OMC VOTE: Accessing sensitive information policy

Topic: Accept the accessing sensitive information policy as of 2894caf7b051387f16f0fbbd8f6c5c9ebd3b79e7 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/25 Public: yes Opened: 2022-11-11 Closed: -MM-DD

OMC VOTE: Travel Policy

Topic: Accept the travel policy as of a38676a4f62ef3131c82fade0e12cff4099e23e9 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/29 Public: yes Opened: 2022-11-11 Closed: -MM-DD

OMC VOTE: contractor invoicing policy

Topic: Accept the contractor invoicing policy as of 6a31c748f65a39be1594bf93bd1209880fac8ee1 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/30 Public: yes Opened: 2022-11-11 Closed: -MM-DD

Re: Forthcoming OpenSSL Bug Fix Release

1.1.1 is not susceptible to the CVE that is being fixed in 3.0: /the forthcoming release of OpenSSL version 1.1.1s that is a *bug fix* release/. (highlight added). Dr Paul Dale On 26/10/22 22:17, Matan Giladi wrote: Does 1.1.1s is going to include any security fix? Can you please

OMC VOTE: stop shipping 1.1.1r and 3.0.6 releases

Topic: Stop distributing 1.1.1r and 3.0.6 while the problems are investigated. comment: An announcement should also be made. Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/32 Public: yes Opened: 2022-10-12 Closed: 2022-10-12 Accepted:  yes  (for: 3, against: 0,

Vote: policy for releasing information

Topic: Accept the policy for releasing information as at c78f885 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/24 Opened: 2022-09-28

OMC vote: travel policy

Topic: Accept the travel policy as at commit f9f4922 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/26 comment: We need something in place quickly so flight planning for the upcoming face to face can be done.  There is an intention to consider

OMC vote: travel policy

Vote called on https://github.com/openssl/general-policies/pull/26 With the upcoming face to face, this needs sorting out quickly and it can be revised later. Pauli

Monthly status: July

Significant activities throughout February included: * Helping our new business administrator (ongoing) o setting things up o explaining processes o providing guidance and suggestions * QUIC o Working on the QUIC TX Packetiser design (ongoing) o Working on the QUIC

Monthly status: June

Significant activities throughout January included: * Fixes for Coverity issues * Various FIPS related tasks * QUIC project o Design and implement an event queue o Design packetisation (ongoing) o Reviewing other designs and PRs o Redrew the overview diagram using dot

Monthly status report: May 2022

Significant activities throughout February included: * Investigation and mitigation of performance problems with MS QUIC. * Banned older TLS/DTLS & SSL protocols as security levels above zero. * Removed unused and untested _fetch_by_number functions. * Design and implementation of a timer

OMC vote: voting policy change to announcement vote

Topic: Accept the vote announcement to voting policy changes as at 395652c Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/19 Public: yes Opened: 2022-05-11 Closed: -MM-DD Accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: W)

corrected vote: minor policy edits

The issue link was incorrect. Topic: Accept the process for minor policy edits as at commit id df47115 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/17 Public: yes Opened: 2022-05-05 Closed: 2022-05-?? Accepted:  yes  (for: 0, against: 0, abstained: 0, not

Vote: accept process for minor policy edits

Topic: Accept the process for minor policy edits as at commit id df47115 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/7 Public: yes Opened: 2022-05-05 Closed: 2022-05-?? Accepted:  yes  (for: 0, against: 0, abstained: 0, not voted: 0)   Kurt   [  ]   Mark   

Monthly status: April

Significant activities throughout January included: * Fixes for Coverity issues (> 15) * Investigation into MS QUIC performance issues (ongoing) * Wrote document describing how to set up and performance test MS QUIC * Investigation into security vulnerably (not yet public) * Working on the

Monthly status: March

Significant activities throughout February included: * Fixing the status web page * Working on the contractor working hours policy * Investigating an undisclosed vulnerability * Classification of performance issues in 3.0 * Did more of the policy glossary and linked policies to it *

OTC vote: backport #17973 to 3.0: reducing block size for sparse array

Topic: backport #17973 to 3.0 Proposed by: pauli Issue link: https://github.com/openssl/technical-policies/issues/38Public: yes Opened: 2022-03-29 Closed: -MM-DD Accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: W)   Dmitry [  ]   Matt   [  ]   Pauli  [+1]   Tim  

lhash statistics functions deprecation

Topic: lhash statistics functions to always report 0 in both master and 3.0.    In addition we should deprecate the functions in master. details: PR https://github.com/openssl/openssl/pull/17931 Proposed by: Pauli Issue link: https://github.com/openssl/technical-policies/issues/35 Public: yes

OTC vote: backport #17857 to 3.0 (EVP_MD performance fix)

Topic: Backport #17857 to 3.0 comment: EVP_MD performance fix (refcount cache contention) Proposed by: pauli Public: yes Opened: 2022-03-15 Closed: 2022-03-15 Accepted:  yes  (for: 6, against: 0, abstained: 3, not voted: 1)   Dmitry [+1]   Matt   [+1]   Pauli  [+0]   Tim    [ 0]  

OMC: vote on adding additional glossary entries passed

Topic: Accept the glossary changes as at commit id 8385661 comment: this requires openssl/technical-policies#27 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/10 Public: yes Opened: 2022-03-04 Closed: 2022-03-09 Accepted:  yes  (for: 4, against: 0, abstained: 0,

OTC: vote on glossary cross referencing policies passed

Topic: Accept the glossary links as at commit id 8385661 comment: this requires openssl/general-policies#10 Proposed by: Pauli Issue link: https://github.com/openssl/technical-policies/pull/27 Public: yes Opened: 2022-03-04 Closed: 2022-03-09 Accepted:  yes  (for: 8, against: 0, abstained: 1, not

OTC vote: Accept the glossary links as at commit id 8385661

Topic: Accept the glossary links as at commit id 8385661 comment: this requires openssl/general-policies#10 Proposed by: Pauli Issue link: https://github.com/openssl/technical-policies/pull/27 Public: yes Opened: 2022-03-04 Closed: -MM-DD Accepted:  yes/no  (for: X, against: Y, abstained: Z,

OMC vote: Accept the glossary changes as at commit id 8385661

Topic: Accept the glossary changes as at commit id 8385661 comment: this requires openssl/technical-policies#27 Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/pull/10 Public: yes Opened: 2022-03-04 Closed: -MM-DD Accepted:  yes/no  (for: X, against: Y, abstained:

Monthly status: February

Significant activities throughout February included: * Fixes for scrypt testing & maximum memory usage * Lots of policy updates and policy creation: o Committer policy o Documentation policy o Versioning policy o Staff unavailability policy (in progress) o Glossary and

Upcoming policy votes

There are two policy votes up coming.  Both are related to the new glossary of terms and cross linking existing items. The PRs in question are: * https://github.com/openssl/general-policies/pull/10 * https://github.com/openssl/technical-policies/pull/27 Rather than spurring people into

committers vote passed

Topic: Accept the committer policy as of Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/issues/8 Public: yes Opened: 2022-02-17 Closed: 2022-02-21 Accepted:  yes  (for: 4, against: 0, abstained: 0, not voted: 2)   Kurt   [+1]   Mark   [  ]   Matt   [+1]  

OMC vote: committer policy

Topic: Accept the committer policy as of 3766d6ba2648e716e973af6e1821687ad46ee57c Proposed by: Pauli Issue link: https://github.com/openssl/general-policies/issues/8 Public: yes Opened: 2022-02-17 Closed: -MM-DD Accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: W)   Kurt  

Vote on version policy

The vote passes. Topic: Accept openssl/general-policies PR#6 - Version policy as of    commit ac8266d. This will become an official OMC policy. Proposed by: pauli Issue link: https://github.com/openssl/general-policies/pull/6 Public: yes Opened: 2022-02-09 Closed: 2022-02-17 Accepted:  yes 

Vote about argument checking closed

Topic: Public functions should check their arguments as of commit 1e37b5f.    This will become an official OTC policy. Proposed by: Pauli Issue link: https://github.com/openssl/technical-policies/pull/21 Public: yes Opened: 2022-02-10 Closed: 2022-02-17 Accepted:  yes  (for: 8, against: 0,

Vote: public function should check their arguments

Topic: Public functions should check their arguments Proposed by: Pauli Issue link: https://github.com/openssl/technical-policies/pull/21 Opened: 2022-02-10

Vote: version policy

Topic: Accept openssl/general-policies PR#6 - Version policy as of commit 2858b2b. This will become an official OMC policy. Proposed by: pauli Issue link: https://github.com/openssl/general-policies/pull/6 Public: yes Opened: 2022-02-09

Vote result: documentation policy

Topic: Accept openssl/technical-policies PR#18 - Documentation policy as of commit 49f3b24. This will become an official OTC policy. Proposed by: Pauli Issue link: https://github.com/openssl/technical-policies/pull/18 Public: yes Opened: 2022-02-03 Closed: 2022-02-08 Accepted:  yes  (for: 7,

Vote results: documentation policy

Topic: Accept openssl/technical-policies PR#18 - Documentation policy as of commit 49f3b24. This will become an official OTC policy. Proposed by: Pauli Issue link: https://github.com/openssl/technical-policies/pull/18 Public: yes Opened: 2022-02-03 Closed: 2022-02-08 Accepted:  yes  (for: 7,

Revert PR #13906 - as per discussion in #17568

Topic: revert change in PR #13906 for 3.0 & master and provide an alternative mechanism for the desired behaviour. Proposed by: Pauli Issue link: https://github.com/openssl/technical-policies/issues/25 Public: yes Opened: 2022-02-08 Closed: 2022-02-08 Accepted:  yes  (for: 7, against: 0,

OTC Vote for the documentation policy has started

The OTC vote for this policy proposal has now started. OTC members please cast your votes here: https://github.com/openssl/technical-policies/pull/18 Pauli

Monthly status: January

Significant activities throughout January included: * Wrote "removing a support customer" work flow * Wrote a documentation policy (ongoing) * Wrote a versioning policy (ongoing) * Wrote policy definitions (ongoing) * Added error reporting to the parameter helper functions * Added

Monthly status: December

Significant activities throughout December included: * Working on improving the performance of the OSSL_PARAM locate calls * Reading QUIC RFCs * Investigating QUIC implementations * Fix for copying a HMAC context * Drafted a policy for coding standards * Performance improvements for

Monthly Status: November

Significant activities throughout November included: * Investigation of date based finish times for GHE * Reviewed and made suggestions for developer job description * Bug fixes in apps * Fixed test RNG and updated its documentation and added a unit test * Implemented a safe integer maths

Re: OTC VOTE: Accept Policy change process proposal

+1 Pauli On 1/11/21 8:23 pm, Tomas Mraz wrote: topic: Accept openssl/technical-policies PR#1 - the policy change process proposal as of commit 3bccdf6. This will become an official OTC policy. comment: This will implement the formal policy change process so we can introduce and amend further

Monthly Status: October

Apart from three weeks of vaction, significant activities throughout October were: * Wrote up developer job desription * Investigated GHE due dates for issues * Fixed the test RNG, updated the documentation and added a unit test * Read through the proposed policy documents * Began an

OMC vote: changing the web site landing page

topic: Replace the first two sentences of the current openssl.org front page    with the new first paragraph of the OpenSSL Project Overview. The    following sentence on the current website becomes a new paragraph. comment: The new text being: `The OpenSSL Project develops and

Re: OTC VOTE: Accept PR#16725

0 Pauli On 19/10/21 8:07 pm, Matt Caswell wrote: topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to the normal review process Proposed by Matt Caswell Public: yes opened: 2021-10-19 closed: 2021-mm-dd accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: T)  

Monthly Status: September

Significant activities throughout August were: * Lots of research into possible futures for the project o Reading RFCs, guides, source code o Discussions and meetings * Infrastructure planning * Various odd tasks relating to the 3.0 branch * Update several post 3.0 pull requests

OTC vote: include Keccak digests in OpenSSL

Accept PR#16594 into master subject to the normal review process This doesn't meet the "is a standard" requirement but it is in use and we have the implementation.  It just isn't exposed.   Dmitry [+1]   Matt   [ 0]   Pauli  [+1]   Tim    [+0]   Richard    [+1]   Shane 

Re: OTC VOTE: Restart merging of non-breaking small features

+1 Pauli On 14/9/21 8:13 pm, Matt Caswell wrote: topic: Allow the restart of merging of non-breaking small features to the master    branch Proposed by Matt Caswell Public: yes opened: 2021-09-14 closed: 2021-09-14 accepted:  yes  (for: 5, against: 1, abstained: 1, not voted: 2)  

OMC vote: PR #16498

topic: Accept PR 16498 in 3.0 subject to our normal review process. Proposed by Pauli. Public: yes opened: 2021-08-03 closed: 2021-08-06 ONE WEEK VOTE   Matt   [+1]   Mark   [ 0]   Pauli  [+1]   Tim    [+1]   Richard    [+1]   Kurt   [  ] Vote passed

Monthly Status: August

Significant activities throughout August were: * Fixing TLS 1.3 KDF for FIPS validation * Fix bugs in dgst command * Investigation of threading issues (several different ones) * Investigation of 3DES wrap cipher in 1.1.1 and master * Fix problems with AES wrap * Add additional CI test

OTC vote: branching 3.0

topic: Create `openssl-3.0' git branch today. comment: This cascades to other names/version information on GitHub. For example, change the release version information in the master branch to 3.1.0-dev Proposed by Pauli. Public: yes opened: 2021-08-31 closed: 2021-08-31 accepted: 

OTC vote: release of 3.0.0

topic: /Release 3.0.0 final on Tuesday the 7th of September 2021 if run-checker and CI builds have been clean for two days./ Proposed by Pauli. Public: yes opened: 2021-08-31 closed: 2021-08-31 accepted:  yes  (for: 8, against: 0, abstained: 0, not voted: 2)   Dmitry [+1]   Matt 

Re: OTC VOTE: Accept PR#16286 into 3.0 subject to the normal review process

The vote has closed and passed. Pauli topic: Accept PR#16286 into 3.0 subject to the normal review process Proposed by Shane Lontis Public: yes opened: 2021-08-17 closed: 2021-08-18 accepted:  yes  (for: 5, against: 1, abstained: 1, not voted: 3)   Dmitry [+1]  

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

+0 Pauli On 10/8/21 8:53 pm, Matt Caswell wrote: topic: Revert the commits merged from PR #16027 in 1.1.1 Comment: Refer to issue #16266 for background Proposed by Tomas Mraz Public: yes opened: 2021-08-10 closed: 2021-mm-dd accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: T)  

Re: OTC VOTE: RSA public exponent validation in 3.0

0 Pauli On 10/8/21 8:54 pm, Matt Caswell wrote: topic: RSA public exponent validation in 3.0 for the default provider should be consistent with 1.1.1 Comment: See issue #16255 for background Proposed by Matt Caswell Public: yes opened: 2021-08-10 closed: 2021-mm-dd accepted:  yes/no  (for: X,

Re: OTC vote on accepting #16203: TLS 1.3 KDF

   [+1]   Pauli  [+1]   Tim    [ 0]   Richard    [  ]   Shane  [ 0]   Tomas  [+1]   Kurt   [-1]   Matthias   [ 0]   Nicola [+0] Pauli On 3/8/21 7:03 pm, Dr Paul Dale wrote: Accept PR 16203 <https://github.com/openssl/openssl/pull/16

Re: OTC vote on accepting #16171: config_diagnostic

   [  ]   Pauli  [+1]   Tim    [+1]   Richard    [  ]   Shane  [+1]   Tomas  [+1]   Kurt   [-1]   Matthias   [ 0]   Nicola [+1] Pauli On 3/8/21 7:02 pm, Dr Paul Dale wrote: Accept PR 16171 <https://github.com/openssl/openssl/pull/16

OTC vote on accepting #16171: config_diagnostic

Accept PR 16171 in 3.0 subject to our normal review process. Pauli

OTC vote on accepting #16203: TLS 1.3 KDF

Accept PR 16203 in 3.0 subject to our normal review process. This one is still undergoing early review. Pauli

Monthly Status: July

Significant activities throughout June were: * Added a -fips command line option to util/wrap.pl * Wrote provider side PBKDF1 documentation that was missed earlier. * Document config_diagnostics option more widely. * Added other documentation that was missed. * Add config_diagnostics option

Re: OTC VOTE: Accept PR 16128

+1 Pauli On 22/7/21 10:51 pm, Matt Caswell wrote: topic: Accept PR 16128 in 3.0 subject to our normal review process Proposed by Matt Caswell Public: yes opened: 2021-07-22 closed: 2021-mm-dd accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: T)   Matt   [+1]   Pauli  [ 

Monthly Status: June

Significant activities throughout June were: * Fix new Coverity issues 26 real, 4 false positives * Address all outstanding (ancient) Coverity issues * Fix threads test ordering problem * Fix address sanitiser problems in apps relating to uninitialised BN pointers * Investigation memory

Repository

The repository is frozen in anticipation of the 3.0 beta release. Pauli

Monthly Status: May

Significant activities throughout April were: * Conversion of most run-checker jobs to GitHub Actions * Ongoing fixes to keep the run-checker builds working * Addition of cross compilation CI builds & fixes to get them passing * Fixes and improvements in the list, mac and kdf apps * Fixing

Monthly status: April

Significant activities throughout April were: * Coverity triage and fixes * AES-CBC speed fix * KMAC buffer overflow fix * Removal of EVP_sha() and friends in favour of EVP_MD_fetch() * SipHash control fix * Document different returns from control functions * Fix double free issue *

Re: OTC VOTE: Reject PR#14759

-0 Pauli On 20/4/21 8:23 pm, Nicola Tuveri wrote: Following up on https://www.mail-archive.com/openssl-project@openssl.org/msg02407.html we had a discussion on this during last week OTC meeting, and opened a vote

Re: OTC VOTE: Set issue 11164 milestone to Post 3.0

+1 On 20/4/21 8:15 pm, Tomas Mraz wrote: topic: Set issue 11164 milestone to Post 3.0 Proposed by Tim Hudson Public: yes opened: 2021-04-20 closed: 2021-04-20 accepted: yes (for: 6, against: 1, abstained: 0, not voted: 4) Matt [+1] Mark [ ] Pauli [ ] Viktor

Re: OTC VOTE: Set PR 13817 milestone to Post 3.0

+0 On 20/4/21 8:17 pm, Tomas Mraz wrote: topic: Set PR 13817 milestone to Post 3.0 Proposed by Tim Hudson Public: yes opened: 2021-04-20 closed: 2021-mm-dd accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) Matt [ 0] Mark [ ] Pauli [ ] Viktor

Re: [OTC VOTE PROPOSAL] Don't merge PR#14759 (blinding=yes and similar properties)

We don't need a vote on the PR. If we make the policy vote, it would be against policy to include it. Pauli On 9/4/21 9:24 pm, Nicola Tuveri wrote: I agree with what Tomàš said, and that is the reason why I convoluted them in a single vote: we need to merge or reject the PR based on a policy,

Monthly Status - March

Significant activities throughout February were: * Add OSSL_PARAM arguments to the initialisation calls for all algorithms. * Figured out algorithm life cycles, produced diagrams and state descriptions. * Wrote up the life cycles for KDF, MAC and RAND (the "new" algorithm types). *

Monthly Status - February

Significant activities throughout February were: * Deprecation of RAND_METHOD and associated fallout * no-cache builds work and multitude of problems that fell out of this * Fixing a DRBG problem reported by the FIPS lab to do with entropy input * Investigation of DRBG incorrect output issue

Re: OTC Vote: Remove the RSA_SSLV23_PADDING and related functions completely

+1 here too. Pauli On 23/2/21 8:21 pm, Tomas Mraz wrote: topic: The RSA_SSLV23_PADDING and related functions should be completely removed from OpenSSL 3.0 code. comment: The padding mode and the related functions (which are already deprecated in the current master branch) is useless outside

OTC vote: change PKCS #12 defaults

topic: Change PKCS#12 creation to use AES-256-CBC and SHA-256 by default. comment: Both app and API, inlcude CHANGES entry. Proposed by Pauli. Public: yes opened: 2020-02-09 closed: 2020-02-09 accepted:  yes  (for: 8, against: 0, abstained: 0, not voted: 3)

OTC vote: The EVP_xxx_CTX types should support an EVP_xxx_CTX_dup call but not an EVP_xxx_CTX_copy call.

topic: The EVP_xxx_CTX types should support an EVP_xxx_CTX_dup call but not an    EVP_xxx_CTX_copy call. comments: Existing EVP_xxx_copy() functions not to be removed in the 3.0   timeframe. Proposed by pauli. Public: yes opened: 2020-02-02 closed: 2020-02-02 accepted:  yes  (for: 8,

OTC Vote: We should not support EVP_xxx_reset() operations.

topic: We should not support EVP_xxx_reset() operations. comment: The existing EVP_xxx_dup() function supports this functionality. Existing EVP_xxx_reset() functions not to be removed in the 3.0 timeframe. Proposed by pauli. Public: yes opened: 2020-02-02 closed: 2020-02-02

OTC Vote: EVP_MAC_init should accept key and key length arguments.

topic: EVP_MAC_init should accept key and key length arguments. Proposed by pauli. Public: yes opened: 2020-02-02 closed: 2020-02-02 accepted:  yes  (for: 4, against: 1, abstained: 4, not voted: 2)

OTC Vote: EVP init functions should accept an OSSL_PARAM array to set parameters.

topic: EVP init functions should accept an OSSL_PARAM array to set parameters. comment: This will mostly avoid calling the equivalent set_param call. Proposed by pauli. Public: yes opened: 2020-02-02 closed: 2020-02-02 accepted:  yes  (for: 8, against: 0, abstained: 1, not voted: 2)

OTC VOTE: functions not conforming to the TYPE_NAME_action_name naming scheme are defects

topic: Where a function does not use the TYPE_NAME_action_name naming scheme,    it is considered to be a defect. comment: These are not considered blockers for 3.0 if the function existed in 1.1.1.  New functions that do not conform must be fixed before release. Proposed by

OTC Vote: Moving forwards we will use TYPE_NAME_action_name for function names.

topic: Moving forwards we will use TYPE_NAME_action_name for function names. comment: Not camel case, underscores separating words.  I.e. EVP_MAC_update not EVP_MACUpdate or EVP_MAC_Update. Proposed by pauli. Public: yes opened: 2020-02-02 closed: 2020-02-02 accepted:  yes  (for: 7,

Change of scenery

Letting people know that I'm starting as an OpenSSL fellow today. I'm looking forward to working as part of the team and I'll be able to fully devote my efforts to the benefit of the project. Dr Paul Dale

Re: Remote unpack error when trying to push

Richard has fixed the space problem. PRs can be merged again. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Dec 2020, at 7:41 pm, Dr Paul Dale wrote: > > I can confirm that there is a disc full no th

Re: Remote unpack error when trying to push

I can confirm that there is a disc full no the machine. I’m not confident I can safely fix it — it was the first time I’ve logged in to it. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Dec 2020, at 7:00 pm, To

#8765

ber the precise details, I’ve a niggle that it might have been NIST’s KATs implicitly relying on the “standard” modulo reduce approach being used for random range generation. Thoughts or suggestions? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: OTC VOTE: Keeping API compatibility with missing public key

+1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 4 Dec 2020, at 10:45 pm, Tomas Mraz wrote: > > Vote background > --- > > The vote on relaxing the conceptual model in regards

Re: OTC VOTE: Fixing missing failure exit status is a bug fix

+1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 30 Nov 2020, at 10:03 pm, Nicola Tuveri wrote: > > Vote background > --- > > This follows up on a [previous proposal] that was

Vote results: remove -crypt option from passwd and C source output options

, Abstain: 2, Didn’t vote: 1 The vote passes. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: [OTC VOTE PROPOSAL] Approve behavior change for `pkey -[pub]check`

An OMC vote deeming that adding error checks like this are or are not considered breaking changes. My view is that detecting an error condition and returning an error code is a bug fix rather than a breaking change. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations

Proposed OMC by law vote

Proposed vote text: Accept the by law changes proposed in #207. Comment: https://github.com/openssl/web/pull/207 <https://github.com/openssl/web/pull/207> Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Proposed OMC vote to remove C source output from apps

Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Proposed OMC vote: drop -crypt option from passwd app

Proposed vote text: Remove the -crypt option from the passwd app. The rationale behind this is that this is a very old, long broken algorithm and that supporting it is difficult using non-deprecated calls. This is a breaking change and requires OMC approval. Pauli -- Dr Paul Dale

Re: Project direction

ate that it > works on VAX/VMS. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 30 Oct 2020, at 9:43 am, Dr Paul Dale wrote: > > At the OTC call on Tuesday Tim raise a point about the future direction of

Project direction

being that supporting existing users means not changing the existing API, whereas catering to new users means working towards a new fresh consistent API. This is all in the context of function naming, argument ordering, cleanup for beta 1. Pauli -- Dr Paul Dale | Distinguished Architect

Hacktoberfest

the PR or a topic to the project. Is either something the project is interested in doing? Rather than polluting our already busy tags menu, the topic seems the easier path to me. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: LTS+

Unless the change can be argued to be security hardening — an improved entropy source would be IMO. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 20 Oct 2020, at 9:10 am, Dr Paul Dale wr

Re: LTS+

Not with the wording used. The feature exists even if it’s rubbish. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 20 Oct 2020, at 5:07 am, Tomas Mraz wrote: > > I wonder if something like adding a ne

Re: VOTE: Weekly OTC meetings until 3.0 beta1 is released

Nowhere has it been said that the weekly meeting will be 3 hours. The existing 1.5 - 2 hour slot should be enough, although perhaps not for a few more weeks. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 10 Oct 2

Re: VOTE: Technical Items still to be done

[to the project list this time] +1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Oct 2020, at 12:47 am, Matt Caswell wrote: > > topic: The following items are required prerequisites for the first beta

Re: VOTE: Accept the Fully Pluggable TLSv1.3 KEM functionality

+1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Oct 2020, at 12:27 am, Matt Caswell wrote: > > topic: We should accept the Fully Pluggable TLSv1.3 KEM functionality as > shown in PR #13018 into the

Re: Vote proposal: Private keys can exist independently of public keys

Would it be feasible to change code that does ->pub_key to call a function that null checks the field and generates the public key if it is absent? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 7 Oct 2020, a

Would this be interesting to the project?

https://github.blog/2020-09-30-code-scanning-is-now-available/ <https://github.blog/2020-09-30-code-scanning-is-now-available/> Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Memory leak in openssl 1.1.1d

This isn’t enough information to diagnose the issue. Which of the leak summary records is the problem? Are you sure that your application is cleaning up properly (hint: it isn’t, e.g. OpenSSL never calls operator new() from the second record). Pauli -- Dr Paul Dale | Distinguished Architect

Re: Integration of new algorithms

Instead of using an engine, you should write a provider (assuming you’re using the soon to be released OpenSSL 3.0). It doesn’t need a NID. If you are using OpenSSL 1.1.1, try the OBJ_new_nid() function. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7

Re: VOTE: Accept the OTC voting policy as defined:

+1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 28 Sep 2020, at 10:02 pm, Dr. Matthias St. Pierre > wrote: > > topic: Accept the OTC voting policy as defined: > > The proposer of a

  1   2   >