voted +1 to properly argument why this is a
bugfix and not a new feature, but the short version of that argument
is that the outcome of #16725 was the "intended behavior" for 3.0.0.
The counterargument is that we could not find written evidence (i.e.,
GH issues/PRs, documentation, and/or tests) that indeed the project
ever committed to have this behavior in 3.0.0.

The Strategic Architecture document has some text that could be
somewhat related and used to support the "intend behavior" view, but
the document clearly states

This document outlines the OpenSSL strategic architecture. It will take multiple releases, starting
from 3.0.0, to move the architecture from the current "as-is" (1.1.1), to the future
"to-be" architecture.

Hence, it does not really prove that this functionality was always
planned for the 3.0.0 release.

Accepting this PR for the next minor release would not require a vote.

I hope this recap is helpful to inform your decision.

Cheers,

Nicola

On Tue, Oct 19, 2021 at 9:10 PM Kurt Roeckx wrote:

On Tue, Oct 19, 2021 at 11:07:26AM +0100, Matt Caswell wrote:

topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to the
normal review process

So we have various people voting -1. Does someone want to explain
why they vote -1?

Kurt

OTC VOTE: Accept PR#16725

2021-10-19 Thread Matt Caswell

topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to the 
normal review process

Proposed by Matt Caswell
Public: yes
opened: 2021-10-19
closed: 2021-mm-dd
accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: T)

  Dmitry [+0]
  Matt   [+1]
  Pauli  [  ]
  Tim[-1]
  Richard[+0]
  Shane  [+1]
  Tomas  [+1]
  Kurt   [  ]
  Matthias   [-1]
  Nicola [-1]

OMC Release Requirements

2021-10-13 Thread Matt Caswell

FYI, the OMC have agreed the attached release requirements document.

Matt
# OMC Release Requirements

This document provides information on the OMC requirements and expectations for the next release after 3.0 and subsequent releases.

## Release timeframe

The OMC objective is to have shorter release timeframes, with releases occurring every six months.

1.1.1 is our current LTS release and we are committed to specifying another one by September 2022. Therefore OMC expects that the next release (3.1) will be the next LTS. In the event that 3.1 is not released by September 2022 then the fallback position is for 3.0 to be the LTS.

## Platform List

Follow the to-be-published platform policy update covering the primary and secondary platforms.

## QUIC

The focus for the next releases is QUIC, with the objective of providing a fully functional QUIC implementation over a series of releases (2-3).

The current libssl record layer includes support for TLS, DTLS and KTLS. QUIC will introduce another variant and there may be more over time. The OMC requires a pluggable record layer interface to be implemented to enable this to be less intrusive, more maintainable, and to harmonize the existing record layer interactions between TLS, DTLS, KTLS and the planned QUIC protocols.

The application must have the ability to be in control of the event loop without requiring callbacks to process the various events. An application must also have the ability to operate in “blocking” mode.

The QUIC implementation must include at least one congestion control algorithm. The fully functional release will provide the ability to plug in more implementations (via a provider).

The minimum viable product (MVP) for the next release is a pluggable record layer interface and a single stream QUIC client in the form of s_client that does not require significant API changes. In the MVP, interoperability should be prioritized over strict standards compliance.

The MVP will not contain a library API for an HTTP/3 implementation (it is a non-goal of the initial release). Our expectation is that other libraries will be able to use OpenSSL to build an HTTP/3 client on top of OpenSSL for the initial release.

Once we have a fully functional QUIC implementation (in a subsequent release), it should be possible for external libraries to be able to use the pluggable record layer interface and it should offer a stable ABI (via a provider).

The next major release number is intended to be reserved for the fully functional QUIC release (this does not imply we expect API breakage to occur as part of this activity - we can change major release numbers even if APIs remain compatible).

PR#8797 will not be merged and compatibility with the APIs proposed in that PR is a non-goal.

We do not plan to place protocol versions themselves in separate providers at this stage.

For the MVP a single interop target (i.e. the server implementation list):

1. Cloudfare - https://cloudflare-quic.com/

Testing against other implementations is not a release requirement for the MVP.

## DTLS

DTLS-1.3 is not a target for any release until it becomes an RFC. DTLS-1.3 is not a target for the next release even if it becomes an RFC.

Agenda for the next OTC meeting

2021-10-12 Thread Matt Caswell


My proposed agenda for the next OTC meeting (2021-10-19):

1) Nominate a minute taker and confirm agenda
2) Review policy process strawman
3) PR #16725
4) Agree agenda for next meeting
5) AOB


Matt

Monthly Status Report (September)

2021-10-05 Thread Matt Caswell


As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, CLA submissions,
handling security reports, etc., key activities this month:

- Significant amount of time spent on various OMC tasks this month
- Prepared various website updates ready for the 3.0 release
- Wrote the blog post for the 3.0 release
- Liased with mbed tls team (issue #16486)
- Clarified the documentation around SSL_set_num_tickets() and 
SSL_get_session()
- Fixed bug to correctly handle extensions in a Certificate message sent 
by a client

- Performed the 1.0.2zb release
- Wrote a blog about the FIPS submission
- Significant investigation and a draft fix (later superseded) into #16614

Matt

Re: Blog post about FIPS submission

2021-09-23 Thread Matt Caswell




On 23/09/2021 21:51, Kurt Roeckx wrote:

On Thu, Sep 23, 2021 at 09:42:01PM +0200, Dmitry Belyavsky wrote:

Hello Matt,

The link
https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-processmodules-in-process-list
(You can see the official listing for the submission *here*) seems to be
not working

It seems to be:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/modules-in-process-list

(A missing /, the URL is also case insensitive.)



Fixed.

Matt

Blog post about FIPS submission

2021-09-23 Thread Matt Caswell


FYI, please see my blog post about the OpenSSL 3 FIPS submission here:

https://www.openssl.org/blog/blog/2021/09/22/OpenSSL3-fips-submission/

Matt

OTC VOTE: Increase the default security level from 1 to 2

2021-09-21 Thread Matt Caswell


topic: Increase the default security level from 1 to 2 in master
Proposed by Matt Caswell
Public: yes
opened: 2021-09-21
closed: 2021-09-21
accepted:  yes  (for: 7, against: 1, abstained: 1, not voted: 1)

  Dmitry [+1]
  Matt   [+1]
  Pauli  [+1]
  Tim[+0]
  Richard[+1]
  Shane  [-1]
  Tomas  [+1]
  Kurt   [  ]
  Matthias   [+1]
  Nicola [+1]

OTC VOTE: Restart merging of non-breaking small features

2021-09-14 Thread Matt Caswell

topic: Allow the restart of merging of non-breaking small features to 
the master

   branch
Proposed by Matt Caswell
Public: yes
opened: 2021-09-14
closed: 2021-09-14
accepted:  yes  (for: 5, against: 1, abstained: 1, not voted: 2)

  Dmitry [+1]
  Matt   [+1]
  Pauli  [  ]
  Tim[-1]
  Richard[+1]
  Shane  [ 0]
  Tomas  [+1]
  Kurt   [  ]
  Matthias   [+1]
  Nicola [+1]

Monthly Status Report (August)

2021-09-06 Thread Matt Caswell


As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, CLA submissions,
handling security reports, etc., key activities this month:

- Implemented the (extended) patch CVE-2021-3712 as well as significant 
analysis time spent on this issue

- Analysed and developed the patch for CVE-2021-3711
- Co-ordinated and performed the security release for OpenSSL 1.1.1l and 
OpenSSL 1.0.2za
- Investigated, created reproducer for, and subsequently developed the 
fix for an issue where leaks occurred due to loading the config file 
into the same libctx twice

- Investigated with Tomas problems with the clacheck script following
the removal of the "license"host
- Significant investigation work for OMC related tasks
- Updates to the release instructions following problems with the last 
release

- Helped investigate a solaris linking issue
- Fixed a bug where we need to check the asn.1 type of an "otherName" 
before we attempt to read it
- Refactored and rationalized provider locking to deal with "lock 
inversion" errors being reported from thread sanitizer


Matt

Re: OTC vote: branching 3.0

2021-08-31 Thread Matt Caswell


+1

On 31/08/2021 10:15, Dr Paul Dale wrote:

topic: Create `openssl-3.0' git branch today.
comment: This cascades to other names/version information on GitHub.
  For example, change the release version information in the
  master branch to 3.1.0-dev
Proposed by Pauli.
Public: yes
opened: 2021-08-31
closed: 2021-08-31
accepted:  yes  (for: 7, against: 0, abstained: 0, not voted: 3)

   Dmitry [+1]
   Matt   [  ]
   Pauli  [+1]
   Tim    [+1]
   Richard    [+1]
   Shane  [+1]
   Tomas  [+1]
   Kurt   [  ]
   Matthias   [+1]
   Nicola [  ]


This is to create a git branch and related activities.

Re: OTC vote: release of 3.0.0

2021-08-31 Thread Matt Caswell


+1

On 31/08/2021 09:47, Dr Paul Dale wrote:

topic:

/Release 3.0.0 final on Tuesday the 7th of September 2021 if
run-checker and CI builds have been clean for two days./


Proposed by Pauli.
Public: yes
opened: 2021-08-31
closed: 2021-08-31
accepted:  yes  (for: 8, against: 0, abstained: 0, not voted: 2)

   Dmitry [+1]
   Matt   [  ]
   Pauli  [+1]
   Tim    [+1]
   Richard    [+1]
   Shane  [+1]
   Tomas  [+1]
   Kurt   [  ]
   Matthias   [+1]
   Nicola [+1]

OpenSSL Security Advisory

2021-08-24 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

OpenSSL Security Advisory [24 August 2021]
==

SM2 Decryption Buffer Overflow (CVE-2021-3711)
==

Severity: High

In order to decrypt SM2 encrypted data an application is expected to call the
API function EVP_PKEY_decrypt(). Typically an application will call this
function twice. The first time, on entry, the "out" parameter can be NULL and,
on exit, the "outlen" parameter is populated with the buffer size required to
hold the decrypted plaintext. The application can then allocate a sufficiently
sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
value for the "out" parameter.

A bug in the implementation of the SM2 decryption code means that the
calculation of the buffer size required to hold the plaintext returned by the
first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
called by the application a second time with a buffer that is too small.

A malicious attacker who is able present SM2 content for decryption to an
application could cause attacker chosen data to overflow the buffer by up to a
maximum of 62 bytes altering the contents of other data held after the
buffer, possibly changing application behaviour or causing the application to
crash. The location of the buffer is application dependent but is typically
heap allocated.

OpenSSL versions 1.1.1k and below are affected by this issue. Users of these
versions should upgrade to OpenSSL 1.1.1l.

OpenSSL 1.0.2 is not impacted by this issue.

OpenSSL 3.0 alpha/beta releases are also affected but this issue will be
addressed before the final release.

This issue was reported to OpenSSL on 12th August 2021 by John Ouyang. The fix
was developed by Matt Caswell.

Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
=

Severity: Moderate

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
structure which contains a buffer holding the string data and a field holding
the buffer length. This contrasts with normal C strings which are repesented as
a buffer for the string data which is terminated with a NUL (0) byte.

Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
own "d2i" functions (and other similar parsing functions) as well as any string
whose value has been set with the ASN1_STRING_set() function will additionally
NUL terminate the byte array in the ASN1_STRING structure.

However, it is possible for applications to directly construct valid ASN1_STRING
structures which do not NUL terminate the byte array by directly setting the
"data" and "length" fields in the ASN1_STRING array. This can also happen by
using the ASN1_STRING_set0() function.

Numerous OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur.

The same thing can also occur during name constraints processing of certificates
(for example if a certificate has been directly constructed by the application
instead of loading it via the OpenSSL parsing functions, and the certificate
contains non NUL terminated ASN1_STRING structures). It can also occur in the
X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.

If a malicious actor can cause an application to directly construct an
ASN1_STRING and then process it through one of the affected OpenSSL functions
then this issue could be hit. This might result in a crash (causing a Denial of
Service attack). It could also result in the disclosure of private memory
contents (such as private keys, or sensitive plaintext).

OpenSSL versions 1.1.1k and below are affected by this issue. Users of these
versions should upgrade to OpenSSL 1.1.1l.

OpenSSL versions 1.0.2y and below are affected by this issue. However OpenSSL
1.0.2 is out of support and no longer receiving public updates. Premium support
customers of OpenSSL 1.0.2 should upgrade to 1.0.2za. Other users should upgrade
to 1.1.1l.

An initial instance of this issue in the X509_aux_print() function was reported
to OpenSSL on 18th July 2021 by Ingo Schwarze. The bugfix was developed by Ingo
Schwarze and first publicly released in OpenBSD-current on 10th July 2021 and
subsequently in OpenSSL on 20th July 2021 (commit d9d838ddc). Subsequent
analysis by David Benjamin on 17th August 2021 identified more instances of the

OpenSSL version 1.1.1l published

2021-08-24 Thread Matt Caswell

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 1.1.1l released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1l of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1l is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.1.1l.tar.gz
  Size: 9834044
  SHA1 checksum: f8819dd31642eebea6cc1fa5c256fc9a4f40809b
  SHA256 checksum: 
0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.1.1l.tar.gz
openssl sha256 openssl-1.1.1l.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmEk9nQACgkQ2cTSbQ5g
RJFk2QgAr9NfJzaDqFFDnjCS7bCGyOf77I4P7IFKfD2Ip4BFYUAS//x7rHjyBs/+
LvbXGm1uht8QWvqA+j6jgq/FwHJS0NhYiw8JPh9E/ATqjhx0K3Pe133u8oy4KOWL
/yZvc7bm99Fh9kTb+41hYRYqDcnnLvTyjhMT8zTtuZiva3/152zXgSSfbglF9/A5
nnvWRqJMtGX058EuGNpprHT+1HMN/yUr9lkpKR4iHqHTPm/Y+UgQFnwyJnEUDIy3
1yEFiU6FRGyqZL+lLWmv0mORwJRbgFyk1016xMtvR3NsPWITyt9XlkWwExC9mDlG
reN5SLCrLyA9mUVzED6ARSMQNINDbg==
=hKcH
-END PGP SIGNATURE-

Update on 3.0 release

2021-08-24 Thread Matt Caswell

FYI, OTC met today to discuss the 3.0 final release. Due to the security 
release taking place later today they decided that 3.0 final will not be 
released this week.


Matt

Forthcoming OpenSSL release

2021-08-17 Thread Matt Caswell


The OpenSSL project team would like to announce the forthcoming
release of OpenSSL version 1.1.1l.

This release will be made available on Tuesday 24th August 2021
between 1200-1600 UTC.

OpenSSL 1.1.1l is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high

Note that due to this also affecting OpenSSL 3.0 beta releases, OpenSSL 
3.0 final will not be occurring this week.


Yours

The OpenSSL Project Team



OpenPGP_signature
Description: OpenPGP digital signature

1 2 3 4 5 6 7 >

1 - 100 of 642 matches

Mail list logo