Re: OpenSSL version 3.0.0-alpha1 published

2020-05-01 Thread SHANE LONTIS
Thanks..

I will take a look.

Shane


> On 2 May 2020, at 2:20 am, Guido Vranken  wrote:
> 
> Reminder that in git master and 3.0.0, CAST5 gives the wrong output: 
> https://github.com/openssl/openssl/issues/11459 
> <https://urldefense.com/v3/__https://github.com/openssl/openssl/issues/11459__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW8-_IyeNA$>
>  (this proof of concept was made before you moved CAST5 to liblegacy, so just 
> put OSSL_PROVIDER_load(nullptr, "legacy"); in there to make it work)
> 
> On Thu, Apr 23, 2020 at 4:30 PM OpenSSL  <mailto:open...@openssl.org>> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> 
>OpenSSL version 3.0 alpha 1 released
>
> 
>OpenSSL - The Open Source toolkit for SSL/TLS
>https://www.openssl.org/ 
> <https://urldefense.com/v3/__https://www.openssl.org/__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW_5-CyQ9A$>
> 
>OpenSSL 3.0 is currently in alpha.
> 
>OpenSSL 3.0 alpha 1 has now been made available.
> 
>Note: This OpenSSL pre-release has been provided for testing ONLY.
>It should NOT be used for security critical purposes.
> 
>Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well
>as known issues are available on the OpenSSL Wiki, here:
> 
> https://wiki.openssl.org/index.php/OpenSSL_3.0 
> <https://urldefense.com/v3/__https://wiki.openssl.org/index.php/OpenSSL_3.0__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW-bIUG0bA$>
> 
>The alpha release is available for download via HTTPS and FTP from the
>following master locations (you can find the various FTP mirrors under
>https://www.openssl.org/source/mirror.html 
> <https://urldefense.com/v3/__https://www.openssl.org/source/mirror.html__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW93LR6hVw$>):
> 
>  * https://www.openssl.org/source/ 
> <https://urldefense.com/v3/__https://www.openssl.org/source/__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW9-9-zFpQ$>
>  * ftp://ftp.openssl.org/source/ 
> <https://urldefense.com/v3/__ftp://ftp.openssl.org/source/__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW_pL9OONQ$>
> 
>The distribution file name is:
> 
> o openssl-3.0.0-alpha1.tar.gz
>   Size: 9530120
>   SHA1 checksum:  4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06
>   SHA256 checksum:  
> 9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57
> 
>The checksums were calculated using the following commands:
> 
> openssl sha1 openssl-3.0.0-alpha1.tar.gz
> openssl sha256 openssl-3.0.0-alpha1.tar.gz
> 
>Please download and check this $LABEL release as soon as possible.
>To report a bug, open an issue on GitHub:
> 
> https://github.com/openssl/openssl/issues 
> <https://urldefense.com/v3/__https://github.com/openssl/openssl/issues__;!!GqivPVa7Brio!KZB-yqnb-lavPS0QU0YMDCJHPWYVDZTvtki0jN4zOd40AGRcKabolTvarW9kVR-zoA$>
> 
>Please check the release notes and mailing lists to avoid duplicate
>reports of known issues. (Of course, the source is also available
>on GitHub.)
> 
>Yours,
> 
>The OpenSSL Project Team.
> 
> -BEGIN PGP SIGNATURE-
> 
> iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g
> RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk
> I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E
> cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8
> hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll
> Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F
> hIr11rxXNxtBRKUSlOUyJATZn0sV6g==
> =uRpM
> -END PGP SIGNATURE-



Re: OpenSSL version 3.0.0-alpha1 published

2020-05-01 Thread Guido Vranken
Reminder that in git master and 3.0.0, CAST5 gives the wrong output:
https://github.com/openssl/openssl/issues/11459 (this proof of concept was
made before you moved CAST5 to liblegacy, so just put
OSSL_PROVIDER_load(nullptr, "legacy"); in there to make it work)

On Thu, Apr 23, 2020 at 4:30 PM OpenSSL  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
>OpenSSL version 3.0 alpha 1 released
>
>
>OpenSSL - The Open Source toolkit for SSL/TLS
>https://www.openssl.org/
>
>OpenSSL 3.0 is currently in alpha.
>
>OpenSSL 3.0 alpha 1 has now been made available.
>
>Note: This OpenSSL pre-release has been provided for testing ONLY.
>It should NOT be used for security critical purposes.
>
>Specific notes on upgrading to OpenSSL 3.0 from previous versions, as
> well
>as known issues are available on the OpenSSL Wiki, here:
>
> https://wiki.openssl.org/index.php/OpenSSL_3.0
>
>The alpha release is available for download via HTTPS and FTP from the
>following master locations (you can find the various FTP mirrors under
>https://www.openssl.org/source/mirror.html):
>
>  * https://www.openssl.org/source/
>      * ftp://ftp.openssl.org/source/
>
>The distribution file name is:
>
> o openssl-3.0.0-alpha1.tar.gz
>   Size: 9530120
>   SHA1 checksum:  4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06
>   SHA256 checksum:
> 9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57
>
>The checksums were calculated using the following commands:
>
> openssl sha1 openssl-3.0.0-alpha1.tar.gz
> openssl sha256 openssl-3.0.0-alpha1.tar.gz
>
>Please download and check this $LABEL release as soon as possible.
>To report a bug, open an issue on GitHub:
>
> https://github.com/openssl/openssl/issues
>
>Please check the release notes and mailing lists to avoid duplicate
>reports of known issues. (Of course, the source is also available
>on GitHub.)
>
>Yours,
>
>The OpenSSL Project Team.
>
> -BEGIN PGP SIGNATURE-
>
> iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g
> RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk
> I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E
> cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8
> hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll
> Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F
> hIr11rxXNxtBRKUSlOUyJATZn0sV6g==
> =uRpM
> -END PGP SIGNATURE-
>


Re: OpenSSL version 3.0.0-alpha1 published

2020-04-29 Thread Sergio NNX
  *   Windows 10 x64

  *   GCC 8.3.0 x86_64

$ openssl version -a

OpenSSL 3.0.0-alpha1 "23 Apr 2020" (Library: OpenSSL 3.0.0-alpha1 "23 Apr 2020")
built on: Fri Apr 24 18:14:53 2020 UTC
platform: mingw64
options:  bn(64,64)
compiler: /mingw/bin/gcc.exe -m64 -DWINVER=0x0501 -D_WIN32_WINNT=0x0501 
-D_WIN32_IE=0x0501 -D__PTW32_STATIC_LIB -D__PTW32_CLEANUP_C -m64 -O2 -pipe 
-mms-bitfields -fno-builtin -march=core2 -mtune=core2 -DL_ENDIAN 
-DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DUNICODE -D_UNICODE 
-DWIN32_LEAN_AND_MEAN -D_MT -DZLIB -DNDEBUG -I/mingw/x86_64-pc-mingw32/include 
-I/mingw/x86_64-pc-mingw32/include/directx -I/mingw/include
OPENSSLDIR: "C:/OpenSSL"
ENGINESDIR: "C:/MinGW/lib/engines-3"
MODULESDIR: "C:/MinGW/lib/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0x7ffaf3bfffeb:0x29c67af


Some issued found:

on.obj crypto/cversion.c
In file included from include/openssl/macros.h:11,
 from include/openssl/opensslconf.h:14,
 from include/openssl/macros.h:10,
 from include/openssl/crypto.h:15,
 from include/internal/cryptlib.h:23,
 from crypto/cversion.c:10:
crypto/cversion.c: In function 'OpenSSL_version':
include/openssl/opensslv.h:91:54: error: expected ';' before numeric constant
 # define OPENSSL_VERSION_TEXT "OpenSSL 3.0.0-alpha1 "23 Apr 2020""
  ^~
crypto/cversion.c:50:16: note: in expansion of macro 'OPENSSL_VERSION_TEXT'
 return OPENSSL_VERSION_TEXT;
^~~~
make[1]: *** [crypto/libcrypto-lib-cversion.obj] Error 1
make[1]: Leaving directory `/src/openssl-3.0.0-alpha1'
make: *** [build_sw] Error 2




From: openssl-users  on behalf of OpenSSL 

Sent: Friday, 24 April 2020 12:29 AM
To: openssl-project@openssl.org ; OpenSSL User 
Support ML ; OpenSSL Announce ML 

Subject: OpenSSL version 3.0.0-alpha1 published

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 3.0 alpha 1 released
   

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   OpenSSL 3.0 is currently in alpha.

   OpenSSL 3.0 alpha 1 has now been made available.

   Note: This OpenSSL pre-release has been provided for testing ONLY.
   It should NOT be used for security critical purposes.

   Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well
   as known issues are available on the OpenSSL Wiki, here:

https://wiki.openssl.org/index.php/OpenSSL_3.0

   The alpha release is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-3.0.0-alpha1.tar.gz
  Size: 9530120
  SHA1 checksum:  4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06
  SHA256 checksum:  
9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57

   The checksums were calculated using the following commands:

openssl sha1 openssl-3.0.0-alpha1.tar.gz
openssl sha256 openssl-3.0.0-alpha1.tar.gz

   Please download and check this $LABEL release as soon as possible.
   To report a bug, open an issue on GitHub:

https://github.com/openssl/openssl/issues

   Please check the release notes and mailing lists to avoid duplicate
   reports of known issues. (Of course, the source is also available
   on GitHub.)

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g
RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk
I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E
cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8
hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll
Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F
hIr11rxXNxtBRKUSlOUyJATZn0sV6g==
=uRpM
-END PGP SIGNATURE-


Re: Alpha1

2020-04-23 Thread Matt Caswell



On 22/04/2020 13:53, Matt Caswell wrote:
> 
> 
> On 22/04/2020 02:46, Benjamin Kaduk wrote:
>> On Tue, Apr 21, 2020 at 11:10:19AM +0100, Matt Caswell wrote:
>>> The 3.0 developers met via conference call this morning. All the
>>> functionality that we had planned for alpha 1 has now been merged, so we
>>> are now thinking that we will do the alpha 1 release on Thursday this
>>> week. That would imply a repo freeze tomorrow.
>>>
>>> Thoughts/opinions/objections to this proposal?
>>
>> Given that the list of required things for alpha 1 are done, it does seem
>> appropriate.  I know of a couple things that would be bug reports against
>> an alpha1 if produced right now, but ... what is an alpha for, if not to
>> trigger people to look and file bug reports? :)
> 
> I've seen no objections and everyone seems to be assuming this is
> happening, so the repo is now frozen ready for the release tomorrow.

The alpha1 release is now done!!

Thanks to everyone that has helped to make this happen.

We had a number of issues during the release itself - which is not
surprising given this is the first of the 3.0 series - but nothing too
significant.

Thanks to Richard for helping out during the release.

Matt



OpenSSL version 3.0.0-alpha1 published

2020-04-23 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 3.0 alpha 1 released
   

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   OpenSSL 3.0 is currently in alpha.

   OpenSSL 3.0 alpha 1 has now been made available.

   Note: This OpenSSL pre-release has been provided for testing ONLY.
   It should NOT be used for security critical purposes.

   Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well
   as known issues are available on the OpenSSL Wiki, here:

https://wiki.openssl.org/index.php/OpenSSL_3.0

   The alpha release is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-3.0.0-alpha1.tar.gz
  Size: 9530120
  SHA1 checksum:  4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06
  SHA256 checksum:  
9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57

   The checksums were calculated using the following commands:

openssl sha1 openssl-3.0.0-alpha1.tar.gz
openssl sha256 openssl-3.0.0-alpha1.tar.gz

   Please download and check this $LABEL release as soon as possible.
   To report a bug, open an issue on GitHub:

https://github.com/openssl/openssl/issues

   Please check the release notes and mailing lists to avoid duplicate
   reports of known issues. (Of course, the source is also available
   on GitHub.)

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g
RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk
I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E
cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8
hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll
Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F
hIr11rxXNxtBRKUSlOUyJATZn0sV6g==
=uRpM
-END PGP SIGNATURE-


Re: Alpha1

2020-04-22 Thread Matt Caswell



On 22/04/2020 02:46, Benjamin Kaduk wrote:
> On Tue, Apr 21, 2020 at 11:10:19AM +0100, Matt Caswell wrote:
>> The 3.0 developers met via conference call this morning. All the
>> functionality that we had planned for alpha 1 has now been merged, so we
>> are now thinking that we will do the alpha 1 release on Thursday this
>> week. That would imply a repo freeze tomorrow.
>>
>> Thoughts/opinions/objections to this proposal?
> 
> Given that the list of required things for alpha 1 are done, it does seem
> appropriate.  I know of a couple things that would be bug reports against
> an alpha1 if produced right now, but ... what is an alpha for, if not to
> trigger people to look and file bug reports? :)

I've seen no objections and everyone seems to be assuming this is
happening, so the repo is now frozen ready for the release tomorrow.

Matt



Re: Alpha1

2020-04-21 Thread Benjamin Kaduk
On Tue, Apr 21, 2020 at 11:10:19AM +0100, Matt Caswell wrote:
> The 3.0 developers met via conference call this morning. All the
> functionality that we had planned for alpha 1 has now been merged, so we
> are now thinking that we will do the alpha 1 release on Thursday this
> week. That would imply a repo freeze tomorrow.
> 
> Thoughts/opinions/objections to this proposal?

Given that the list of required things for alpha 1 are done, it does seem
appropriate.  I know of a couple things that would be bug reports against
an alpha1 if produced right now, but ... what is an alpha for, if not to
trigger people to look and file bug reports? :)

-Ben


Alpha1

2020-04-21 Thread Matt Caswell
The 3.0 developers met via conference call this morning. All the
functionality that we had planned for alpha 1 has now been merged, so we
are now thinking that we will do the alpha 1 release on Thursday this
week. That would imply a repo freeze tomorrow.

Thoughts/opinions/objections to this proposal?

Matt



Critical Path and Dependencies for Alpha1

2020-03-31 Thread Matt Caswell
Please see attached for what I believe is the critical path as well as
the key dependencies for Alpha 1. Please let me know of any errors or
omissions.

Matt


Alpha1 progress

2020-03-25 Thread Matt Caswell
Yesterday a number of us had a teleconference to update our task
tracking for the 3.0 release. The current spreadsheet gives us the
following dates for the various alpha/beta releases:

Alpha1: 2020-04-15
Alpha2: 2020-05-04
Alpha3: 2020-06-10
Beta1:  2020-06-12

Comparing this to the official timeline here:
https://www.openssl.org/policies/releasestrat.html

Which says:

Alpha1: 2020-03-31
Alpha2: 2020-04-21
Alpha3: 2020-05-21
Beta1: 2020-06-02

Until quite recently we were tracking fairly closely to the target
dates, but the last week or so has seen us drift out a bit. As can be
seen from the above we're about 2 weeks out at the moment. This is
primarily due to the key generation work being more complicated and
significant than we had anticipated.

So, right now, it looks to me like we won't be releasing alpha1 next
week as originally planned.

Matt