Monthly Status Report (July 2019)
levitte at openssl.org
Wed Aug 14 14:19:09 UTC 2019
Apart from normal business, such as normal reviews, OMC business,
normal system administration tasks, etc., key activities this month:
- Re-implemente error reporting for providers and adapted the FIPS
- Adapted provider cipher implementations to give back diverse
parameters in form of OSSL_PARAM instead of specialized functions.
- Corrected some OSSL_PARAM documentation
- Enable the use of Dl_info and dladdr() on Cygwin
- Added basic EVP_KEYMGMT API and libcrypto <-> provider interface,
and an export/import mechanism in the EVP sub-system to allow keys
to be passed between providers, insofar that the providers allow it.
- Added documentation to describe providers and the libcrypto <->
provider interface, provider(7), and provider-base(7) that
describing the base functions
- Added documentation of the KEYMGMT interface, provider-keymgmt(7)
- Re-implemented the cipher and digest listings for 'openssl list'
to be able to display implementations by providers alongside the
legacy built in one. This included reworking the functionality to
walk through all available implemented algorithms, and diverse
added EVP information functionality.
- Documented OSSL_PARAM as a parameter descriptor, and replaced all
uses of OSSL_ITEM with OSSL_PARAM as parameter descriptor,
- [draft] Started work on adapting OSSL_STORE for providers
- [not yet merged] Started the same work I did for ciphers (PR
9328), but for hash implementations
- Adapted DH to use with KEYMGMT
- Added functions to see if a provider is available for use, and
modify test/evp_test.c to check if the legacy provider is
available for the algorithms that are implemented there.
- [1.1.1 and 1.1.0] CVE-2019-1552 Fixed mingw installation paths
(PRs openssl/openssl#9400 and openssl/openssl#9460)
- [1.0.2 only] CVE-2019-1552 Document issues with default
- Implemented ERR_raise() and ERR_raise_data() for more flexible
error reporting, and refactored all the XXXerr() macros to use
them. Also refactored the provider error reporting support and
adapted the FIPS provider to use the new functionality.
- [not yet merged] Continued work to move all MAC implementations to
- CVE-2019-1552 Added security advisory
* System administration
- Added CAA records for our main domains
- Moved our VMs to larger space by creating a LLVM volume for them
on an unused partition, moving them there, then added the old
partition to that volume.
- Better logging of gitolite triggers
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-project