Monthly Status Report (July 2019)

Richard Levitte levitte at
Wed Aug 14 14:19:09 UTC 2019

Apart from normal business, such as normal reviews, OMC business,
normal system administration tasks, etc., key activities this month:

* Development

  - Re-implemente error reporting for providers and adapted the FIPS
    (PR openssl/openssl#9174)
  - Adapted provider cipher implementations to give back diverse
    parameters in form of OSSL_PARAM instead of specialized functions.
    (PR openssl/openssl#9328)
  - Corrected some OSSL_PARAM documentation
    (PR openssl/openssl#9408)
  - Enable the use of Dl_info and dladdr() on Cygwin
    (PR openssl/openssl#9402)
  - Added basic EVP_KEYMGMT API and libcrypto <-> provider interface,
    and an export/import mechanism in the EVP sub-system to allow keys
    to be passed between providers, insofar that the providers allow it.
    (PR openssl/openssl#9312)
  - Added documentation to describe providers and the libcrypto <->
    provider interface, provider(7), and provider-base(7) that
    describing the base functions
    (PR openssl/openssl#9409)
  - Added documentation of the KEYMGMT interface, provider-keymgmt(7)
    (PR openssl/openssl#9429)
  - Re-implemented the cipher and digest listings for 'openssl list'
    to be able to display implementations by providers alongside the
    legacy built in one.  This included reworking the functionality to
    walk through all available implemented algorithms, and diverse
    added EVP information functionality.
    (PR openssl/openssl#9356)
  - Documented OSSL_PARAM as a parameter descriptor, and replaced all
    uses of OSSL_ITEM with OSSL_PARAM as parameter descriptor,
    (PR openssl/openssl#9346)
  - [draft] Started work on adapting OSSL_STORE for providers
    (PR openssl/openssl#9389)
  - [not yet merged] Started the same work I did for ciphers (PR
    9328), but for hash implementations
    (PR openssl/openssl#9391)
  - Adapted DH to use with KEYMGMT
    (PR openssl/openssl#9394)
  - Added functions to see if a provider is available for use, and
    modify test/evp_test.c to check if the legacy provider is
    available for the algorithms that are implemented there.
    (PR openssl/openssl#9398)
  - [1.1.1 and 1.1.0] CVE-2019-1552 Fixed mingw installation paths
    (PRs openssl/openssl#9400 and openssl/openssl#9460)
  - [1.0.2 only] CVE-2019-1552 Document issues with default
    installation path
    (PR openssl/openssl#9456)
  - Implemented ERR_raise() and ERR_raise_data() for more flexible
    error reporting, and refactored all the XXXerr() macros to use
    them.  Also refactored the provider error reporting support and
    adapted the FIPS provider to use the new functionality.
    (PR openssl/openssl#9452)
  - [not yet merged] Continued work to move all MAC implementations to
    the providers
    (PR openssl/openssl#8877)

* Web

  - CVE-2019-1552 Added security advisory
    (PR openssl/web#134)

* System administration

  - Added CAA records for our main domains
  - Moved our VMs to larger space by creating a LLVM volume for them
    on an unused partition, moving them there, then added the old
    partition to that volume.

* Internal

  - Better logging of gitolite triggers

Richard Levitte         levitte at
OpenSSL Project

More information about the openssl-project mailing list