Re: [openssl-project] FW: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2

2018-05-10 Thread Matt Caswell
It should be fixed already - but the fixes didn't go in in time for the latest run-checker run. By tomorrow it should be ok (hopefully). Matt On 10/05/18 13:57, Salz, Rich wrote: > sigh > > On 5/10/18, 6:57 AM, "OpenSSL run-checker" wrote: > > Platform and

Re: [openssl-project] FW: [TLS] WGLC for draft-ietf-tls-tls13-vectors

2018-05-08 Thread Matt Caswell
tls13secretstest was originally based on these vectors: https://github.com/openssl/openssl/blob/master/test/tls13secretstest.c However, because we were moving faster with updating the vectors to match all the latest changes to the secrets calculations in the main spec, and because it's a major

Re: [openssl-project] Current votes FYI

2018-05-23 Thread Matt Caswell
FYI, all of these votes are now closed. The final vote results are inserted below. On 07/05/18 02:37, Salz, Rich wrote: > VOTE: openssl-web and tools repositories shall be under the same review > policy as per the openssl repository where the reviewers are OMC members +1: 5 0: 1

Re: [openssl-project] build/test before merging

2018-05-23 Thread Matt Caswell
On 23/05/18 01:43, Salz, Rich wrote: > > I do the same, but I am reluctant having a script doing it for me using > some fixed recipe... > >>I'm happy doing the build/test manually before merging, too. > > > So do you guys use the ghmerge script or own procedures? I'm curious.

Re: [openssl-project] build/test before merging

2018-05-23 Thread Matt Caswell
On 23/05/18 16:50, Benjamin Kaduk wrote: > On Wed, May 23, 2018 at 03:12:30PM +, Dr. Matthias St. Pierre wrote: >>> So do you guys use the ghmerge script or own procedures? I'm curious. >> >> At the beginnning, I tried to use ghmerge but it was not flexible >> enough for my needs. In

Re: [openssl-project] Please approve 6457 for backport

2018-06-12 Thread Matt Caswell
On 12/06/18 10:16, Matt Caswell wrote: > This is the PR for the CVE. I forgot to add the branches to the > PR...this is for 1.1.0 and 1.0.2. Please can someone approve the > backport asap? This is now done (thanks Tim). Now looking for an approval for the web updates: https://g

[openssl-project] Please approve 6457 for backport

2018-06-12 Thread Matt Caswell
This is the PR for the CVE. I forgot to add the branches to the PR...this is for 1.1.0 and 1.0.2. Please can someone approve the backport asap? Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] stepping down from OMC

2018-06-08 Thread Matt Caswell
On 08/06/18 20:56, Emilia Käsper wrote: > Hi all, > > I'm leaving the project. This should come as no surprise. I've had > little to no time to work on OpenSSL lately, and I firmly believe that > OpenSSL should be driven by engineers that are actively engaged in the > project and writing code

[openssl-project] ECDSA blinding

2018-06-13 Thread Matt Caswell
FYI see commit a3e9d5aa98 (and equivalent commits in 1.1.0 and 1.0.2). These fixes were reviewed in private due to an embargo from the reporter. In spite of that we have chosen not to issue a CVE for these fixes since they are localhost side channels only. Matt

Re: [openssl-project] Beta release today

2018-06-19 Thread Matt Caswell
IM or email me. > > On 6/19/18, 11:16 AM, "Matt Caswell" wrote: > > Oops, there is supposed to be a beta release today... > > > If someone is available to review it (any volunteers), I'll do it this > evening. Starting around 17.30 UTC

[openssl-project] Beta release today

2018-06-19 Thread Matt Caswell
Oops, there is supposed to be a beta release today... If someone is available to review it (any volunteers), I'll do it this evening. Starting around 17.30 UTC (although it looks like we might have to fix travis first). In the meantime please could someone freeze the repo? Matt

Re: [openssl-project] Beta release today

2018-06-19 Thread Matt Caswell
On 19/06/18 17:14, Matt Caswell wrote: > Actually, it feels a bit rushed, so I think I'm going to do it tomorrow > instead. > > It would still be good if someone can freeze the repo though please: > > ssh openssl-...@git.openssl.org freeze openssl matt The repo is now fr

Re: [openssl-project] Current votes FYI

2018-05-29 Thread Matt Caswell
On 29/05/18 06:45, Dr. Matthias St. Pierre wrote: >> VOTE: 1.1.1 beta release schedule changed so that the next two beta releases >> are now 29th May, 19 June and we will re-review release readiness after >> that. We will also ensure that there is at least one beta release post >> TLS-1.3

Re: [openssl-project] OpenSSL repo frozen

2018-05-29 Thread Matt Caswell
The release is complete and the repo is now unfrozen. Thanks to Richard for his help during the release. Matt On 29/05/18 07:25, Richard Levitte wrote: > This should have been done yesterday... the openssl repo is now > frozen pending the beta release that's happening later today. > >

[openssl-project] Github to be acquired by Microsoft

2018-06-04 Thread Matt Caswell
See: https://blog.github.com/2018-06-04-github-microsoft/ Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Monthly Status Report (May)

2018-06-04 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Fixed a mem leak in CMS_RecipientInfo_set0_pkey() and added some CMS tests - Added a note around performance and Nagle's algorithm on the

[openssl-project] Milestones and the 1.1.1 release

2018-06-26 Thread Matt Caswell
I'm thinking that we should maybe re-asses the current milestones in github. We currently use the following milestones: Assessed - Anything against this milestone isn't relevant to the 1.1.1 release (e.g. 1.0.2 specific issue) 1.1.1 - This is relevant to the 1.1.1 release but may not be

Re: [openssl-project] Milestones and the 1.1.1 release

2018-06-26 Thread Matt Caswell
elease. At the moment though it is impossible to tell which are the high priority issues we should be focussing on. Matt > > > > On 6/26/18, 11:56 AM, "Matt Caswell" wrote: > > I'm thinking that we should maybe re-asses the current milestones in > github. >

Re: [openssl-project] Milestones and the 1.1.1 release

2018-06-26 Thread Matt Caswell
t seems justifiable to me. The latter. I mean it doesn't *prevent* us from fixing something that's in both 1.1.0 and 1.1.1 - but our focus should be on fixing issues that are newly introduced in 1.1.1. Matt > > On 6/26/18, 3:32 PM, "Matt Caswell" wrote: > > > >

Re: [openssl-project] Milestones and the 1.1.1 release

2018-06-27 Thread Matt Caswell
Well, no one has objected so far. I'm not around tomorrow and Friday to action this but, unless anyone shouts between now and then, I'll start doing this on Monday. Matt On 26/06/18 21:15, Matt Caswell wrote: > > > On 26/06/18 20:43, Salz, Rich wrote: >> That's interesting

Re: [openssl-project] [openssl-commits] Build failed in Jenkins: master_noec #574

2018-06-27 Thread Matt Caswell
Also - does this only happen with no-ec? Matt On 27/06/18 10:32, Matt Caswell wrote: > I am slightly confused because the code sample below and the commit id > you gave is for 1.1.0, but the original email seems to be about master. > > Is the same issue affectin

Re: [openssl-project] [openssl-commits] Build failed in Jenkins: master_noec #574

2018-06-27 Thread Matt Caswell
I am slightly confused because the code sample below and the commit id you gave is for 1.1.0, but the original email seems to be about master. Is the same issue affecting both? Note: the pderive_test_run() function looks quite different between 1.1.0 and master. Matt On 26/06/18 19:32, Barry

[openssl-project] Forthcoming holidays

2018-06-27 Thread Matt Caswell
FYI, I have a few days off coming up which will mean I am less responsive than normal. I will have very limited/no access to email during these periods: Thursday 28th - Friday 29th June and Sunday 8th - Thursday 12th July Matt ___ openssl-project

Re: [openssl-project] Milestones and the 1.1.1 release

2018-07-03 Thread Matt Caswell
On 02/07/18 18:36, Salz, Rich wrote: > Thanks for finishing this off. > > > https://github.com/openssl/openssl/issues?q=is%3Aopen+is%3Aissue+milestone%3A1.1.1 > > Are 6512 and 6396 the same, and closed because we made things more secure? They may be the same, or maybe not. Almost

Re: [openssl-project] Milestones and the 1.1.1 release

2018-07-02 Thread Matt Caswell
On 27/06/18 16:10, Matt Caswell wrote: > Well, no one has objected so far. I'm not around tomorrow and Friday to > action this but, unless anyone shouts between now and then, I'll start > doing this on Monday. All issues have been reviewed and their milestones updated accordingl

Re: [openssl-project] Beta release on Tuesday

2018-04-30 Thread Matt Caswell
On 30/04/18 21:00, Salz, Rich wrote: > >>I would normally start around 12.00 UTC, but could push it a bit > later > > if it works better for you. > > > > So that's 7am, it would be best to delay an hour. > > > > Ok, lets make it 13.00 UTC. > > Gaah,

Re: [openssl-project] Freezing the repo

2018-05-01 Thread Matt Caswell
Release is complete and the repo is unfrozen. Matt On 30/04/18 20:04, Salz, Rich wrote: > Done. > > On 4/30/18, 3:02 PM, "Matt Caswell" <m...@openssl.org> wrote: > > Please could someone freeze the repo for me for tomorrow's release: > > $ s

[openssl-project] Monthly Status Report (April)

2018-05-01 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Performed the 1.1.1 pre-4 release - Supported the 1.1.1 pre-5 release - Liason with Billy Bob Brumley and team regarding various EC/constant time

[openssl-project] Travis is currently failing

2018-05-01 Thread Matt Caswell
Can anyone shed any light on this error from travis (master branch is failing): /usr/bin/ld: unrecognized option '--push-state--no-as-needed' /usr/bin/ld: use the --help option for usage information collect2: error: ld returned 1 exit status make[1]: *** [libcrypto.so] Error 1 make[1]: Leaving

Re: [openssl-project] Travis is currently failing

2018-05-01 Thread Matt Caswell
On 01/05/18 10:52, Kurt Roeckx wrote: > On Tue, May 01, 2018 at 10:02:31AM +0100, Matt Caswell wrote: >> >> Can anyone shed any light on this error from travis (master branch is >> failing): >> >> /usr/bin/ld: unrecognized option '--push-state--no-as-needed' >

[openssl-project] Freezing the repo

2018-04-30 Thread Matt Caswell
Please could someone freeze the repo for me for tomorrow's release: $ ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] Beta release on Tuesday

2018-04-30 Thread Matt Caswell
On 27/04/18 12:12, Salz, Rich wrote: >>As normal we are planning a new beta release on Tuesday. This means that >>we will be freezing the repo from Monday afternoon (UTC). > > I'm in US but available if nobody "closer" can do it. Nobody else has stepped forward. Are you still

Re: [openssl-project] Style guide updates

2018-01-26 Thread Matt Caswell
On 26/01/18 17:03, Richard Levitte wrote: > In message <c20f5fd4-1c85-c96b-42e7-e2a84e411...@openssl.org> on Fri, 26 Jan > 2018 14:06:27 +, Matt Caswell <m...@openssl.org> said: > > matt> - Use size_t for sizes of things > > ... and, it seems, as array

Re: [openssl-project] Issues review

2018-01-24 Thread Matt Caswell
r whatever reason (to the point that we should hold up the release schedule for it) then we can argue that out on a case-by-case basis and amend the milestones accordingly. Alternatively just make sure you get it reviewed and committed before feature freeze. Matt On 23/01/18 17:49, Matt Caswell

Re: [openssl-project] 1.1.1 Release timetable (again)

2018-01-24 Thread Matt Caswell
On 24/01/18 17:32, Matt Caswell wrote: > 14th March 2018, beta release 1 (pre2) > OpenSSL_1_1_1-stable created (feature freeze) > master becomes basis for 1.1.2 or 1.2.0 (TBD) > 11th March 2018, beta release 2 (pre3) That should of course say 11th

Re: [openssl-project] Local kid does good

2018-01-30 Thread Matt Caswell
On 30/01/18 16:13, Salz, Rich wrote: > One of our own, Ben Kaduk, was just picked to be the Security Area > co-Director in the IETF! Awesome! Well done Ben! Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] travis builds failing with aligment errors?

2018-01-30 Thread Matt Caswell
On 30/01/18 14:27, Benjamin Kaduk wrote: > It seems that we've started getting issues with a single build > configuration, e.g., > https://travis-ci.org/openssl/openssl/jobs/335110257 > > Lots of complaints about alignment, like: > > crypto/modes/gcm128.c:1090:36: runtime error: load of

Re: [openssl-project] travis builds failing with aligment errors?

2018-01-30 Thread Matt Caswell
On 30/01/18 14:30, Matt Caswell wrote: > > > On 30/01/18 14:27, Benjamin Kaduk wrote: >> It seems that we've started getting issues with a single build >> configuration, e.g., >> https://travis-ci.org/openssl/openssl/jobs/335110257 >> >> Lots of complai

Re: [openssl-project] 1.1.1 Release timetable (again)

2018-01-29 Thread Matt Caswell
On 25/01/18 19:08, Matt Caswell wrote: > > > On 25/01/18 11:59, Salz, Rich wrote: >> As long as we have the freedom to release earlier, this looks okay to me. > > I added this sentence to make that freedom crystal clear: > > "This may be amended at any time

[openssl-project] Monthly Status Report (January)

2018-02-01 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended Real World Crypto 2018 in Zürich in order to collect the Levchin prize on behalf of the team - Took part in an interview for RedHat -

[openssl-project] New Committer

2018-02-01 Thread Matt Caswell
Please welcome our newest committer David Benjamin! Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] 1.1.1 Release timetable (again)

2018-01-30 Thread Matt Caswell
On 29/01/18 11:04, Matt Caswell wrote: > > > On 25/01/18 19:08, Matt Caswell wrote: >> >> >> On 25/01/18 11:59, Salz, Rich wrote: >>> As long as we have the freedom to release earlier, this looks okay to me. >> >> I added this sentence to

Re: [openssl-project] Style guide update -- summary so far

2018-02-05 Thread Matt Caswell
On 05/02/18 18:13, Salz, Rich wrote: > Use ossl_assert, not assert.  Do not forget to handle the error > condition as asserts are not compiled into production code. It's slightly more nuanced than that. There are occasions where assert is ok, e.g. switch(my_expression) { case 1: /* do

[openssl-project] OS/X builds failing

2018-02-09 Thread Matt Caswell
The new travis OS/X builds are failing with this: -MT apps/enc.o -c -o apps/enc.o apps/enc.c apps/enc.c:567:54: error: format specifies type 'uintmax_t' (aka 'unsigned long') but the argument has type 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat] BIO_printf(bio_err, "bytes read

[openssl-project] Feature freeze for 1.1.1

2018-02-06 Thread Matt Caswell
I have now updated the release strategy page with the agreed plan for the 1.1.1 release: https://www.openssl.org/policies/releasestrat.html I'd like to draw everyone's attention to the key date of 13th March 2018. Which is when we do the feature freeze. In practice we typically freeze the repo

Re: [openssl-project] 1.1.1 Release timetable (again)

2018-02-06 Thread Matt Caswell
On 30/01/18 10:45, Matt Caswell wrote: > No feedback so I started the vote: > > topic: We should update the release strategy as shown in > https://github.com/openssl/web/pull/41, commit id 52d9ea8fb > Proposed by Matt Caswell > Public: yes > opened: 2018-01-30 >

[openssl-project] TLSv1.3

2018-02-06 Thread Matt Caswell
Now that the TLSv1.3 implementation is quite stable - should we switch it on by default? Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Style question

2018-02-12 Thread Matt Caswell
On 12/02/18 16:07, Matt Caswell wrote: > > > On 12/02/18 16:05, Short, Todd wrote: >> My 2cents (since I can’t reply to the list), is that other functions >> (e.g. most SSL and SSL_CTX functions) require a non-NULL object. I’m not >> sure this is any different

Re: [openssl-project] Style question

2018-02-12 Thread Matt Caswell
"One if by land, two if by sea, three if by the Internet." > >> On Feb 12, 2018, at 11:02 AM, Matt Caswell <m...@openssl.org >> <mailto:m...@openssl.org>> wrote: >> >> I've been looking at our use of EVP_MD_size() (prompted by Coverity). >&

[openssl-project] Code Freeze!!!

2018-02-12 Thread Matt Caswell
Please could someone freeze the repo for me? The tools don't let me do it for my own benefit: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

[openssl-project] Style question

2018-02-12 Thread Matt Caswell
I've been looking at our use of EVP_MD_size() (prompted by Coverity). That function can return a -1 on error: int EVP_MD_size(const EVP_MD *md) { if (!md) { EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); return -1; } return md->md_size; } The only

Re: [openssl-project] Style guide update -- summary so far

2018-02-05 Thread Matt Caswell
On 05/02/18 19:43, Dr. Matthias St. Pierre wrote: > > Wasn't there also the suggestion by someone that if one part of an > if-else statements needs braces that the other part should get some, too? That's already in the style guide: Do not unnecessarily use braces around a single statement:

Re: [openssl-project] tag for 1.1.1pre1?

2018-02-15 Thread Matt Caswell
(cc'ing openssl-project) On 15/02/18 22:36, Benjamin Kaduk wrote: > Hi Matt, > > I see git tags for 1.1.0pre[1-6], but not one for the 1.1.1 alpha.  Is > this intentional or an omission? Oops. 'cos we had a few problems during the release I had to run the mkrelease script more than once and

Re: [openssl-project] Freezing the repo soon

2018-02-26 Thread Matt Caswell
On 26/02/18 17:23, Andy Polyakov wrote: >> Just a reminder to everyone that we are doing the alpha2 release >> tomorrow, so we will be freezing the repo soon (in about an hour or so). > > master is read at https://travis-ci.org/openssl/openssl/branches since >

Re: [openssl-project] Freezing the repo soon

2018-02-26 Thread Matt Caswell
On 26/02/18 19:13, Matt Caswell wrote: > > > On 26/02/18 17:23, Andy Polyakov wrote: >>> Just a reminder to everyone that we are doing the alpha2 release >>> tomorrow, so we will be freezing the repo soon (in about an hour or so). >> >> master is read a

Re: [openssl-project] Freezing the repo soon

2018-02-26 Thread Matt Caswell
On 26/02/18 17:23, Andy Polyakov wrote: >> Just a reminder to everyone that we are doing the alpha2 release >> tomorrow, so we will be freezing the repo soon (in about an hour or so). > > master is read at https://travis-ci.org/openssl/openssl/branches since >

Re: [openssl-project] Beta release today

2018-06-20 Thread Matt Caswell
Release is done - repo is unfrozen! Thanks to Richard once again for helping out. Matt On 20/06/18 15:11, Matt Caswell wrote: > The last few commits seem to have stabilised the build: > > https://travis-ci.org/openssl/openssl/builds/394565396 > > There is one red cr

Re: [openssl-project] Beta release today

2018-06-20 Thread Matt Caswell
inadvertently triggered recently): https://travis-ci.org/openssl/openssl/builds/394565396 Therefore we are going to press ahead with the release. Matt On 20/06/18 11:32, Matt Caswell wrote: > The build is currently not stable. We have a number of outstanding issues: > > - external p

Re: [openssl-project] GitHub labels

2018-06-22 Thread Matt Caswell
On 22/06/18 09:26, Richard Levitte wrote: > In message <20180622010813.gy4...@kduck.kaduk.org> on Thu, 21 Jun 2018 > 20:08:13 -0500, Benjamin Kaduk said: > > kaduk> What's still unclear to me in the current scheme is how I'm supposed to > kaduk> indicate something that is (intentionally)

Re: [openssl-project] To distribute just the repo file, or the result of 'make dist'?

2018-07-28 Thread Matt Caswell
On 24/07/18 14:50, Richard Levitte wrote: > In message <20180724122839.ga2...@roeckx.be> on Tue, 24 Jul 2018 14:28:40 > +0200, Kurt Roeckx said: > > kurt> On Tue, Jul 24, 2018 at 02:08:46PM +0200, Richard Levitte wrote: > kurt> > > kurt> > The original intention (way back, I think we're

[openssl-project] Monthly Status Report (July)

2018-08-03 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended a number of meetings re FIPS - Fixed a bug in 1.1.0/1.0.2 which can result in an invalid CertificateRequest message being sent - Reviewed

[openssl-project] 1.1.1 Release criteria update

2018-08-02 Thread Matt Caswell
A quick update on the status of the 1.1.1 release criteria: - All open github issues/PRs older than 2 weeks at the time of release to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1 milestone to be closed Status: We have 5 open issues (4 of which were opened within the last 2

Re: [openssl-project] EdDSA and "default_md"?

2018-08-08 Thread Matt Caswell
On 08/08/18 21:22, Viktor Dukhovni wrote: > Don't know whether everyone here also reads openssl-users, so to recap, > Robert Moskowitz reports considerable frustration > as a result of "default_md = sha256" being incompatible with Ed25519 > (and Ed448). He's working around this with "-md

Re: [openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-09 Thread Matt Caswell
On 08/08/18 11:28, Matt Caswell wrote: > For the full background to this issue see: > > https://github.com/openssl/openssl/issues/6490 > > TL;DR summary: > > The TLSv1.2 and TLSv1.3 PSK mechanisms are quite different to each > other. OpenSSL (along with at least

[openssl-project] Removal of NULL checks

2018-08-08 Thread Matt Caswell
We've had a policy for a while of not requiring NULL checks in functions. However there is a difference between not adding them for new functions and actively removing them for old ones. See https://github.com/openssl/openssl/pull/6893 In this case the removal of a NULL check in the stack code

[openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-08 Thread Matt Caswell
For the full background to this issue see: https://github.com/openssl/openssl/issues/6490 TL;DR summary: The TLSv1.2 and TLSv1.3 PSK mechanisms are quite different to each other. OpenSSL (along with at least GnuTLS maybe others) has implemented an upgrade path which enables the reuse of a

Re: [openssl-project] Please freeze the repo

2018-08-13 Thread Matt Caswell
On 13/08/18 17:49, Andy Polyakov wrote: > It would be appropriate to merge > https://github.com/openssl/openssl/pull/6916 (1.0.2, commit message > would need adjustment for merged from) and This one appears to be not quite as ready as first thought. >

Re: [openssl-project] Fwd: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'"

2018-08-15 Thread Matt Caswell
On 14/08/18 20:20, Matt Caswell wrote: > Hi > > Back in 2007 Nokia started developing a CMP client based on OpenSSL that > is currently in use in LTE infrastructure components. Siemens joined in > the project some years ago to extend and utilize the code for further > indust

Re: [openssl-project] Inappropriate fallback triggered when "holes" in client protocol list indirectly exclude TLSv1.3

2018-08-15 Thread Matt Caswell
On 15/08/18 16:46, Viktor Dukhovni wrote: > When I configure a client with a legacy TLS 1.2 protocol exclusion, > e.g. by setting SSL_OP_NO_TLSv1_2 (rather than the new min/max > version interface), as a result of the new TLS 1.3 protocol > suport configurations that previously negotiated "up

Re: [openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-15 Thread Matt Caswell
On 10/08/18 09:43, Matt Caswell wrote: > > > On 09/08/18 10:31, Matt Caswell wrote: > >> I think perhaps a vote is the only way forward then. Does this vote text >> seem reasonable? >> >> "We should remove the TLSv1.2 to TLSv1.3 PSK compatibilit

[openssl-project] Fwd: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'"

2018-08-14 Thread Matt Caswell
I went to approve this post, but I don't see it in the pending queue. Not sure why not - so forwarding this anyway. Please see below. Matt Forwarded Message Subject: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'" Date: Tue, 14 Aug

Re: [openssl-project] Releases tomorrow

2018-08-14 Thread Matt Caswell
On 14/08/18 11:05, Kurt Roeckx wrote: > On Tue, Aug 14, 2018 at 01:50:39AM +, Salz, Rich wrote: >>>- If we're going to make any changes for issue 6904 (broken pipe for >> clients that only write/server that only reads), then we should do that >> >> Yeah, I don't like the library

Re: [openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Matt Caswell
On 07/08/18 15:15, Andy Polyakov wrote: >> Forthcoming OpenSSL releases >> > > I have some RSA hardening fixes in pipeline... Do you have PR numbers for them? Matt > ___ > openssl-project mailing list >

[openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Matt Caswell
Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0i and 1.0.2p. These releases will be made available on 14th August 2018 between approximately 1200-1600 UTC. These are bug-fix releases.

[openssl-project] Releases tomorrow

2018-08-13 Thread Matt Caswell
Just a reminder that we are doing the 1.0.2p and 1.1.0i releases tomorrow so I will be freezing the repo later this afternoon. If you still have PRs to merge for the release please get them in asap! Thanks Matt ___ openssl-project mailing list

[openssl-project] Please freeze the repo

2018-08-13 Thread Matt Caswell
Please could someone freeze the repo for me? $ ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Releases tomorrow

2018-08-13 Thread Matt Caswell
On 13/08/18 14:20, Kurt Roeckx wrote: > On Mon, Aug 13, 2018 at 02:00:47PM +0100, Matt Caswell wrote: >> Just a reminder that we are doing the 1.0.2p and 1.1.0i releases >> tomorrow so I will be freezing the repo later this afternoon. If you >> still have PRs to merge for t

Re: [openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-10 Thread Matt Caswell
On 09/08/18 10:31, Matt Caswell wrote: > I think perhaps a vote is the only way forward then. Does this vote text > seem reasonable? > > "We should remove the TLSv1.2 to TLSv1.3 PSK compatibility mechanism as > discussed in issue 6490. If TLSv1.2 PSKs are configured (an

Re: [openssl-project] Please freeze the repo

2018-08-14 Thread Matt Caswell
Release is done and the repo is unfrozen. Thanks again to Richard for all the help. Matt On 13/08/18 17:15, Mark J Cox wrote: > done. > > On Mon, Aug 13, 2018 at 5:11 PM, Matt Caswell wrote: >> Please could someone freeze the repo for me? >> >> $ ssh openssl

[openssl-project] Please freeze the repo

2018-08-20 Thread Matt Caswell
Please could someone freeze the repo for me for tomorrow's release: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Please freeze the repo

2018-08-21 Thread Matt Caswell
The repository is now unfrozen and the release is complete. Thanks to Tim for all the help. Matt On 20/08/18 18:00, Bernd Edlinger wrote: > Hi Matt, > > The repo should be frozen now. > > Bernd. > > On 08/20/18 18:01, Matt Caswell wrote: >> Please could som

[openssl-project] Final release date for 1.1.1

2018-08-22 Thread Matt Caswell
I'd like to propose that we target Tuesday 11th September as the final release date for 1.1.1. Next week there is a big meeting about the next OpenSSL release, and specifically FIPS support. This means that I, and others on the OMC, will have limited time to deal with any 1.1.1 issues. Our early

[openssl-project] Current 1.1.1 status compared to Release criteria

2018-07-20 Thread Matt Caswell
I've done a review of the 1.1.1 release criteria against the current status. See below. TL;DR summary: Status is generally good. There are some outstanding issues and PRs that need input from various people. Specifically there are actions for: @levitte, @paulidale, @dot-asm, @mspncp, @t-j-h

[openssl-project] Forthcoming holiday

2018-07-18 Thread Matt Caswell
I have some more holiday coming up :-) I'll be away next week: Tuesday 24th July - Friday 27th July. Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Release Criteria Update

2018-09-05 Thread Matt Caswell
nd of reviews. Owner: Paul Yang #7073 Support EdDSA in apps/speed Updates made following earlier review. Awaiting another round of reviews. Owner: Paul Yang Matt On 04/09/18 17:11, Matt Caswell wrote: > Current status of the 1.1.1 PRs/issues: > > There are currently 6 open PRs for 1.1.1. H

[openssl-project] Please freeze the repo

2018-09-09 Thread Matt Caswell
Please can someone freeze the repo: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-09 Thread Matt Caswell
On 09/09/18 19:31, Dr. Matthias St. Pierre wrote: > I am currently occupied with other things, so I won't be able to look at it > before later this evening or tomorrow. > > I also had a quick look at CID 1423323 (see below) but I was unable to see > why 'pkey' would be a NULL pointer > when

[openssl-project] Monthly Status Report (August)

2018-09-04 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended a number of conference calls related to FIPS - Attended the week long FIPS summit in Brisbane. A lot was achieved and write ups of the

[openssl-project] Release Criteria Update

2018-09-04 Thread Matt Caswell
Current status of the 1.1.1 PRs/issues: There are currently 6 open PRs for 1.1.1. However in 2 cases there are 2 alternative implementations for the same thing - so really there are only 4 issues being addressed. One of these is in the "ready" state. The remaining 3 are: #7114 Process KeyUpdate

Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Matt Caswell
On 06/09/18 17:32, Kurt Roeckx wrote: > On Tue, Sep 04, 2018 at 05:11:41PM +0100, Matt Caswell wrote: >> Current status of the 1.1.1 PRs/issues: > > Since we did make a lot of changes, including things that > applications can run into, would it make sense to have an other &g

[openssl-project] Release Criteria Update

2018-09-06 Thread Matt Caswell
We currently have 8 1.1.1 PRs that are open. 3 of which are in the "ready" state. There are 2 which are alternative implementations of the same thing - so there are really on 4 issues currently being addressed: #7145 SipHash: add separate setter for the hash size Owner: Richard Awaiting review

[openssl-project] Final check against the release criteria

2018-09-10 Thread Matt Caswell
A final check against the release criteria: - All open github issues/PRs older than 2 weeks at the time of release to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1 milestone to be closed (see below) There are no 1.1.1 flagged issues. There is one 1.1.1 flagged PR which was

Re: [openssl-project] Release Criteria Update

2018-09-08 Thread Matt Caswell
mapping to a C int32). > (no, we don't want to go back to using LONG) So...that PR seems to be labelled for 1.1.0 too? So why is the problem specific to 1.1.1? Matt > > Cheers, > Richard > > In message on Thu, 6 Sep > 2018 23:41:59 +0100, Matt Caswell said: > &

Re: [openssl-project] Release Criteria Update

2018-09-08 Thread Matt Caswell
On 07/09/18 10:09, Richard Levitte wrote: > In message on Fri, 7 Sep > 2018 09:56:01 +0100, Matt Caswell said: > >> >> >> On 07/09/18 01:51, Richard Levitte wrote: >>> I think this one should be part of the lot as well: >>> >>> #7

[openssl-project] Release Criteria Update

2018-09-08 Thread Matt Caswell
We have 2 outstanding 1.1.1 PRs. These are: #7144 ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes Owner: Richard Awaiting updates following review feedback #7145 SipHash: add separate setter for the hash size Owner: Richard Awaiting updates following review feedback

[openssl-project] 1.1.1 is released!

2018-09-11 Thread Matt Caswell
I've just finished the 1.1.1 release process and the repo is now unfrozen. There is now a new OpenSSL_1_1_1-stable branch. 1.1.0 is officially in security fixes only mode so generally we should not be cherry-picking fixes to OpenSSL_1_1_0-stable. Congratulations and thanks to everyone who has

[openssl-project] Monthly Status Report (June)

2018-07-05 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Implemented a feature enabling anti-replay to be switched off - Enabled SSL_OP_NO_TICKET support for TLSv1.3 - Added getters for raw

Re: [openssl-project] Forthcoming holidays

2018-07-06 Thread Matt Caswell
Just a reminder that I am on holiday from Sunday with limited/no access to email. I will be back working from Friday. Matt On 27/06/18 09:56, Matt Caswell wrote: > FYI, I have a few days off coming up which will mean I am less > responsive than normal. I will have very limited/no access to

Re: [openssl-project] Issues review

2018-01-23 Thread Matt Caswell
On 23/01/18 17:49, Matt Caswell wrote: > I completed my first pass review of all issues. I still need to look at > PRs. I have put all PRs against a milestone using the following criteria: I have put all *issues* against a milestone not PR!! > > If it only applies to 1.0.2 or

Re: [openssl-project] Issues review

2018-01-23 Thread Matt Caswell
On 23/01/18 18:05, Benjamin Kaduk wrote: > On Tue, Jan 23, 2018 at 05:51:41PM +0000, Matt Caswell wrote: >> >> >> On 23/01/18 17:49, Matt Caswell wrote: >>> I completed my first pass review of all issues. I still need to look at >>> PRs. I have put all PRs

  1   2   3   >