[openssl-project] Release Criteria Update

Matt Caswell matt at openssl.org
Fri Sep 7 08:56:01 UTC 2018



On 07/09/18 01:51, Richard Levitte wrote:
> I think this one should be part of the lot as well:
> 
> #7144
> ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes
> 
> For example, *all* two-prime RSA keys from pre-1.1.1 become unreadable
> in 1.1.1, because pre-1.1.1 encodes the version indicator (zero) as
> 02 00 (zero length INTEGER, which is invalid) instead of 02 01 00
> (proper zero).  That's simply because the internal version number was
> changed from a LONG (custom ASN.1 type, mapping to a C long) to a INT32
> (new custom ASN.1 type, mapping to a C int32).
> (no, we don't want to go back to using LONG)

So...that PR seems to be labelled for 1.1.0 too? So why is the problem
specific to 1.1.1?

Matt


> 
> Cheers,
> Richard
> 
> In message <b236351c-c0ce-ec1b-c817-0bcfb19d4256 at openssl.org> on Thu, 6 Sep 2018 23:41:59 +0100, Matt Caswell <matt at openssl.org> said:
> 
>> We currently have 8 1.1.1 PRs that are open. 3 of which are in the
>> "ready" state. There are 2 which are alternative implementations of the
>> same thing - so there are really on 4 issues currently being addressed:
>>
>> #7145 SipHash: add separate setter for the hash size
>>
>> Owner: Richard
>> Awaiting review (CIs are failing)
>>
>>
>> #7141 Ensure certificate callbacks work correctly in TLSv1.3
>>
>> Owner: Matt
>> Trivial change. Awaiting review
>>
>>
>> #7139 Remove a reference to SSL_force_post_handshake_auth()
>>
>> Owner: Matt
>> Trivial change. Awaiting review
>>
>>
>> #7114 Process KeyUpdate and NewSessionTicket messages after a close_notify
>> Alternative implementation for #7058
>>
>> Owner: Matt
>> Awaiting review. Anyone?
>>
>>
>> There 5 1.1.1 issues open - 3 of which should be solved by outstanding
>> PRS. The remaining 2 are:
>>
>>
>> #7014 TLSv1.2 SNI hostname works in 1.1.0h, not in 1.1.1 master (as of
>> 18-Aug)
>>
>> We thought we had a fix for this, but the PR in question does not seem
>> to have solved the OPs issue
>>
>>
>> #7133 X509_sign SIGSEGVs with NULL private key
>>
>> Should be an easy fix
>>
>>
>> Matt
>> _______________________________________________
>> openssl-project mailing list
>> openssl-project at openssl.org
>> https://mta.openssl.org/mailman/listinfo/openssl-project
>>
> _______________________________________________
> openssl-project mailing list
> openssl-project at openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
> 


More information about the openssl-project mailing list