[openssl-project] Release Criteria Update

Richard Levitte levitte at openssl.org
Fri Sep 7 00:51:52 UTC 2018 

I think this one should be part of the lot as well:

#7144
ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes

For example, *all* two-prime RSA keys from pre-1.1.1 become unreadable
in 1.1.1, because pre-1.1.1 encodes the version indicator (zero) as
02 00 (zero length INTEGER, which is invalid) instead of 02 01 00
(proper zero).  That's simply because the internal version number was
changed from a LONG (custom ASN.1 type, mapping to a C long) to a INT32
(new custom ASN.1 type, mapping to a C int32).
(no, we don't want to go back to using LONG)

Cheers,
Richard

In message <b236351c-c0ce-ec1b-c817-0bcfb19d4256 at openssl.org> on Thu, 6 Sep 2018 23:41:59 +0100, Matt Caswell <matt at openssl.org> said:

> We currently have 8 1.1.1 PRs that are open. 3 of which are in the
> "ready" state. There are 2 which are alternative implementations of the
> same thing - so there are really on 4 issues currently being addressed:
> 
> #7145 SipHash: add separate setter for the hash size
> 
> Owner: Richard
> Awaiting review (CIs are failing)
> 
> 
> #7141 Ensure certificate callbacks work correctly in TLSv1.3
> 
> Owner: Matt
> Trivial change. Awaiting review
> 
> 
> #7139 Remove a reference to SSL_force_post_handshake_auth()
> 
> Owner: Matt
> Trivial change. Awaiting review
> 
> 
> #7114 Process KeyUpdate and NewSessionTicket messages after a close_notify
> Alternative implementation for #7058
> 
> Owner: Matt
> Awaiting review. Anyone?
> 
> 
> There 5 1.1.1 issues open - 3 of which should be solved by outstanding
> PRS. The remaining 2 are:
> 
> 
> #7014 TLSv1.2 SNI hostname works in 1.1.0h, not in 1.1.1 master (as of
> 18-Aug)
> 
> We thought we had a fix for this, but the PR in question does not seem
> to have solved the OPs issue
> 
> 
> #7133 X509_sign SIGSEGVs with NULL private key
> 
> Should be an easy fix
> 
> 
> Matt
> _______________________________________________
> openssl-project mailing list
> openssl-project at openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
>

More information about the openssl-project mailing list