[+1]
--
SY, Dmitry Belyavsky
Matt [ ]
>Pauli [ ]
>Tim[ ]
>Richard[ ]
>Shane [ ]
>Tomas [+1]
>Kurt [ ]
>Matthias [ ]
>Nicola [ ]
>
>
>
>
--
SY, Dmitry Belyavsky
):
>
> 1) Nominate a minute taker and confirm agenda
> 2) Review policy process strawman
> 3) PR #16725
> 4) Agree agenda for next meeting
> 5) AOB
>
>
> Matt
>
>
--
SY, Dmitry Belyavsky
my blog post about the OpenSSL 3 FIPS submission here:
>
> https://www.openssl.org/blog/blog/2021/09/22/OpenSSL3-fips-submission/
>
> Matt
>
>
--
SY, Dmitry Belyavsky
>
>
I think we need some sort of definition of missing features.
Some features (e.g. SRP) were deliberately excluded from 3.0,
but I tend to treat all the other features available in 1.1.1 and missing
in 3.0 as bugs.
--
SY, Dmitry Belyavsky
: T)
>
>Dmitry [ ]
>Matt [-1]
>Pauli [+1]
>Tim[ 0]
>Richard[+1]
>Shane [+1]
>Tomas [ ]
>Kurt [ ]
>Matthias [ ]
>Nicola [+1]
>
--
SY, Dmitry Belyavsky
Dear Matt, dear colleagues,
It's a great honor to become an OpenSSL Technical Committee member!
I'll do my best to make the project better.
On Fri, Jul 30, 2021 at 12:12 PM Matt Caswell wrote:
> I am very pleased to be able to announce that Dmitry Belyavsky has
> become the O
release. If you
> > have an approved PR that you were expecting would be included and it
> > hasn't been, then please point me at it.
> >
> > Thanks
> >
> > Matt
> >
> >
> > On 16/06/2021 10:21, Dr Paul Dale wrote:
> >> The repository is frozen in anticipation of the 3.0 beta release.
> >>
> >> Pauli
> >>
>
--
SY, Dmitry Belyavsky
project.
>
>
> Dr Paul Dale
>
>
>
>
--
SY, Dmitry Belyavsky
Dear Kurt,
On Mon, Dec 14, 2020 at 10:10 PM Kurt Roeckx wrote:
> On Mon, Dec 14, 2020 at 08:20:29PM +0100, Dmitry Belyavsky wrote:
> > Dear Kurt,
> >
> >
> > On Mon, Dec 14, 2020 at 3:59 PM Kurt Roeckx wrote:
> >
> > > Hi,
> > >
> > &g
or not, assuming the upcoming operation.
And the possibility to find out whether the state is consistent and
suitable for the upcoming operation or not is a must and should be provided
by an API.
--
SY, Dmitry Belyavsky
ontinue my activity as a committer.
--
SY, Dmitry Belyavsky
port
> it, and so the apps and libssl can use it then.
>
> My interpretation was always that we want to completly disable the
> feature, for instance because we don't want to use it at all or we
> want to reduce the size of the binries.
>
>
> Kurt
>
>
--
SY, Dmitry Belyavsky
ter point.
> 6) do 2), but enforce it in the fips provider
>
> I don't know if we do any any kind of consistency checks on the key
> now when it's loaded. But 2) would then imply that the check is
> skipped instead of returning an error.
>
4) maybe not applicable when a private key is on the hardware token.
--
SY, Dmitry Belyavsky
efore it is converted to 'long'.
==
I can submit a PR providing the CodeQL scan for the master branch if the
Team thinks it is useful.
But I strongly suppose that someone will have to configure the OpenSSL
github project to enable it.
On Fri, Oct 2, 2020 at 6:30 PM Dmitry Belyavsky w
the original message and
> destroy all copies thereof.
>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
>
> *From**:* openssl-project *On
> Behalf Of *Dmitry Belyavsky
> *Sent:* Friday, Oct
> Oracle Australia
>
>
>
>
>
--
SY, Dmitry Belyavsky
a similar view?
>
> I think we should probably avoid putting in large or potentially
> destabilizing changes, but don't see much reason to put a total freeze in
> place (even with your listed exceptions).
>
I agree with Ben.
--
SY, Dmitry Belyavsky
; I actually don't mind either way - but if its the latter, then I need a
> way of identifying the "must haves". These are the top priority items,
> and at the moment I can't easily track their progress.
>
> Matt
>
>
>
--
SY, Dmitry Belyavsky
PRs need to go in before beta1?
>
>
> Kurt
>
>
--
SY, Dmitry Belyavsky
an dismiss the stale review.
>
> Sorry, it seems a bit overengineering for me.
I'd prefer a procedure with explicit hold and explanation in the comments.
--
SY, Dmitry Belyavsky
Many thanks!
On Wed, Sep 9, 2020 at 4:16 PM Mark J Cox wrote:
> I just spotted it via twitter, https://raccoon-attack.com/
>
> Mark
>
> On Wed, Sep 9, 2020 at 2:08 PM Dmitry Belyavsky wrote:
> >
> > Could you please let me know when it is available?
> >
> &
Could you please let me know when it is available?
On Wed, Sep 9, 2020 at 3:51 PM Mark J Cox wrote:
> They should be releasing their paper very soon (today).
>
> Regards, Mark
>
> On Wed, Sep 9, 2020 at 1:45 PM Dmitry Belyavsky wrote:
> >
> > Is the description of th
QYKb
> 5rHRLB3DDoyHEBzEEIjcqYTTThXW9ZSByVK9SKpC78IRM/B2dfd0+j4hIB/kDC/E
> G+wieFzexHQVdleVYT/VaJ6qS8AwvohBbt8h7yK0P6v/4vEm0spDbUmjWJBVUlUu
> QZyELjj8XZR3YFxt3axSuJg3JSGYlaMzkt2+DVq4qEzeJLIydLK9J8p6RNwPhsJk
> Rx0ez8P4N+5O7XmA0nHv3HyompdMgHlvykj8Ks4lNHVS02KKLi1jDtmOxl3Fm/hb
> ZNOmjn7lulV1342pw4rWL3Nge3x0s0Q5zgBCm1mqLzzu/V1ksx8FJwGA1w2cH280
> dU9VedkC2wvFQije8pFrWH9l6N9Bh41DIEOnlBl0AL7IrbPdO6yMcD6vpR7hWjr3
> fx4hNJSAGzJ3i/NXlSj4eR/47zkjfJyEc8Drc2QgewyqXFrK20X/LOj8MqJlc+ry
> pXZseh+XC8WaYDMV1ltrKvE2Ld9/0f3Ydc04AcDeu5SXPJG79ogzVnchZok7+XCj
> RT+a3/ES45+CTfL5v27t5QJxJcxg4siLVsILfi0rIUv0IYgH2fU=
> =U7OO
> -END PGP SIGNATURE-
>
--
SY, Dmitry Belyavsky
Hello,
I go on my vacation from July 24 to August 5. On vacation, my internet
access is very limited.
If you have smth urgent, please let me know via direct email.
Many thanks!
--
SY, Dmitry Belyavsky
Hello,
Here is a nice article about a tool desired to catch misuse of the OpenSSL
API.
https://blog.trailofbits.com/2020/05/29/detecting-bad-openssl-usage/
I'm not sure whether it's worth using by the team but maybe it's worth
mentioning in OpenSSL Wiki.
--
SY, Dmitry Belyavsky
a non-fatal error,
> > like the old behaviour is, I would really prefer a different
> > error, one that's not SSL_ERROR_SYSCALL or SSL_ERROR_SSL.
> >
> > So I think the suggestion is to have this:
> > - By default, SSL_ERROR_SSL is returned with
> > SSL_R_UNE
Dear Nicola,
Please see https://github.com/openssl/openssl/pull/11792
It currently does not enable TCL and Perl tests, but the C tests also
helped me to find regression in the master branch.
On Thu, May 7, 2020 at 10:55 PM Dmitry Belyavsky wrote:
> Dear Nicola,
>
> I feel a signifi
Dear Matt,
The workaround for the 11763 is implemented, 11764 seems to be fixed now,
so no objections from my side.
Happy weekend!
On Fri, May 8, 2020 at 11:58 AM Dmitry Belyavsky wrote:
> Dear Matt,
>
> I kindly ask not to make release until issues raised in #11763 and #11764
&g
F.
>
> If the default behaviour should be to make it a non-fatal error,
> like the old behaviour is, I would really prefer a different
> error, one that's not SSL_ERROR_SYSCALL or SSL_ERROR_SSL.
>
> So I think the suggestion is to have this:
> - By default, SSL_ERROR_SSL is returned with
> SSL_R_UNEXPECTED_EOF_WHILE_READING, the session will be
> marked invalid.
> - With an option, SSL_ERROR_ZERO_RETURN is returned, the session
> will stay valid.
>
If I remember correctly, session resumption is a way to significantly
reduce a server's workload.
So I think that by default (and maybe the only option) we should prefer the
old behaviour.
--
SY, Dmitry Belyavsky
elease
> next week (on Thursday 14th May). Unless I hear objections otherwise, I
> plan to go with that.
>
> Matt
>
--
SY, Dmitry Belyavsky
need to test more thoroughly to ensure we are not
> breaking the engine API!
>
>
> Nicola
>
> On Thu, May 7, 2020, 21:08 Dmitry Belyavsky wrote:
>
>> Dear colleagues,
>>
>> Let me draw your attention to a potentially reasonable set of extended
>> tes
>
> Is there really another situation where SSL_ERROR_SYSCALL with errno 0
> could be returned apart from the unclean EOF condition?
>
> I can't really think of any.
>
> So I would be just for properly documenting the condition and keeping
> it as is if the SSL_OP to ignore unclean EOF is in effect.
>
> --
> Tomáš Mráz
> No matter how far down the wrong road you've gone, turn back.
> Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
>
>
>
--
SY, Dmitry Belyavsky
known
problems).
I will be happy to assist in enabling these tests as a part of openssl test
suites.
Many thanks!
--
SY, Dmitry Belyavsky
On Fri, May 1, 2020 at 6:19 PM Mark J Cox wrote:
> On Fri, May 1, 2020 at 3:30 PM Dmitry Belyavsky wrote:
> ..
> > And I also got an idea that ping comment leaves PRs out of this
> statistics :)
>
> Thanks! The script is designed to ignore the automated pings that it
>
22
> 7225 reviewed:commented days:587
> 6725 milestone:Assessed, reviewed:approved days:330
> 6518 milestone:Assessed, reviewed:approved days:681
> 6516 branch: 1.1.1, branch: master, milestone:Assessed, days:681
> 6448 milestone:Assessed, days:188
> 6219 milestone:Assessed, reviewed:approved days:719
> 5427 branch: master, milestone:Assessed, reviewed:commented days:481
> 4487 milestone:Assessed, days:658
>
--
SY, Dmitry Belyavsky
Dear Hubert,
Done:
https://github.com/openssl/openssl/pull/11440
On Fri, Mar 20, 2020 at 6:27 PM Hubert Kario wrote:
> On Friday, 20 March 2020 13:17:48 CET, Dmitry Belyavsky wrote:
> > Hello,
> >
> > I came across wrong naming for some GOST-related stuff in object.txt.
ken quite a bit of stuff, I propose
> that we do a 1.1.1f soon (possibly next Tuesday - 31st March).
>
> Thoughts?
>
I strongly support this idea.
--
SY, Dmitry Belyavsky
ns, it's very inconvenient.
I'd like to fix these issues in the upcoming 3.0 release, so any ideas
about how to deal with it are welcome. Some of this stuff can be fixed on
the engine level, but it's better to avoid misleading naming.
--
SY, Dmitry Belyavsky
Looks great! Many thanks for your efforts!
On Wed, Feb 26, 2020 at 11:13 PM Dr. Matthias St. Pierre <
matthias.st.pie...@ncp-e.com> wrote:
> The OpenSSL Project GitHub has a new landing page:
>
> https://github.com/openssl/openssl
>
> Scroll down. Enjoy.
>
>
>
Dear Richard,
On Fri, Feb 14, 2020 at 1:37 PM Richard Levitte wrote:
> On Fri, 14 Feb 2020 10:41:05 +0100,
> Dmitry Belyavsky wrote:
> >
> >
> > Hello,
> >
> > On Fri, Feb 14, 2020 at 5:30 AM Dr Paul Dale
> wrote:
> >
> > There is some pu
Dear Matt,
On Fri, Feb 14, 2020 at 12:48 PM Matt Caswell wrote:
>
>
> On 14/02/2020 09:41, Dmitry Belyavsky wrote:
> > Hello,
> >
> > On Fri, Feb 14, 2020 at 5:30 AM Dr Paul Dale > <mailto:paul.d...@oracle.com>> wrote:
> >
> > There is
r me, both as open-source and commercial engine developer seems
reasonable to delay conversion from engines to providers at least until
3.0.0 feature freeze happens.
But some features I'm interested in imply engine model (and it will be
great if somebody else could look at PR 10904 to avoid it when possible).
--
SY, Dmitry Belyavsky
_0_0 # 29 Mar 2010
> OPENSSL_NO_DEPRECATED_1_0_1 # 14 Mar 2012
>
--
SY, Dmitry Belyavsky
ew if this is really approval:
> done'. If the approval: done label gets set again then after 24 hours
> the existing automation will trigger. #10786 is a good example of
> this.
>
> Mark
>
--
SY, Dmitry Belyavsky
;
> Welcome David!
>
> Matt
>
--
SY, Dmitry Belyavsky
ughts? Other alternatives?
>
>
> Pauli
> --
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
> Phone +61 7 3031 7217
> Oracle Australia
>
>
--
SY, Dmitry Belyavsky
Sorry. My fault :(
On Tue, 7 Jan 2020, 16:35 Matt Caswell, wrote:
>
>
> On 07/01/2020 13:26, Dmitry Belyavsky wrote:
> > Many thanks!
> >
> > Got it, and I think this should be directly written.
>
> It was!!
>
> beta1, 2020-06-02: Code complete
Many thanks!
Got it, and I think this should be directly written.
On Tue, 7 Jan 2020, 16:05 Matt Caswell, wrote:
>
>
> On 07/01/2020 13:00, Dmitry Belyavsky wrote:
> > When does the feature freeze happen?
> > I'm interested in publishing as much GOST support as pos
When does the feature freeze happen?
I'm interested in publishing as much GOST support as possible.
On Tue, 7 Jan 2020, 14:13 Matt Caswell, wrote:
> Hi all
>
> Myself, Paul, Shane, Richard and Nicola had a conf call today to discuss
> the outstanding tasks and effort required to get us to a fina
Great idea.
пт, 13 дек. 2019 г., 0:31 Dr Paul Dale :
> A red blocker along the lines of: “Triviality Unconfirmed”. One of the
> reviewers needs to remove this before the PR can be merged.
>
> It’s in our face, it prevent accidental merges and its low overhead.
>
>
> Pauli
> --
> Dr Paul Dale | Di
Dear Matt,
On Thu, Dec 12, 2019 at 1:25 PM Matt Caswell wrote:
>
> On 12/12/2019 09:29, Dmitry Belyavsky wrote:
> > - the contributor agreed to sign the CLA and
> > - there was a mark that CLA is signed and
> > - all the necessary approves were present
> > I decid
eader and no CLA on file, it seems
> possible to me that we could push commit all the way through the process
> without the reviewers even realising that the author is claiming
> triviality on the commit.
>
> Not sure what the solution to that is.
>
> Matt
>
--
SY, Dmitry Belyavsky
off-list discusson:
>
>
>
> i=0
>
> while : ; do
>
>((i++))
>
>export MALLOC_FAILURE_CHECKS=${i}@100 openssl foo etc…
>
>test -f core && echo crashed && exit 1
>
> done
>
>
>
>
>
--
SY, Dmitry Belyavsky
Hello,
Observing a series of similar bugs related to a lack of checks of the
malloc return values, I wonder if we could automate the search of these
errors on the compile level (e.g. similar to the __owur macro)?
--
SY, Dmitry Belyavsky
Dear Tim,
Sorry for the delay with the response.
On Thu, Jul 11, 2019 at 2:44 AM Tim Hudson wrote:
> On Thu, Jul 11, 2019 at 12:37 AM Dmitry Belyavsky
> wrote:
>
>> Dear Tim,
>>
>> Formally I am a contributor with a signed CLA.
>> I took a code definitely
L would do if it “took in” code into the source base.
>>
>>
>>
>> So why does the project require permission from other Apache-licensed
>> licensed software? In other words, why will the project not accept and use
>> the rights, covered by copyright and license, that it grants to others?
>>
>>
>>
>
--
SY, Dmitry Belyavsky
suggested by a source tree vote:
>
>~/src/openssl$ find -name '*_lcl.h' | wc -l
>19
> ~/src/openssl$ find -name '*_locl.h' | wc -l
> 30
>
> What's your opinion about renaming of those files?
>
> Matthias
>
>
--
SY, Dmitry Belyavsky
Dear Tim,
As Appendix B to RFC 3492 says
Regarding this entire document or any portion of it (including the
pseudocode and C code), the author makes no guarantees and is not
responsible for any damage resulting from its use. The author
grants
irrevocable permiss
only makes sense in the
> context of the branch it applies to.
>
>
I agree with Matt. For example, a patch providing new functionality cat be
cleanly applicable
to master and stable branches, but if it is applied to a stable branch, it
breaks the policy.
--
SY, Dmitry Belyavsky
lcome our four new committers as announced here:
>
> https://www.openssl.org/blog/blog/2019/05/20/committers/
>
> The new committers are:
>
> Dmitry Belyavsky, Shane Lontis, Tomáš Mráz and Patrick Steuer.
>
> Welcome all!
>
> Matt
>
--
SY, Dmitry Belyavsky
61 matches
Mail list logo