Re: LTS+

2020-10-19 Thread Matt Caswell
On 19/10/2020 15:14, Matt Caswell wrote: > LTS+ releases may contain the following new features: > - Support for additional platforms > - Performance improvements Based on the discussion in PR #13176, I'd like to add to this list: - Extending existing features to existing platfo

LTS+

2020-10-19 Thread Matt Caswell
At the recent Committer and OTC meetings a proposal was discussed to add further clarity to what is allowed in stable releases, and to introduce a new "LTS+" type of release to go alongside the existing LTS release. The idea is that an LTS release is restricted to bug fixes and security fixes

Re: Meaning of no-xxx option

2020-10-19 Thread Matt Caswell
On 18/10/2020 11:19, Richard Levitte wrote: > In summary, the time where no-xxx truly meant that the algorithm xxx > is completely unavailable is long gone. The addition of ENGINEs > changed that... not immediately, but as soon as the ENGINE API got > functionality to help implement

Re: Assigning OpenSSL 3.0.0 beta1 issues

2020-10-14 Thread Matt Caswell
On 14/10/2020 17:08, Salz, Rich wrote: > I am interested in helping out with the deprecation tasks. Should I assume > that Richard's PR to change how it's done will be going in? > I'm not sure which of Richard's PRs you're referring to? Matt

Proposed vote: Drop support for "passwd -crypt"

2020-10-13 Thread Matt Caswell
The OTC recently adopted a list of technical items still to be done which included this item: - Proposal: drop passwd -crypt (OMC vote required) The passwd application contains the option "-crypt" which provides an implementation for the traditional UNIX password encryption scheme based on

Proposed vote: Drop C code output options from the apps

2020-10-13 Thread Matt Caswell
The OTC recently adopted a list of technical items still to be done which included this item: Drop C code output options from the apps (OMC approval required). Examples of this include the "-C" options to dhparam, dsaparam and ecparam applications. This provides the ability to convert parameters

Re: Alpha releases

2020-10-13 Thread Matt Caswell
On 07/10/2020 17:36, Matt Caswell wrote: > This vote has now started. I'll post here with the results once its > complete. This vote has now closed and was accepted: +1: 6: 0: 0 -1: 0 No vote: 1 Matt > > Matt > > On 06/10/2020 13:12, Matt Caswell wrote: >&g

Re: VOTE: Technical Items still to be done

2020-10-13 Thread Matt Caswell
I have just close this vote. The final result was: accepted: yes (for: 8, against: 0, abstained: 0, not voted: 3) Matt On 08/10/2020 15:47, Matt Caswell wrote: > topic: The following items are required prerequisites for the first beta > release: > 1) EVP is the recommended API

Monthly Status Report (September)

2020-10-12 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Continued work on and eventually merged a PR to add an HMAC implementation that was TLS aware - Managed the response to the Raccoon Attack and the

Re: OTC VOTE: The PR #11359 (Allow to continue with further checks on UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch

2020-10-12 Thread Matt Caswell
On 11/10/2020 11:34, Nicola Tuveri wrote: > I am basing my vote on the feedback provided by @DDvO [0] and @t8m [1]. > In particular I am convinced to vote in favor, as I can see this as a > bug fix, fixing an undocumented inconsistency, and that it is very > unlikely it would affect existing

Re: OTC VOTE: The PR #11359 (Allow to continue with further checks on UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch

2020-10-12 Thread Matt Caswell
-1 On 09/10/2020 13:02, Tomas Mraz wrote: > topic: The PR #11359 (Allow to continue with further checks on > UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch > As the change is borderline on bug fix/behaviour change OTC needs > to decide whether it is acceptable for 1.1.1 branch.

Re: VOTE: Weekly OTC meetings until 3.0 beta1 is released

2020-10-09 Thread Matt Caswell
+1 On 09/10/2020 13:00, Nicola Tuveri wrote: > topic: Hold online weekly OTC meetings starting on Tuesday 2020-10-13 >and until 3.0 beta1 is released, in lieu of the weekly "developer >meetings". > Proposed by Nicola Tuveri > Public: yes > opened: 2020-10-09 > closed: 2020-mm-dd >

Re: VOTE: Technical Items still to be done

2020-10-08 Thread Matt Caswell
the vote. I've corrected it in votes.txt. Matt On 08/10/2020 15:47, Matt Caswell wrote: > topic: The following items are required prerequisites for the first beta > release: > 1) EVP is the recommended API, it must be feature-complete compared with > the functionality available

VOTE: Technical Items still to be done

2020-10-08 Thread Matt Caswell
topic: The following items are required prerequisites for the first beta release: 1) EVP is the recommended API, it must be feature-complete compared with the functionality available using lower-level APIs. - Anything that isn’t available must be put to an OTC vote to exclude. - The

Re: Vote proposal: Technical items still to be done

2020-10-08 Thread Matt Caswell
when considering how to vote - but I don't think change the vote text itself - so I've not made any changes in response to those things. I'll shortly start this vote. Matt On 07/10/2020 12:35, Matt Caswell wrote: > I had an action from the OTC meeting today to raise a vote on the OTC >

VOTE: Accept the Fully Pluggable TLSv1.3 KEM functionality

2020-10-08 Thread Matt Caswell
topic: We should accept the Fully Pluggable TLSv1.3 KEM functionality as shown in PR #13018 into the 3.0 release Proposed by Matt Caswell Public: yes opened: 2020-10-08 closed: 2020-mm-dd accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) Matt [+1] Mark

Re: Vote proposal: Technical items still to be done

2020-10-08 Thread Matt Caswell
On 07/10/2020 19:07, Kurt Roeckx wrote: > On Wed, Oct 07, 2020 at 12:35:28PM +0100, Matt Caswell wrote: >> The following items are required prerequisites for the first beta release: > [...] >> * Address 3.0beta1 milestones. > > So we now have a list here, wit

Re: Alpha releases

2020-10-07 Thread Matt Caswell
This vote has now started. I'll post here with the results once its complete. Matt On 06/10/2020 13:12, Matt Caswell wrote: > The OTC meeting today discussed making further alpha releases while we > continue to work towards getting to beta 1. It was proposed that we > release alpha 7 on

Re: Vote proposal: Private keys can exist independently of public keys

2020-10-07 Thread Matt Caswell
pointer >> check or guaranteed non-NULL from any caller. >> To change the long documented assumption, we commit to improve test >> coverage of all public functions directly or indirectly triggering >> potential access to public key components, to prevent the risk of us

Vote proposal: Technical items still to be done

2020-10-07 Thread Matt Caswell
I had an action from the OTC meeting today to raise a vote on the OTC list of technical items still to be done. Here is my proposed vote text. There will be a subsequent vote on the "beta readiness checklist" which is a separate list. Feedback please on the proposed vote text below. The

Vote proposal: Private keys can exist independently of public keys

2020-10-07 Thread Matt Caswell
Issue #12612 exposes a problem with how we handle keys that contain private components but not public components. There is a widespread assumption in the code that keys with private components must have public components. There is text in our public documentation that states this (and that text

Vote proposal: Accept the Fully Pluggable TLSv1.3 KEM into 3.0

2020-10-07 Thread Matt Caswell
I'm proposing the following vote text: We should accept the Fully Pluggable TLSv1.3 KEM functionality as shown in PR #13018 into the 3.0 release Feedback please on the vote proposal before I start the vote. Matt

Re: Alpha releases

2020-10-06 Thread Matt Caswell
On 06/10/2020 15:53, Salz, Rich wrote: > Is it the project's understanding that Alpha and Beta releases are, in fact, > capital-R releases and therefore subject to OMC? > That seems weird to me. Yes - that is the case at the moment. Matt

Alpha releases

2020-10-06 Thread Matt Caswell
The OTC meeting today discussed making further alpha releases while we continue to work towards getting to beta 1. It was proposed that we release alpha 7 on Thursday 15h October and then regularly on a 3 weekly basis thereafter until such time as beta 1 is ready. This will need to be an OMC

Re: Tracking important issues

2020-10-05 Thread Matt Caswell
On 04/10/2020 15:22, Kurt Roeckx wrote: > On Wed, Sep 23, 2020 at 08:51:28PM +0200, Kurt Roeckx wrote: >> Hi, >> >> I would like to have a system so that we can tag issues as >> important. But I think they fall in a few categories: >> - Features for the next minor/major release (so 3.1 or 4.0)

Re: Add 'OpenSSL Technical Policies' page to openssl.org?

2020-09-28 Thread Matt Caswell
Works for me. Matt On 28/09/2020 16:53, Dr. Matthias St. Pierre wrote: > Hi, > > Pauli added the following action item for me to the OTC vF2F spreadsheet: > >> Matthias: create web PR for OTC voting policy. > > I wouldn't mind to add the content, but currently there seems to be no >

Re: Reordering new API's that have a libctx, propq

2020-09-21 Thread Matt Caswell
On 21/09/2020 10:59, Matt Caswell wrote: > > > On 16/09/2020 16:56, Matt Caswell wrote: >>> "Adopt the coding style policy on function arguments as shown in chapter >>> 6.1 of web PR 194 (commit 7b45b46d71f)" > > This vote failed: > >

Re: Reordering new API's that have a libctx, propq

2020-09-21 Thread Matt Caswell
On 16/09/2020 16:56, Matt Caswell wrote: >> "Adopt the coding style policy on function arguments as shown in chapter >> 6.1 of web PR 194 (commit 7b45b46d71f)" This vote failed: accepted: no (for: 2, against: 5, abstained: 2, not voted: 2) >> >> "Ado

Re: Status of the remaining beta1 PRs

2020-09-18 Thread Matt Caswell
On 18/09/2020 16:59, Tomas Mraz wrote: > On Fri, 2020-09-18 at 16:24 +0100, Matt Caswell wrote: >> >> 1 PR which is in a state of "its unclear what we do with this": >> [WIP] Rename some XXX_ex() related methods to XXX_with_libctx() >> https://

Status of the remaining beta1 PRs

2020-09-18 Thread Matt Caswell
As of right now we have 13 PRs with the beta1 milestone against them. Of these there are 4 which really need our focused attention. These are 2 PRs which are in a state of "written but still in review": WIP: Implement Provider side SM2 Asymmetric Cipher support

Re: 3.0 beta 1 milestone

2020-09-18 Thread Matt Caswell
On 18/09/2020 08:26, Richard Levitte wrote: > On Thu, 17 Sep 2020 15:57:52 +0200, > Tomas Mraz wrote: >> I do not think the milestone should include nice-to-have items. > > Another view is that beta 1 is feature freeze. If those nice to have > items are characterized as new features, then it

3.0 beta 1 milestone

2020-09-17 Thread Matt Caswell
There's been quite a number of PRs added to the 3.0 beta 1 milestone. Within the PRs there are a couple of bug fixes: https://github.com/openssl/openssl/pull/12884 https://github.com/openssl/openssl/pull/12874 IMO these would be really nice to get into beta 1, but they should not be considered

Re: Reordering new API's that have a libctx, propq

2020-09-16 Thread Matt Caswell
On 15/09/2020 12:25, Matt Caswell wrote: > I plan to start two OTC votes on this tomorrow with the following wording: These votes have now commenced. I'll report back with the results when they are known. Matt > > "Adopt the coding style policy on function arguments as sh

Re: stable branch release cadence

2020-09-15 Thread Matt Caswell
On 15/09/2020 23:10, Tim Hudson wrote: > The OMC voted to: > > /Release stable branch on the second last Tuesday of the last month in > each quarter as a regular cadence./ > > The vote passed. > For: 6, against: 9, abstained 0, not voted: 1 That should say against: 0 ;-) Matt > > Thanks,

Forthcoming OpenSSL Release

2020-09-15 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1h. This release will be made available on Tuesday 22nd September 2020 between 1300-1700 UTC. OpenSSL 1.1.h is a bug-fix release. There are no CVEs

Re: Reordering new API's that have a libctx, propq

2020-09-15 Thread Matt Caswell
On 14/09/2020 11:30, Matt Caswell wrote: > In order to try and move this discussion forward I have made a concrete > proposal for how we should formulate the various ideas in this thread > into an actual style. Please see here: > > https://github.com/openssl/web/pull/194 I've

Re: SM2 asymmetric encryption

2020-09-15 Thread Matt Caswell
I have started this vote and will report back when I have an answer. Matt On 14/09/2020 09:18, Matt Caswell wrote: > Currently, 1.1.1 supports SM2 asymmetric encryption. Real world use of > this is currently believed to be low (IIUC it is mainly useful for SM2 > in TLS, which we don'

Re: OTC vote on PR11188

2020-09-14 Thread Matt Caswell
This vote is now closed (actually it closed last week but I forgot to report it). The vote was not accepted: for: 0, against: 8, abstained: 3, not voted: 0 On 27/08/2020 11:06, Matt Caswell wrote: > FYI, I have initiated the following vote on PR11188. Please see the > comments in t

Re: Reordering new API's that have a libctx, propq

2020-09-14 Thread Matt Caswell
On 14/09/2020 13:14, Tim Hudson wrote: > On Mon, Sep 14, 2020 at 9:52 PM Matt Caswell <mailto:m...@openssl.org>> wrote: > > > And that is the point - this is not how the existing CTX functions > work > > (ignoring the OPENSSL_CTX stuff). > >

Re: Reordering new API's that have a libctx, propq

2020-09-14 Thread Matt Caswell
On 14/09/2020 12:46, Tim Hudson wrote: > On Mon, Sep 14, 2020 at 9:19 PM Matt Caswell <mailto:m...@openssl.org>> wrote: > > I must be misunderstanding your point because I don't follow your logic > at all. > > So this is the correct form acco

Re: Reordering new API's that have a libctx, propq

2020-09-14 Thread Matt Caswell
On 14/09/2020 11:30, Matt Caswell wrote: > In order to try and move this discussion forward I have made a concrete > proposal for how we should formulate the various ideas in this thread > into an actual style. Please see here: > > https://github.com/openssl/web/pull/194 &

Re: Reordering new API's that have a libctx, propq

2020-09-14 Thread Matt Caswell
On 14/09/2020 11:52, Tim Hudson wrote: > Any proposal needs to deal with the constructors consistently - whether > they come from an OPENSSL_CTX or they come from an existing TYPE_CTX. > That is absent in your PR. > > Basically this leads to the ability to provide inconsistent argument > order

Re: Reordering new API's that have a libctx, propq

2020-09-14 Thread Matt Caswell
In order to try and move this discussion forward I have made a concrete proposal for how we should formulate the various ideas in this thread into an actual style. Please see here: https://github.com/openssl/web/pull/194 Since we're not yet fully in agreement some compromises will have to be

SM2 asymmetric encryption

2020-09-14 Thread Matt Caswell
Currently, 1.1.1 supports SM2 asymmetric encryption. Real world use of this is currently believed to be low (IIUC it is mainly useful for SM2 in TLS, which we don't current support). A discussion in PR #12536 is proposing to drop this feature from 3.0 (possibly to re-introduce it in some later

Re: New GitHub label for release blockers

2020-09-13 Thread Matt Caswell
On 13/09/2020 15:16, Nicola Tuveri wrote: > ... I still have very confused ideas regarding the "best" conventional > usage of github features like labels, milestones and projects: I read > the official documentation about them and I grasp the general ideas > behind them, but too often the

Monthly Status Report (August)

2020-09-11 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Raised PR to replace the legacy KDF bridge with a provider based KDF bridge - Continued work on and merged a fix to ensure that the default config

Re: Beta1 PR deadline

2020-09-10 Thread Matt Caswell
On 10/09/2020 11:40, Matt Caswell wrote: > > > On 09/09/2020 13:03, Kurt Roeckx wrote: >> On Wed, Aug 26, 2020 at 04:58:26PM +0100, Matt Caswell wrote: >>> Please can anyone with PRs that they wish to have included in OpenSSL >>> 3.0 beta1 ensure that

Re: Beta1 PR deadline

2020-09-10 Thread Matt Caswell
On 09/09/2020 13:03, Kurt Roeckx wrote: > On Wed, Aug 26, 2020 at 04:58:26PM +0100, Matt Caswell wrote: >> Please can anyone with PRs that they wish to have included in OpenSSL >> 3.0 beta1 ensure that they are merged to master by 8th September. > > So that date has pa

OpenSSL is looking for a full time Administrator and Manager

2020-09-05 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL Management Committee are looking to hire a full time Administrator and Manager. Details of the role can be found here: https://www.openssl.org/blog/blog/2020/09/05/OpenSSL.ProjectAdminRole/ To apply please send your cover letter and

OTC vote on PR11188

2020-08-27 Thread Matt Caswell
for backport to 1.1.1 Proposed by Matt Caswell Public: yes opened: 2020-08-27 closed: 2020-mm-dd Matt

Re: Beta1 PR deadline

2020-08-26 Thread Matt Caswell
On 26/08/2020 17:02, Salz, Rich wrote: >>Please can anyone with PRs that they wish to have included in OpenSSL > 3.0 beta1 ensure that they are merged to master by 8th September. > > And how are non-committers supposed to do that > In the same way as normal. Ensure your PRs are

Beta1 PR deadline

2020-08-26 Thread Matt Caswell
Hi all The OMC had a meeting today. Please can anyone with PRs that they wish to have included in OpenSSL 3.0 beta1 ensure that they are merged to master by 8th September. Note in particular that there is no PR at the moment to incorporate SM2 asymmetric encryption into OpenSSL 3.0. This

Monthly Status Report (July)

2020-08-12 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Continued and completed work on PR to fix CMP related msan failures - Continued and completed work on moving TLS CBC code into the providers -

Re: RAND_DRBG

2020-07-27 Thread Matt Caswell
I'm ok with option 1 (but it will require a vote). I think the percentage of our user base that are using the existing API is sufficiently close to zero that we're not breaking our compatibility promises. Matt On 27/07/2020 02:08, Dr Paul Dale wrote: > The RAND_DRBG (crypto/rand/drbg_lib) APIs

Re: API renaming

2020-07-23 Thread Matt Caswell
On 23/07/2020 16:52, Richard Levitte wrote: > On Thu, 23 Jul 2020 12:18:10 +0200, > Dr Paul Dale wrote: >> There has been a suggestion to rename EVP_RAND to OSSL_RAND. This seems >> reasonable. Would it >> also make sense to rename the other new APIs similarly. >> More specifically, EVP_MAC

Monthly Status Report (June)

2020-07-09 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Continued work on and subsequently merged PR 11834 to check signature algorithms are available before offering or accepting them - Continued work

Re: Cherry-pick proposal

2020-07-09 Thread Matt Caswell
On 02/06/2020 15:29, Matt Caswell wrote: > > There's been no further discussion on this for quite a while, so I will > start an OTC vote based on the vote text proposed by Matthias and report > back the results here. Sorry, I forgot to report back. The final result was: +1: 4 -1:

Re: Naming conventions

2020-07-06 Thread Matt Caswell
On 06/07/2020 07:41, Richard Levitte wrote: > On Fri, 03 Jul 2020 11:25:37 +0200, > Matt Caswell wrote: >> On 19/06/2020 08:15, Tomas Mraz wrote: >>> to something like: >>> >>> int EVP_MacInit(EVP_MAC_CTX *ctx); >>> >>> int

Re: Naming conventions

2020-07-03 Thread Matt Caswell
On 19/06/2020 08:15, Tomas Mraz wrote: > to something like: > > int EVP_MacInit(EVP_MAC_CTX *ctx); > > int EVP_MacUpdate(EVP_MAC_CTX *ctx, const unsigned char *data, size_t > datalen); > > int EVP_MacFinal(EVP_MAC_CTX *ctx, unsigned char *out, size_t *outl, size_t > outsize); > >

New blog post

2020-06-30 Thread Matt Caswell
I've just published a new blog post by Nicola on the alpha 4 release. You can read it here: https://www.openssl.org/blog/blog/2020/06/25/OpenSSL3.0Alpha4/ Thanks Nicola! Matt

Re: Backports to 1.1.1 and what is allowed

2020-06-25 Thread Matt Caswell
On 25/06/2020 15:33, Nicola Tuveri wrote: > In light of how the discussion evolved I would say that not only there > is consensus on supporting the definition of a detailed policy on > backports and the definitions of what are the requirements for regular > releases vs LTS releases (other than

Re: Backports to 1.1.1 and what is allowed

2020-06-22 Thread Matt Caswell
On 20/06/2020 01:11, Tim Hudson wrote: > I suggest everyone takes a read through  > https://en.wikipedia.org/wiki/Long-term_support as to what LTS is > actually meant to be focused on. > > What you (Ben and Matt) are both describing is not LTS but STS ... these > are different concepts. > >

Re: Backports to 1.1.1 and what is allowed

2020-06-19 Thread Matt Caswell
On 19/06/2020 22:58, Kurt Roeckx wrote: > On Fri, Jun 19, 2020 at 10:29:24PM +0100, Matt Caswell wrote: >> >> My immediate reaction to that is no - it shouldn't go to 1.1.1. That >> would impact a very high proportion of our user base. > > So is risk an importa

Re: Backports to 1.1.1 and what is allowed

2020-06-19 Thread Matt Caswell
On 19/06/2020 23:34, Tim Hudson wrote: > > > On Sat, 20 Jun 2020, 8:14 am Benjamin Kaduk, > wrote: > > On Sat, Jun 20, 2020 at 08:11:16AM +1000, Tim Hudson wrote: > > The general concept is to only fix serious bugs in stable releases. > > Increasing

Re: Backports to 1.1.1 and what is allowed

2020-06-19 Thread Matt Caswell
On 19/06/2020 21:42, Kurt Roeckx wrote: > I think one other thing that has come up is adding support for a > new target, which can just be some small change to configuration > files. Is that something we want to accept? I think previously we have said that a new target is a new feature and

Re: Naming conventions

2020-06-18 Thread Matt Caswell
On 18/06/2020 13:03, Richard Levitte wrote: > > Okie, if we're going to start this discussion with taking a stand, I > guess I'll declare that while I initially had the exact same concern, > I now see this change in a positive light. This comment from #11997 > got me to change my mind: > >

Naming conventions

2020-06-18 Thread Matt Caswell
PRs #11996 and #11997 made some changes to the EVP_MAC and EVP_KDF API naming conventions. Specifically (in the MAC case) renaming: EVP_MAC_CTX_new -> EVP_MAC_new_ctx EVP_MAC_CTX_free -> EVP_MAC_free_ctx EVP_MAC_CTX_dup -> EVP_MAC_dup_ctx EVP_MAC_CTX_mac -> EVP_MAC_get_ctx_mac

Re: Reducing the security bits for MD5 and SHA1 in TLS

2020-06-18 Thread Matt Caswell
rt Roeckx, <mailto:k...@roeckx.be>> wrote: > > On Wed, May 27, 2020 at 12:14:13PM +0100, Matt Caswell wrote: > > PR 10787 proposed to reduce the number of security bits for MD5 > and SHA1 > > in TLS (master branch only, i.e. OpenSSL 3.0): > &

Backports to 1.1.1 and what is allowed

2020-06-16 Thread Matt Caswell
PR 11188 proposes to backport a series of s390x patches to the 1.1.1 branch. IIUC it includes performance improvements as well as support for new hardware instructions. I think we need to have a much clearer and more explicit policy about exactly what is allowed to be backported to a stable

Monthly Status Report (May)

2020-06-11 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Investigated a mysterious perl crash during Configure on some platforms - Attended regular weekly dev team calls, and fortnightly FIPS sponsor

addrev warning

2020-06-08 Thread Matt Caswell
After upgrading Ubuntu over the weekend I'm suddenly seeing this warning from addrev. Is anyone else getting this? WARNING: git-filter-branch has a glut of gotchas generating mangled history rewrites. Hit Ctrl-C before proceeding to abort, then use an alternative filtering tool

Alpha 3 Blog post

2020-06-05 Thread Matt Caswell
Nicola's latest blog post on the Alpha 3 release has just been published. You can read it here: https://www.openssl.org/blog/blog/2020/06/05/OpenSSL3.0Alpha3/ Matt

Re: Cherry-pick proposal

2020-06-02 Thread Matt Caswell
On 29/04/2020 14:28, Dr. Matthias St. Pierre wrote: > - First, a pull request needs to be opened against the master branch for > discussion. > >   Only after that pull request has received the necessary amount of > approvals, > >   a separate pull request can be opened  against the >

Re: Reducing the security bits for MD5 and SHA1 in TLS - OTC or OMC vote?

2020-05-27 Thread Matt Caswell
On 27/05/2020 15:33, Tomas Mraz wrote: > On Wed, 2020-05-27 at 14:16 +, Dr. Matthias St. Pierre wrote: >>> IMO it seems appropriate to have an OMC vote on this topic (or >>> should it >>> be OTC?). Possible wording: >> >> Personally, I would prefer if technical questions would by default be

Reducing the security bits for MD5 and SHA1 in TLS

2020-05-27 Thread Matt Caswell
PR 10787 proposed to reduce the number of security bits for MD5 and SHA1 in TLS (master branch only, i.e. OpenSSL 3.0): https://github.com/openssl/openssl/pull/10787 This would have the impact of meaning that TLS < 1.2 would not be available in the default security level of 1. You would have to

Alpha2 blog post

2020-05-19 Thread Matt Caswell
Nicola has kindly written another blog post for us - this time on the alpha 2 release. I've just published it, and you can read it here: https://www.openssl.org/blog/blog/2020/05/16/OpenSSL3.0Alpha2/ Matt

Re: Repo is frozen

2020-05-15 Thread Matt Caswell
The release is now complete, and the repo is unfrozen. Matt On 14/05/2020 18:52, Matt Caswell wrote: > The repo is frozen is readiness for the alpha2 release. > > I'll let you know when it is available again. > > Matt >

Repo is frozen

2020-05-14 Thread Matt Caswell
The repo is frozen is readiness for the alpha2 release. I'll let you know when it is available again. Matt

Re: Alpha2

2020-05-13 Thread Matt Caswell
On 08/05/2020 09:55, Matt Caswell wrote: > Various OpenSSL 3.0 developers met (virtually) on Tuesday to discuss > current progress. It was proposed that we should do the Alpha 2 release > next week (on Thursday 14th May). Unless I hear objections otherwise, I > plan to go with that. I

Alpha2

2020-05-08 Thread Matt Caswell
Various OpenSSL 3.0 developers met (virtually) on Tuesday to discuss current progress. It was proposed that we should do the Alpha 2 release next week (on Thursday 14th May). Unless I hear objections otherwise, I plan to go with that. Matt

Re: Unexpected EOF handling

2020-05-07 Thread Matt Caswell
On 07/05/2020 20:28, Dmitry Belyavsky wrote: > From my point of view, if we don't revert the change for the sake of API > clarity, we need to provide an option restoring old behaviour at least > for test purposes. Presumably nginx can already handle the situation where a close_notify *is*

Monthly Status Report (April)

2020-05-07 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Ongoing review work on the CMP contribution - Fixed some issues with the XTS documentation - Updated WPACKET to be able to do "end first" writing

Re: Technically an API break

2020-05-07 Thread Matt Caswell
On 07/05/2020 16:02, Brian Smith wrote: > This kind of change might cause memory unsafety issues unless the > application is recompiled. At least, it's worth investigating that. > > On most platforms the ABI of a function that returns `void` and one that > returns `int` is the same, from the

Re: Unexpected EOF handling

2020-05-07 Thread Matt Caswell
On 07/05/2020 12:22, Kurt Roeckx wrote: > So I think we need at least to agree on: > - Do we want an option that makes the unexpected EOF either a fatal > error or a non-fatal error? > - Which error should we return? This is an excellent summary of the current situation. I am not keen on

Technically an API break

2020-05-07 Thread Matt Caswell
PR11589 makes a change to the public API function `SSL_set_record_padding_callback` to change its return type from void to int: https://github.com/openssl/openssl/pull/11589 This is technically an API break - but it doesn't seem too serious. It's possible, I suppose, that existing applications

Re: Stale PR stats @May01

2020-05-01 Thread Matt Caswell
This is really nice! Thanks Mark. Matt On 01/05/2020 08:52, Mark J Cox wrote: > Last month I started a script to ping stale PRs that were in certain > states. The script has also been collecting statistics (trending and > snapshot). I intend to post this monthly and after a few months with >

Cherry-pick proposal

2020-04-29 Thread Matt Caswell
The OTC have received this proposal and a request that we vote on it: I would like to request that we do not allow cherry-picks between master and 1.1.1-stable because these two versions are now very different, if a cherry-pick succeeds, there is no guarantee that the result will work. Because

Re: Alpha1

2020-04-23 Thread Matt Caswell
On 22/04/2020 13:53, Matt Caswell wrote: > > > On 22/04/2020 02:46, Benjamin Kaduk wrote: >> On Tue, Apr 21, 2020 at 11:10:19AM +0100, Matt Caswell wrote: >>> The 3.0 developers met via conference call this morning. All the >>> functionality that we had planne

Re: 3.0 wiki page

2020-04-23 Thread Matt Caswell
Fantastic to see that 6 different authors have made contributions to this page! Matt On 22/04/2020 17:31, Matt Caswell wrote: > The 3.0 wiki page is starting to look good: > > https://wiki.openssl.org/index.php/OpenSSL_3.0 > > I'd appreciate it if people could give it a read

3.0 wiki page

2020-04-22 Thread Matt Caswell
The 3.0 wiki page is starting to look good: https://wiki.openssl.org/index.php/OpenSSL_3.0 I'd appreciate it if people could give it a read through before the alpha 1 release tomorrow and make any amendments or corrections as appropriate. Thanks! Matt

Re: Alpha1

2020-04-22 Thread Matt Caswell
On 22/04/2020 02:46, Benjamin Kaduk wrote: > On Tue, Apr 21, 2020 at 11:10:19AM +0100, Matt Caswell wrote: >> The 3.0 developers met via conference call this morning. All the >> functionality that we had planned for alpha 1 has now been merged, so we >> are now thi

Re: Repo is frozen

2020-04-21 Thread Matt Caswell
Repo is now unfrozen. I'm planning on freezing it again tomorrow, ready for the alpha1 release on Thursday. Matt On 21/04/2020 10:23, Matt Caswell wrote: > FYI, the repo is currently frozen in preparation for the release today. > I'll let you know when its unfrozen again. > > Matt >

Alpha1

2020-04-21 Thread Matt Caswell
The 3.0 developers met via conference call this morning. All the functionality that we had planned for alpha 1 has now been merged, so we are now thinking that we will do the alpha 1 release on Thursday this week. That would imply a repo freeze tomorrow. Thoughts/opinions/objections to this

Repo is frozen

2020-04-21 Thread Matt Caswell
FYI, the repo is currently frozen in preparation for the release today. I'll let you know when its unfrozen again. Matt

Forthcoming OpenSSL Release

2020-04-14 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1g. This release will be made available on Tuesday 21st April 2020 between 1300-1700 UTC. OpenSSL 1.1.g is a security-fix release. The highest severity

Re: Revisiting tradition: branches and tags

2020-04-13 Thread Matt Caswell
On 11/04/2020 10:53, Dr. Matthias St. Pierre wrote: > I love the new naming scheme, in particular the fact that it's all-lowercase > and does not > mix dashes and underscores anymore. I don't recall how often I cursed about > the current > scheme which is so typer unfriendly. > > I'd like to

OpenSSL 3.0 and FIPS talk

2020-04-08 Thread Matt Caswell
I recently gave a talk at the RSA Conference with Ashit Vora from Acumen Security about OpenSSL 3.0 and FIPS. The conference have just posted the audio and slides here if you are interested: https://www.rsaconference.com/usa/agenda/openssl-and-fips-they-are-back-together Matt

Monthly Status Report (March)

2020-04-03 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Ongoing reviews of the CMP contribution - Clarified the docs around usage of EVP_PKEY_get_raw_*_key() - Provided some tweaks/fixes to the

Critical Path and Dependencies for Alpha1

2020-03-31 Thread Matt Caswell
Please see attached for what I believe is the critical path as well as the key dependencies for Alpha 1. Please let me know of any errors or omissions. Matt

Forthcoming OpenSSL Release

2020-03-28 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1f. This release will be made available on Tuesday 31st March 2020 between 1200-1600 UTC. This is a bug fix only release. Yours The OpenSSL Project

  1   2   3   4   >