Re: [openssl-project] build/test before merging

2018-05-23 Thread Matt Caswell
On 23/05/18 01:43, Salz, Rich wrote: > > I do the same, but I am reluctant having a script doing it for me using > some fixed recipe... > >>I'm happy doing the build/test manually before merging, too. > > > So do you guys use the ghmerge script or own procedures? I'm curious.

Re: [openssl-project] build/test before merging

2018-05-23 Thread Matt Caswell
On 23/05/18 16:50, Benjamin Kaduk wrote: > On Wed, May 23, 2018 at 03:12:30PM +, Dr. Matthias St. Pierre wrote: >>> So do you guys use the ghmerge script or own procedures? I'm curious. >> >> At the beginnning, I tried to use ghmerge but it was not flexible >> enough for my needs. In

[openssl-project] Please approve 6457 for backport

2018-06-12 Thread Matt Caswell
This is the PR for the CVE. I forgot to add the branches to the PR...this is for 1.1.0 and 1.0.2. Please can someone approve the backport asap? Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] stepping down from OMC

2018-06-08 Thread Matt Caswell
On 08/06/18 20:56, Emilia Käsper wrote: > Hi all, > > I'm leaving the project. This should come as no surprise. I've had > little to no time to work on OpenSSL lately, and I firmly believe that > OpenSSL should be driven by engineers that are actively engaged in the > project and writing code

[openssl-project] ECDSA blinding

2018-06-13 Thread Matt Caswell
FYI see commit a3e9d5aa98 (and equivalent commits in 1.1.0 and 1.0.2). These fixes were reviewed in private due to an embargo from the reporter. In spite of that we have chosen not to issue a CVE for these fixes since they are localhost side channels only. Matt

[openssl-project] Beta release today

2018-06-19 Thread Matt Caswell
Oops, there is supposed to be a beta release today... If someone is available to review it (any volunteers), I'll do it this evening. Starting around 17.30 UTC (although it looks like we might have to fix travis first). In the meantime please could someone freeze the repo? Matt

Re: [openssl-project] Beta release today

2018-06-19 Thread Matt Caswell
On 19/06/18 17:14, Matt Caswell wrote: > Actually, it feels a bit rushed, so I think I'm going to do it tomorrow > instead. > > It would still be good if someone can freeze the repo though please: > > ssh openssl-...@git.openssl.org freeze openssl matt The repo is now fr

Re: [openssl-project] Current votes FYI

2018-05-29 Thread Matt Caswell
On 29/05/18 06:45, Dr. Matthias St. Pierre wrote: >> VOTE: 1.1.1 beta release schedule changed so that the next two beta releases >> are now 29th May, 19 June and we will re-review release readiness after >> that. We will also ensure that there is at least one beta release post >> TLS-1.3

Re: [openssl-project] OpenSSL repo frozen

2018-05-29 Thread Matt Caswell
The release is complete and the repo is now unfrozen. Thanks to Richard for his help during the release. Matt On 29/05/18 07:25, Richard Levitte wrote: > This should have been done yesterday... the openssl repo is now > frozen pending the beta release that's happening later today. > >

[openssl-project] Github to be acquired by Microsoft

2018-06-04 Thread Matt Caswell
See: https://blog.github.com/2018-06-04-github-microsoft/ Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Monthly Status Report (May)

2018-06-04 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Fixed a mem leak in CMS_RecipientInfo_set0_pkey() and added some CMS tests - Added a note around performance and Nagle's algorithm on the

[openssl-project] Milestones and the 1.1.1 release

2018-06-26 Thread Matt Caswell
I'm thinking that we should maybe re-asses the current milestones in github. We currently use the following milestones: Assessed - Anything against this milestone isn't relevant to the 1.1.1 release (e.g. 1.0.2 specific issue) 1.1.1 - This is relevant to the 1.1.1 release but may not be

Re: [openssl-project] Milestones and the 1.1.1 release

2018-06-26 Thread Matt Caswell
elease. At the moment though it is impossible to tell which are the high priority issues we should be focussing on. Matt > > > > On 6/26/18, 11:56 AM, "Matt Caswell" wrote: > > I'm thinking that we should maybe re-asses the current milestones in > github. >

Re: [openssl-project] Milestones and the 1.1.1 release

2018-06-26 Thread Matt Caswell
t seems justifiable to me. The latter. I mean it doesn't *prevent* us from fixing something that's in both 1.1.0 and 1.1.1 - but our focus should be on fixing issues that are newly introduced in 1.1.1. Matt > > On 6/26/18, 3:32 PM, "Matt Caswell" wrote: > > > >

Re: [openssl-project] Milestones and the 1.1.1 release

2018-06-27 Thread Matt Caswell
Well, no one has objected so far. I'm not around tomorrow and Friday to action this but, unless anyone shouts between now and then, I'll start doing this on Monday. Matt On 26/06/18 21:15, Matt Caswell wrote: > > > On 26/06/18 20:43, Salz, Rich wrote: >> That's interesting

Re: [openssl-project] [openssl-commits] Build failed in Jenkins: master_noec #574

2018-06-27 Thread Matt Caswell
Also - does this only happen with no-ec? Matt On 27/06/18 10:32, Matt Caswell wrote: > I am slightly confused because the code sample below and the commit id > you gave is for 1.1.0, but the original email seems to be about master. > > Is the same issue affectin

Re: [openssl-project] [openssl-commits] Build failed in Jenkins: master_noec #574

2018-06-27 Thread Matt Caswell
I am slightly confused because the code sample below and the commit id you gave is for 1.1.0, but the original email seems to be about master. Is the same issue affecting both? Note: the pderive_test_run() function looks quite different between 1.1.0 and master. Matt On 26/06/18 19:32, Barry

[openssl-project] Forthcoming holidays

2018-06-27 Thread Matt Caswell
FYI, I have a few days off coming up which will mean I am less responsive than normal. I will have very limited/no access to email during these periods: Thursday 28th - Friday 29th June and Sunday 8th - Thursday 12th July Matt ___ openssl-project

Re: [openssl-project] Milestones and the 1.1.1 release

2018-07-03 Thread Matt Caswell
On 02/07/18 18:36, Salz, Rich wrote: > Thanks for finishing this off. > > > https://github.com/openssl/openssl/issues?q=is%3Aopen+is%3Aissue+milestone%3A1.1.1 > > Are 6512 and 6396 the same, and closed because we made things more secure? They may be the same, or maybe not. Almost

Re: [openssl-project] Milestones and the 1.1.1 release

2018-07-02 Thread Matt Caswell
On 27/06/18 16:10, Matt Caswell wrote: > Well, no one has objected so far. I'm not around tomorrow and Friday to > action this but, unless anyone shouts between now and then, I'll start > doing this on Monday. All issues have been reviewed and their milestones updated accordingl

[openssl-project] Freezing the repo

2018-04-30 Thread Matt Caswell
Please could someone freeze the repo for me for tomorrow's release: $ ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

Re: [openssl-project] Beta release on Tuesday

2018-04-30 Thread Matt Caswell
On 27/04/18 12:12, Salz, Rich wrote: >>As normal we are planning a new beta release on Tuesday. This means that >>we will be freezing the repo from Monday afternoon (UTC). > > I'm in US but available if nobody "closer" can do it. Nobody else has stepped forward. Are you still

Re: [openssl-project] Style guide updates

2018-01-26 Thread Matt Caswell
On 26/01/18 17:03, Richard Levitte wrote: > In message <c20f5fd4-1c85-c96b-42e7-e2a84e411...@openssl.org> on Fri, 26 Jan > 2018 14:06:27 +, Matt Caswell <m...@openssl.org> said: > > matt> - Use size_t for sizes of things > > ... and, it seems, as array

Re: [openssl-project] Issues review

2018-01-24 Thread Matt Caswell
r whatever reason (to the point that we should hold up the release schedule for it) then we can argue that out on a case-by-case basis and amend the milestones accordingly. Alternatively just make sure you get it reviewed and committed before feature freeze. Matt On 23/01/18 17:49, Matt Caswell

Re: [openssl-project] 1.1.1 Release timetable (again)

2018-01-24 Thread Matt Caswell
On 24/01/18 17:32, Matt Caswell wrote: > 14th March 2018, beta release 1 (pre2) > OpenSSL_1_1_1-stable created (feature freeze) > master becomes basis for 1.1.2 or 1.2.0 (TBD) > 11th March 2018, beta release 2 (pre3) That should of course say 11th

Re: [openssl-project] travis builds failing with aligment errors?

2018-01-30 Thread Matt Caswell
On 30/01/18 14:30, Matt Caswell wrote: > > > On 30/01/18 14:27, Benjamin Kaduk wrote: >> It seems that we've started getting issues with a single build >> configuration, e.g., >> https://travis-ci.org/openssl/openssl/jobs/335110257 >> >> Lots of complai

Re: [openssl-project] 1.1.1 Release timetable (again)

2018-01-29 Thread Matt Caswell
On 25/01/18 19:08, Matt Caswell wrote: > > > On 25/01/18 11:59, Salz, Rich wrote: >> As long as we have the freedom to release earlier, this looks okay to me. > > I added this sentence to make that freedom crystal clear: > > "This may be amended at any time

[openssl-project] Monthly Status Report (January)

2018-02-01 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended Real World Crypto 2018 in Zürich in order to collect the Levchin prize on behalf of the team - Took part in an interview for RedHat -

[openssl-project] New Committer

2018-02-01 Thread Matt Caswell
Please welcome our newest committer David Benjamin! Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] 1.1.1 Release timetable (again)

2018-01-30 Thread Matt Caswell
On 29/01/18 11:04, Matt Caswell wrote: > > > On 25/01/18 19:08, Matt Caswell wrote: >> >> >> On 25/01/18 11:59, Salz, Rich wrote: >>> As long as we have the freedom to release earlier, this looks okay to me. >> >> I added this sentence to

[openssl-project] OS/X builds failing

2018-02-09 Thread Matt Caswell
The new travis OS/X builds are failing with this: -MT apps/enc.o -c -o apps/enc.o apps/enc.c apps/enc.c:567:54: error: format specifies type 'uintmax_t' (aka 'unsigned long') but the argument has type 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat] BIO_printf(bio_err, "bytes read

[openssl-project] Feature freeze for 1.1.1

2018-02-06 Thread Matt Caswell
I have now updated the release strategy page with the agreed plan for the 1.1.1 release: https://www.openssl.org/policies/releasestrat.html I'd like to draw everyone's attention to the key date of 13th March 2018. Which is when we do the feature freeze. In practice we typically freeze the repo

Re: [openssl-project] 1.1.1 Release timetable (again)

2018-02-06 Thread Matt Caswell
On 30/01/18 10:45, Matt Caswell wrote: > No feedback so I started the vote: > > topic: We should update the release strategy as shown in > https://github.com/openssl/web/pull/41, commit id 52d9ea8fb > Proposed by Matt Caswell > Public: yes > opened: 2018-01-30 >

[openssl-project] TLSv1.3

2018-02-06 Thread Matt Caswell
Now that the TLSv1.3 implementation is quite stable - should we switch it on by default? Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Style question

2018-02-12 Thread Matt Caswell
"One if by land, two if by sea, three if by the Internet." > >> On Feb 12, 2018, at 11:02 AM, Matt Caswell <m...@openssl.org >> <mailto:m...@openssl.org>> wrote: >> >> I've been looking at our use of EVP_MD_size() (prompted by Coverity). >&

[openssl-project] Code Freeze!!!

2018-02-12 Thread Matt Caswell
Please could someone freeze the repo for me? The tools don't let me do it for my own benefit: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org

[openssl-project] Style question

2018-02-12 Thread Matt Caswell
I've been looking at our use of EVP_MD_size() (prompted by Coverity). That function can return a -1 on error: int EVP_MD_size(const EVP_MD *md) { if (!md) { EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); return -1; } return md->md_size; } The only

Re: [openssl-project] Style guide update -- summary so far

2018-02-05 Thread Matt Caswell
On 05/02/18 19:43, Dr. Matthias St. Pierre wrote: > > Wasn't there also the suggestion by someone that if one part of an > if-else statements needs braces that the other part should get some, too? That's already in the style guide: Do not unnecessarily use braces around a single statement:

Re: [openssl-project] tag for 1.1.1pre1?

2018-02-15 Thread Matt Caswell
(cc'ing openssl-project) On 15/02/18 22:36, Benjamin Kaduk wrote: > Hi Matt, > > I see git tags for 1.1.0pre[1-6], but not one for the 1.1.1 alpha.  Is > this intentional or an omission? Oops. 'cos we had a few problems during the release I had to run the mkrelease script more than once and

Re: [openssl-project] Beta release today

2018-06-20 Thread Matt Caswell
inadvertently triggered recently): https://travis-ci.org/openssl/openssl/builds/394565396 Therefore we are going to press ahead with the release. Matt On 20/06/18 11:32, Matt Caswell wrote: > The build is currently not stable. We have a number of outstanding issues: > > - external p

Re: [openssl-project] To distribute just the repo file, or the result of 'make dist'?

2018-07-28 Thread Matt Caswell
On 24/07/18 14:50, Richard Levitte wrote: > In message <20180724122839.ga2...@roeckx.be> on Tue, 24 Jul 2018 14:28:40 > +0200, Kurt Roeckx said: > > kurt> On Tue, Jul 24, 2018 at 02:08:46PM +0200, Richard Levitte wrote: > kurt> > > kurt> > The original intention (way back, I think we're

[openssl-project] Monthly Status Report (July)

2018-08-03 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended a number of meetings re FIPS - Fixed a bug in 1.1.0/1.0.2 which can result in an invalid CertificateRequest message being sent - Reviewed

[openssl-project] 1.1.1 Release criteria update

2018-08-02 Thread Matt Caswell
A quick update on the status of the 1.1.1 release criteria: - All open github issues/PRs older than 2 weeks at the time of release to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1 milestone to be closed Status: We have 5 open issues (4 of which were opened within the last 2

Re: [openssl-project] EdDSA and "default_md"?

2018-08-08 Thread Matt Caswell
On 08/08/18 21:22, Viktor Dukhovni wrote: > Don't know whether everyone here also reads openssl-users, so to recap, > Robert Moskowitz reports considerable frustration > as a result of "default_md = sha256" being incompatible with Ed25519 > (and Ed448). He's working around this with "-md

Re: [openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-09 Thread Matt Caswell
On 08/08/18 11:28, Matt Caswell wrote: > For the full background to this issue see: > > https://github.com/openssl/openssl/issues/6490 > > TL;DR summary: > > The TLSv1.2 and TLSv1.3 PSK mechanisms are quite different to each > other. OpenSSL (along with at least

[openssl-project] Removal of NULL checks

2018-08-08 Thread Matt Caswell
We've had a policy for a while of not requiring NULL checks in functions. However there is a difference between not adding them for new functions and actively removing them for old ones. See https://github.com/openssl/openssl/pull/6893 In this case the removal of a NULL check in the stack code

[openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-08 Thread Matt Caswell
For the full background to this issue see: https://github.com/openssl/openssl/issues/6490 TL;DR summary: The TLSv1.2 and TLSv1.3 PSK mechanisms are quite different to each other. OpenSSL (along with at least GnuTLS maybe others) has implemented an upgrade path which enables the reuse of a

Re: [openssl-project] Please freeze the repo

2018-08-13 Thread Matt Caswell
On 13/08/18 17:49, Andy Polyakov wrote: > It would be appropriate to merge > https://github.com/openssl/openssl/pull/6916 (1.0.2, commit message > would need adjustment for merged from) and This one appears to be not quite as ready as first thought. >

Re: [openssl-project] Fwd: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'"

2018-08-15 Thread Matt Caswell
On 14/08/18 20:20, Matt Caswell wrote: > Hi > > Back in 2007 Nokia started developing a CMP client based on OpenSSL that > is currently in use in LTE infrastructure components. Siemens joined in > the project some years ago to extend and utilize the code for further > indust

Re: [openssl-project] Inappropriate fallback triggered when "holes" in client protocol list indirectly exclude TLSv1.3

2018-08-15 Thread Matt Caswell
On 15/08/18 16:46, Viktor Dukhovni wrote: > When I configure a client with a legacy TLS 1.2 protocol exclusion, > e.g. by setting SSL_OP_NO_TLSv1_2 (rather than the new min/max > version interface), as a result of the new TLS 1.3 protocol > suport configurations that previously negotiated "up

Re: [openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-15 Thread Matt Caswell
On 10/08/18 09:43, Matt Caswell wrote: > > > On 09/08/18 10:31, Matt Caswell wrote: > >> I think perhaps a vote is the only way forward then. Does this vote text >> seem reasonable? >> >> "We should remove the TLSv1.2 to TLSv1.3 PSK compatibilit

[openssl-project] Fwd: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'"

2018-08-14 Thread Matt Caswell
I went to approve this post, but I don't see it in the pending queue. Not sure why not - so forwarding this anyway. Please see below. Matt Forwarded Message Subject: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'" Date: Tue, 14 Aug

Re: [openssl-project] Releases tomorrow

2018-08-14 Thread Matt Caswell
On 14/08/18 11:05, Kurt Roeckx wrote: > On Tue, Aug 14, 2018 at 01:50:39AM +, Salz, Rich wrote: >>>- If we're going to make any changes for issue 6904 (broken pipe for >> clients that only write/server that only reads), then we should do that >> >> Yeah, I don't like the library

Re: [openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Matt Caswell
On 07/08/18 15:15, Andy Polyakov wrote: >> Forthcoming OpenSSL releases >> > > I have some RSA hardening fixes in pipeline... Do you have PR numbers for them? Matt > ___ > openssl-project mailing list >

[openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Matt Caswell
Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0i and 1.0.2p. These releases will be made available on 14th August 2018 between approximately 1200-1600 UTC. These are bug-fix releases.

[openssl-project] Releases tomorrow

2018-08-13 Thread Matt Caswell
Just a reminder that we are doing the 1.0.2p and 1.1.0i releases tomorrow so I will be freezing the repo later this afternoon. If you still have PRs to merge for the release please get them in asap! Thanks Matt ___ openssl-project mailing list

[openssl-project] Please freeze the repo

2018-08-13 Thread Matt Caswell
Please could someone freeze the repo for me? $ ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Releases tomorrow

2018-08-13 Thread Matt Caswell
On 13/08/18 14:20, Kurt Roeckx wrote: > On Mon, Aug 13, 2018 at 02:00:47PM +0100, Matt Caswell wrote: >> Just a reminder that we are doing the 1.0.2p and 1.1.0i releases >> tomorrow so I will be freezing the repo later this afternoon. If you >> still have PRs to merge for t

Re: [openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-10 Thread Matt Caswell
On 09/08/18 10:31, Matt Caswell wrote: > I think perhaps a vote is the only way forward then. Does this vote text > seem reasonable? > > "We should remove the TLSv1.2 to TLSv1.3 PSK compatibility mechanism as > discussed in issue 6490. If TLSv1.2 PSKs are configured (an

Re: [openssl-project] Please freeze the repo

2018-08-14 Thread Matt Caswell
Release is done and the repo is unfrozen. Thanks again to Richard for all the help. Matt On 13/08/18 17:15, Mark J Cox wrote: > done. > > On Mon, Aug 13, 2018 at 5:11 PM, Matt Caswell wrote: >> Please could someone freeze the repo for me? >> >> $ ssh openssl

[openssl-project] Please freeze the repo

2018-08-20 Thread Matt Caswell
Please could someone freeze the repo for me for tomorrow's release: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Please freeze the repo

2018-08-21 Thread Matt Caswell
The repository is now unfrozen and the release is complete. Thanks to Tim for all the help. Matt On 20/08/18 18:00, Bernd Edlinger wrote: > Hi Matt, > > The repo should be frozen now. > > Bernd. > > On 08/20/18 18:01, Matt Caswell wrote: >> Please could som

[openssl-project] Current 1.1.1 status compared to Release criteria

2018-07-20 Thread Matt Caswell
I've done a review of the 1.1.1 release criteria against the current status. See below. TL;DR summary: Status is generally good. There are some outstanding issues and PRs that need input from various people. Specifically there are actions for: @levitte, @paulidale, @dot-asm, @mspncp, @t-j-h

[openssl-project] Forthcoming holiday

2018-07-18 Thread Matt Caswell
I have some more holiday coming up :-) I'll be away next week: Tuesday 24th July - Friday 27th July. Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Release Criteria Update

2018-09-05 Thread Matt Caswell
nd of reviews. Owner: Paul Yang #7073 Support EdDSA in apps/speed Updates made following earlier review. Awaiting another round of reviews. Owner: Paul Yang Matt On 04/09/18 17:11, Matt Caswell wrote: > Current status of the 1.1.1 PRs/issues: > > There are currently 6 open PRs for 1.1.1. H

[openssl-project] Please freeze the repo

2018-09-09 Thread Matt Caswell
Please can someone freeze the repo: ssh openssl-...@git.openssl.org freeze openssl matt Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Monthly Status Report (August)

2018-09-04 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended a number of conference calls related to FIPS - Attended the week long FIPS summit in Brisbane. A lot was achieved and write ups of the

[openssl-project] Release Criteria Update

2018-09-04 Thread Matt Caswell
Current status of the 1.1.1 PRs/issues: There are currently 6 open PRs for 1.1.1. However in 2 cases there are 2 alternative implementations for the same thing - so really there are only 4 issues being addressed. One of these is in the "ready" state. The remaining 3 are: #7114 Process KeyUpdate

Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Matt Caswell
On 06/09/18 17:32, Kurt Roeckx wrote: > On Tue, Sep 04, 2018 at 05:11:41PM +0100, Matt Caswell wrote: >> Current status of the 1.1.1 PRs/issues: > > Since we did make a lot of changes, including things that > applications can run into, would it make sense to have an other &g

[openssl-project] Release Criteria Update

2018-09-06 Thread Matt Caswell
We currently have 8 1.1.1 PRs that are open. 3 of which are in the "ready" state. There are 2 which are alternative implementations of the same thing - so there are really on 4 issues currently being addressed: #7145 SipHash: add separate setter for the hash size Owner: Richard Awaiting review

[openssl-project] Final check against the release criteria

2018-09-10 Thread Matt Caswell
A final check against the release criteria: - All open github issues/PRs older than 2 weeks at the time of release to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1 milestone to be closed (see below) There are no 1.1.1 flagged issues. There is one 1.1.1 flagged PR which was

Re: [openssl-project] Release Criteria Update

2018-09-08 Thread Matt Caswell
mapping to a C int32). > (no, we don't want to go back to using LONG) So...that PR seems to be labelled for 1.1.0 too? So why is the problem specific to 1.1.1? Matt > > Cheers, > Richard > > In message on Thu, 6 Sep > 2018 23:41:59 +0100, Matt Caswell said: > &

Re: [openssl-project] Release Criteria Update

2018-09-08 Thread Matt Caswell
On 07/09/18 10:09, Richard Levitte wrote: > In message on Fri, 7 Sep > 2018 09:56:01 +0100, Matt Caswell said: > >> >> >> On 07/09/18 01:51, Richard Levitte wrote: >>> I think this one should be part of the lot as well: >>> >>> #7

[openssl-project] Release Criteria Update

2018-09-08 Thread Matt Caswell
We have 2 outstanding 1.1.1 PRs. These are: #7144 ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes Owner: Richard Awaiting updates following review feedback #7145 SipHash: add separate setter for the hash size Owner: Richard Awaiting updates following review feedback

[openssl-project] 1.1.1 is released!

2018-09-11 Thread Matt Caswell
I've just finished the 1.1.1 release process and the repo is now unfrozen. There is now a new OpenSSL_1_1_1-stable branch. 1.1.0 is officially in security fixes only mode so generally we should not be cherry-picking fixes to OpenSSL_1_1_0-stable. Congratulations and thanks to everyone who has

[openssl-project] Monthly Status Report (June)

2018-07-05 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Implemented a feature enabling anti-replay to be switched off - Enabled SSL_OP_NO_TICKET support for TLSv1.3 - Added getters for raw

Re: [openssl-project] Forthcoming holidays

2018-07-06 Thread Matt Caswell
Just a reminder that I am on holiday from Sunday with limited/no access to email. I will be back working from Friday. Matt On 27/06/18 09:56, Matt Caswell wrote: > FYI, I have a few days off coming up which will mean I am less > responsive than normal. I will have very limited/no access to

[openssl-project] Issues review

2018-01-23 Thread Matt Caswell
I completed my first pass review of all issues. I still need to look at PRs. I have put all PRs against a milestone using the following criteria: If it only applies to 1.0.2 or below: 1.0.2 milestone If it only applies to 1.1.0 or below: 1.1.0 milesone If it's API/ABI breaking to fix: 1.2.0

Re: [openssl-project] Issues review

2018-01-23 Thread Matt Caswell
On 23/01/18 20:55, Benjamin Kaduk wrote: > On Tue, Jan 23, 2018 at 06:11:50PM +0000, Matt Caswell wrote: >> >> >> On 23/01/18 18:05, Benjamin Kaduk wrote: >>> On Tue, Jan 23, 2018 at 05:51:41PM +, Matt Caswell wrote: >>>> >>>> >>&g

Re: [openssl-project] OID policy

2018-03-15 Thread Matt Caswell
On 14/03/18 23:40, Paul Dale wrote: >> We should have OID's for the things we implement > > Sounds like a policy :) > Vote time? In the past we've also put in OIDs on request (i.e. not necessarily for something we implement) if someone has given a reasonable argument for its inclusion. Matt

[openssl-project] Monthly Status Report (March)

2018-04-04 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Performed the 1.1.1 beta 1 (pre-3) release - Performed a security release for 1.1.0 and 1.0.2 - Carried out a number of different tasks around the

Re: [openssl-project] Some TLS 1.3 drafts don't have branches

2018-04-12 Thread Matt Caswell
On 12/04/18 02:42, Salz, Rich wrote: > ; g branch -r -v -a | grep -i draft > >   remotes/origin/tls1.3-draft-18 669c623 Update PR#3925 > >   remotes/origin/tls1.3-draft-19     d4d9864 Update PR#3925 > > ; > >   > > I recently had someone need draft-21 and they did > >  

Re: [openssl-project] build broken?

2018-04-06 Thread Matt Caswell
On 05/04/18 20:13, Salz, Rich wrote: > I thought someone else would beat me to it. Like, maybe, the person who > broke things :) > > But the fix is part of 5886 which you approved and I am merging now ... Oops! Sorry :-) The fix needs to go into 1.1.0 too to keep the numbers consistent:

Re: [openssl-project] Fwd: New Defects reported by Coverity Scan for openssl/openssl

2018-04-17 Thread Matt Caswell
> > BTW: isn't beta release 3 (pre5) due today? There was no announcement of > a code freeze yet. > > Am 16.04.2018 um 19:47 schrieb Matt Caswell: >> Can anyone enlighten me as to why I can't find half of these defects in >> the coverity dashboard? None of the reporte

[openssl-project] Constant time by default

2018-04-16 Thread Matt Caswell
I'd like to draw everyone's attention to PR #5969 Given CVE-2018-0737, and the fact that this is far from the first time this has happened I think we should change the default so that we always use the constant time implementation unless specifically flagged otherwise. E.g see these issues:

Re: [openssl-project] Potentially bad news on TLS 1.3 compatibility (sans SNI)

2018-04-19 Thread Matt Caswell
On 19/04/18 18:31, David Benjamin wrote: > I might suggest conditioning it on the compile-time version of OpenSSL > headers. This is a common transition strategy for systems working > through ABI constraints. (In some systems, this is implemented as some > target SDK version.) This is exactly

Re: [openssl-project] OpenSSL 1.1.1 library(OpenSSL 1.1.0 compile) Postfix to Postfix test

2018-04-23 Thread Matt Caswell
On 23/04/18 02:49, Viktor Dukhovni wrote: > > I tested a Postfix server and client built against OpenSSL 1.1.0, > using 1.1.1 run-time libraries. This exercised peer certificate > fingerprint matching and session resumption. No major issues. > > The only interesting observations are: > >

Re: [openssl-project] TLS 1.3 and SNI

2018-04-17 Thread Matt Caswell
On 17/04/18 23:36, Viktor Dukhovni wrote: > > Just wanted to check. The TLS 1.3 draft lists SNI as mandatory to implement, > but is not mandatory to use. Clients should, but do not have to send SNI, > and servers may require SNI, but can just use some default chain instead. > > Does

Re: [openssl-project] Repo frozen

2018-03-27 Thread Matt Caswell
The release is complete and the repo is unfrozen. Thanks to Richard yet again for all your help. Matt On 27/03/18 10:08, Matt Caswell wrote: > In case anyone was wondering the repo is currently frozen. > > Matt > ___ openssl-project

Re: [openssl-project] About PR 5702, etc.

2018-03-27 Thread Matt Caswell
On 27/03/18 14:00, Salz, Rich wrote: > Discussion seems to have stalled out on this.  Please review > https://github.com/openssl/openssl/pull/5702 if necessary. > >   > > Do folks want a general “TLS 1.3 is okay post-freeze” policy? I think that is ok and doesn't stray too far from what we

Re: [openssl-project] About PR 5702, etc.

2018-03-29 Thread Matt Caswell
On 29/03/18 11:06, Matt Caswell wrote: > "Feature changes in 1.1.1 directly related to TLSv1.3 will be allowed > during the beta as long as at least 3 OMC members approve the change" I started a vote with this text, and will report back here when I have th

Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

2018-04-03 Thread Matt Caswell
On 03/04/18 15:55, Salz, Rich wrote: > This is one reason why keeping around old assembly code can have a cost. :( Although in this case the code is <2 years old: commit e33826f01bd78af76e0135c8dfab3387927a82bb Author: Andy Polyakov AuthorDate: Sun May 15 17:01:15 2016

Re: [openssl-project] Is making tests faster a bugfix?

2018-03-29 Thread Matt Caswell
On 29/03/18 14:00, Salz, Rich wrote: > Please see https://github.com/openssl/openssl/pull/5788 > > I don’t think it is, but I’d like to know what others think. I do think this should be applied. The tests in question are not just slow but *really* slow to the point that I often exit them

[openssl-project] Code freeze later today

2018-03-19 Thread Matt Caswell
Just a reminder that beta1 is scheduled for release tomorrow so, in preparation for that, I will be freezing the repo later today. Of course this really means feature freeze as well since this will be your last opportunity to push features before the beta release. So if there is anything still

Re: [openssl-project] GitHub milestone for 1.1.1

2018-03-19 Thread Matt Caswell
ly "option"), like this: > > /DEFINE=(MACRO1, MACRO2="Foo", "Macro3=bar") > > The same goes for include paths, similarly collected in the qualifier /INCLUDE > > > Matt Caswell <m...@openssl.org> skrev: (19 mars 2018 10:12:06 CET) >

Re: [openssl-project] GitHub milestone for 1.1.1

2018-03-19 Thread Matt Caswell
f-12f99b44b...@openssl.org> on Mon, 19 Mar > 2018 11:14:27 +, Matt Caswell <m...@openssl.org> said: > > matt> > matt> > matt> On 19/03/18 10:58, Richard Levitte wrote: > matt> > Andy has indicated that the rather special construction to get > co

Re: [openssl-project] GitHub milestone for 1.1.1

2018-03-19 Thread Matt Caswell
On 19/03/18 08:27, Dr. Matthias St. Pierre wrote: > Hi, > > in view of the upcoming beta release and the release strategy (see > below) it is a little bit disturbing that our GitHub milestone for 1.1.1 > shows only 30% > completion. How are we

Re: [openssl-project] Code Repo

2018-03-20 Thread Matt Caswell
Of course I should have mentioned that although the feature freeze is in place, the code freeze is not, i.e. you can make pushes to the repo now. Matt On 20/03/18 14:17, Matt Caswell wrote: > The beta release is now complete. > > Important: > > We did *not* create the OpenS

[openssl-project] Code Repo

2018-03-20 Thread Matt Caswell
The beta release is now complete. Important: We did *not* create the OpenSSL_1_1_1-stable branch as planned (see https://github.com/openssl/openssl/pull/5690 for the discussion that led to that decision). For now the release was done from the master branch in the same way as we did for the

Re: [openssl-project] Anything else to go in before I call the freeze?

2018-03-19 Thread Matt Caswell
Please can someone freeze the repo for me: $ ssh openssl-...@git.openssl.org freeze openssl matt I will still take #5677 "Fix no-sm3 (and no-sm2)" after the freeze. Also if anyone can come up with a fix for the failing master in Travis that would be good. Matt On 19/03/18 16:48, Ma

  1   2   3   4   >