Monthly Status Report (April 2021)

2021-05-07 Thread Richard Levitte 
Apart from normal business, such as normal reviews, OMC business,
normal system administration tasks, small fixes, etc., key activities
this month:

* Development:
  - Key generation in OpenSSL 3.0-dev is inflexible compared to OpenSSL 1.1.1
(Issue openssl/openssl#14054)
  - [master] 'openssl enc' can't access ciphers that libcrypto doesn't know 
about
(Issue openssl/openssl#14178)
  - [master] 'openssl dgst' can't access digests that libcrypto doesn't know 
about
(Issue openssl/openssl#14179)
  - [not_yet_closed] [master] Allow the 'openssl enc' command to set a key 
length
(Issue openssl/openssl#14180)
  - Resolve PKCS#7/CMS related backend hack
(Issue openssl/openssl#14276)
  - Add OIDs among algorithm names + don't go via NIDs when fetching an 
algorithm from a ASN1_OBJECT
(Issue openssl/openssl#14278)
  - Decoder implementations must be able to signal "please carry on" even if 
they can't decode the input
(Issue openssl/openssl#14423)
  - Add OIDs among algorithm names + don't go via NIDs when fetching an 
algorithm from a ASN1_OBJECT
(PR openssl/openssl#14498)
  - Add a description field to OSSL_ALGORITHM and use that as "long name" for 
provider implemented algos
(Issue openssl/openssl#14514)
  - [not_yet_closed] Should we change the suffix of the resulting file name for 
modules on MacOS X, in 3.0?
(Issue openssl/openssl#14602)
  - Add OSSL_ALGORITHM description field + API to use them
(PR openssl/openssl#14656)
  - [not_yet_closed] Add more error recording in provider code
(Issue openssl/openssl#14745)
  - Github workflows: re-implement a no-shared build
(PR openssl/openssl#14753)
  - Refactor CPUID code, take 2
(PR openssl/openssl#14755)
  - test/recipes/02-test_errstr.t: Do not test negative system error codes
(PR openssl/openssl#14779)
  - ENCODER & DECODER: Allow decoder implementations to specify "carry on"
(PR openssl/openssl#14834)
  - ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
(PR openssl/openssl#14938)
  - Makefile in master removes possible current release tarball
(Issue openssl/openssl#14981)
  - Don't remove $(TARFILE) when cleaning
(PR openssl/openssl#14985)
  - Windows bulding: Make dependency generation not quite as talkative
(PR openssl/openssl#15006)
  - crypto/store/ossl_result.c: Better filtering of errors
(PR openssl/openssl#15008)
  - STORE: Fix the repeated prompting of passphrase
(PR openssl/openssl#15064)
  - STORE: Use the 'expect' param to limit the amount of decoders used
(PR openssl/openssl#15066)
  - [not_yet_closed] Unix: link with libraries by direct file name
(Issue openssl/openssl#15083)
* Web:
  - bin/mk-latest: Make the adapation for the OpenSSL 3.0 version scheme work
(PR openssl/web#232)
  - Makefile: Add FUTURESERIES, for series that have no final release yet
(PR openssl/web#233)
  - Reorder the old source directory list in source/old/
(PR openssl/web#236)
* Internal:
  - release-tools: Separate do-release.pl docs from mkrelease.pl docs
(dir internal/tools) [9d9c86fe443afcb8a13a8ae40b91674a6afefcd3]
* Sysadm:
  - Add new instruction on how to extend GHE storage space
(dir admin/admin) [4d95719e6fef8bc50f20ad7dc0dfad89e0e9eb0d]

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

Monthly Status Report (April 2021)

2021-05-03 Thread Tomas Mraz 
My key activities this month were:

- triage of newly reported issues and responding to questions
- participation on the meetings
- AppVeyor reconfiguration to run only on pushes to master

- reviews of various PRs:
  - I've reviewed about 90 PRs this month
  - Notable PRs reviewed:
- Configure/Makefile: fix some FIPS installation issues #13684
- Add library context and property query support into the PKCS12
APIs #14434
- Add OIDs among algorithm names + don't go via NIDs when fetching
an algorithm from a ASN1_OBJECT #14498
- Fix d2i_PrivateKey() and PEM_X509_INFO_read_bio_ex() etc. loading
private keys #14647
- Add OSSL_ALGORITHM description field + API to use them #14656
- Only enable KTLS if it is explicitly configured #14799
- Alpha 14 release
- Store some FIPS global variables in the FIPS_GLOBAL structure
#14814
- ENCODER & DECODER: Allow decoder implementations to specify
"carry on" #14834
- Fix dh_rfc5114 option in genpkey. #14883
- Alpha 15 release
- STORE: Use the 'expect' param to limit the amount of decoders
used #15066
  

- submitted 30 PRs:
  - In particular:
- Deprecate the EVP_PKEY controls for CMS and PKCS#7 #14760
- Implement provider-side keymgmt_dup function #14793
- Detect low-level engine based keys #14859
- Add type_name member to provided methods and use it #14898
- Prefer fetch over get_digestby... or get_cipherby... where
appropriate #15028
- Implement pem_read_key directly through OSSL_DECODER #15045
- Correct the SM2 handling of DIGEST and DIGEST_SIZE parameters
#15074
- Add -latomic to threads enabled 32bit linux builds #15086
- Make the -inform option to be respected if possible #15100

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
  Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]