[openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

Steve explained how this should be done. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4343 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Friday 26 February 2016 17:37:11 Viktor Dukhovni wrote: > On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote: > > As just about the only team member who trolls through RT and closes > > things with any quantity, I am not sure that I agree that fixing a > > bug requires documentation if

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Sun, Feb 28, 2016 at 12:17:41PM -0500, Jeffrey Walton wrote: > On Sun, Feb 28, 2016 at 12:18 AM, Viktor Dukhovni > wrote: > > > >> On Feb 27, 2016, at 7:42 PM, Jeffrey Walton wrote: > >> > >> Please ensure this is documented somewhere. I'm

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

FWIW, I agree with Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

> On Feb 28, 2016, at 12:17 PM, Jeffrey Walton wrote: > > Thanks Viktor. > > Here's the practical problem I am trying to solve. Its a policy and > procedure problem. > > Suppose an organization has a rule that says, "no private APIs shall > be used". How do I tell an

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Sun, Feb 28, 2016 at 12:18 AM, Viktor Dukhovni wrote: > >> On Feb 27, 2016, at 7:42 PM, Jeffrey Walton wrote: >> >> Please ensure this is documented somewhere. I'm having trouble finding >> information on the new rules. >> >> There's 15 or 20

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri 2016-02-26 18:04:43 +0100, Viktor Dukhovni wrote: > I'd like to propose a policy of no bug fixes to undocumented public > interfaces. If the interface is useful enough to fix, it has to be > documented. fwiw, i agree with Viktor on this proposal. Clear, sane

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

> On Feb 27, 2016, at 7:42 PM, Jeffrey Walton wrote: > > Please ensure this is documented somewhere. I'm having trouble finding > information on the new rules. > > There's 15 or 20 years of using capitol and lower case identifiers to > denote public and private APIs with

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

>> Correct me if I am wrong... API's that start with capitol letters are >> public. Private interfaces use lowercase letters. >> Documented/undocumented does not really factor things. > > You're wrong. Once OpenSSL's past sins are remediated, public > interfaces are precisely those that are

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

>>> Nonsense. Source code is not API documentation, it is an >> > implementation, not an interface contract. >> >> I'm not sure I'd consider it nonsense. > >Comments in source code are not documentation, they explain the >internals of the implementation, not the contract. Actually they can (and

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 05:34:14PM +, Viktor Dukhovni wrote: > On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote: > > > As just about the only team member who trolls through RT and closes things > > with any quantity, I am not sure that I agree that fixing a bug requires > >

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 12:50:24PM -0500, Jeffrey Walton wrote: > > Nonsense. Source code is not API documentation, it is an > > implementation, not an interface contract. > > I'm not sure I'd consider it nonsense. Comments in source code are not documentation, they explain the internals of

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 12:42 PM, Viktor Dukhovni wrote: > On Fri, Feb 26, 2016 at 12:37:22PM -0500, Jeffrey Walton wrote: > >> It seems like (to me) the the most direct way to mark a function as >> private is to add a comment in the source code stating such. > >

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 12:37:22PM -0500, Jeffrey Walton wrote: > It seems like (to me) the the most direct way to mark a function as > private is to add a comment in the source code stating such. Nonsense. Source code is not API documentation, it is an implementation, not an interface

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 12:29 PM, Salz, Rich wrote: > As just about the only team member who trolls through RT and closes things > with any quantity, I am not sure that I agree that fixing a bug requires > documentation if the API isn't already documented. +1. Concepts seem

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote: > As just about the only team member who trolls through RT and closes things > with any quantity, I am not sure that I agree that fixing a bug requires > documentation if the API isn't already documented. We should also get the word out

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote: > As just about the only team member who trolls through RT and closes things > with any quantity, I am not sure that I agree that fixing a bug requires > documentation if the API isn't already documented. Focus on fixing bugs in

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

As just about the only team member who trolls through RT and closes things with any quantity, I am not sure that I agree that fixing a bug requires documentation if the API isn't already documented. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 05:10:42PM +, Salz, Rich wrote: > > I'd like to propose a policy of no bug fixes to undocumented public > > interfaces. > > That seems extreme, given how much of the API is undocumented and how much > external stuff depends on private things. Not at all. You're well

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

>> > I'd like to propose a policy of no bug fixes to undocumented public >> > interfaces. If the interface is useful enough to fix, it has to be >> > documented. Anyone care to produce manpages for EC_KEY_priv2buf or >> > EC_KEY_priv2oct? >> > >> Correct me if I am wrong... API's that start with

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 12:10:09PM -0500, Jeffrey Walton wrote: > > I'd like to propose a policy of no bug fixes to undocumented public > > interfaces. If the interface is useful enough to fix, it has to be > > documented. Anyone care to produce manpages for EC_KEY_priv2buf or > >

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

> I'd like to propose a policy of no bug fixes to undocumented public > interfaces. That seems extreme, given how much of the API is undocumented and how much external stuff depends on private things. I understand the goal. I just want to make sure you've thought about the proposal. (And

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

>> > I have PR https://github.com/openssl/openssl/pull/739 with the below >> > changes, please have a look. >> > >> > - In EC_KEY_priv2buf(), check for pbuf sanity. >> > - If invoked with NULL, gracefully returns the key length. > ... > I'd like to propose a policy of no bug fixes to undocumented

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Fri, Feb 26, 2016 at 04:50:27PM +, Stephen Henson via RT wrote: > > I have PR https://github.com/openssl/openssl/pull/739 with the below > > changes, please have a look. > > > > - In EC_KEY_priv2buf(), check for pbuf sanity. > > - If invoked with NULL, gracefully returns the key length. >

[openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Wed Feb 24 12:07:05 2016, mo...@computer.org wrote: > Hi, > > I have PR https://github.com/openssl/openssl/pull/739 with the below > changes, please have a look. > > - In EC_KEY_priv2buf(), check for pbuf sanity. > - If invoked with NULL, gracefully returns the key length. > If you're doing

[openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

commit acae59b pushed, thanks! -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4343 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

Hi, I have PR https://github.com/openssl/openssl/pull/739 with the below changes, please have a look. - In EC_KEY_priv2buf(), check for pbuf sanity. - If invoked with NULL, gracefully returns the key length. Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4343