Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <20180210223253.gr3...@mournblade.imrryr.org> on Sat, 10 Feb 2018 
22:32:53 +, Viktor Dukhovni  said:

viktor> On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote:
viktor> 
viktor> > > Is blowfish actually outdated?  I thought it had some 
significant use,
viktor> > > and don't recall any major weakness...
viktor> > 
viktor> > In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL 
for
viktor> > the underlying cipher...
viktor> > 
viktor> > PGP use to be a heavy user, but now it only decrypts or does 
key-wrapping for compatibility; it no longer uses blowfish to encrypt data.
viktor> > 
viktor> > SSH uses it, but according to 
https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 
2014.
viktor> > Schneier recommends not using it, and use its successor(s) instead, 
which we don't implement.
viktor> 
viktor> Removed in 2014 is much too recent, there are still LTS systems
viktor> with older SSH versions, and modern platforms that may want to
viktor> interoperate.  So I'm very reluctant to support removal of blowfish
viktor> ASM at this time...

Those same systems will probably not have the newest OpenSSL either,
and OpenSSH on those machines will certainly not be linked with a
newer OpenSSL...

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <0ea60701-6e1a-4fe0-86f8-33b37d016...@dukhovni.org> on Sat, 10 Feb 
2018 17:10:42 -0500, Viktor Dukhovni  said:

viktor> 
viktor> 
viktor> > On Feb 10, 2018, at 4:58 PM, Viktor Dukhovni  
wrote:
viktor> > 
viktor> > 
viktor> > Is blowfish actually outdated?  I thought it had some significant use,
viktor> > and don't recall any major weakness...
viktor> 
viktor> In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
viktor> the underlying cipher...

OpenSSH disabled blowfish-cbc (all cbc ciphers, as a matter of fact)
two years ago, and removed it (them) entirely last autumn.  So one can
say that even in the OpenSSH world, blowfish support has decreased.
Ref: http://www.openssh.com/releasenotes.html

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <3eac8b7f-ea48-465b-b4be-3d5ac62d9...@dukhovni.org> on Sat, 10 Feb 
2018 16:58:36 -0500, Viktor Dukhovni  said:

viktor> 
viktor> 
viktor> > On Feb 10, 2018, at 4:08 PM, Salz, Rich  wrote:
viktor> > 
viktor> > This is derived from bureau/libcrypto-proposal that Emilila made in 
November 2015.
viktor> >  
viktor> > We should remove the assembler versions of the following
viktor> > Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5
viktor> >  
viktor> > The reason is that they are outdated, not in use very much, and 
optimization is not important, compared to having a single reference source 
that we can maintain and debug.
viktor> 
viktor> Is blowfish actually outdated?  I thought it had some significant use,
viktor> and don't recall any major weakness...

For what it's worth, https://en.wikipedia.org/wiki/Blowfish_(cipher)
mentions some weaknesses, and also that the author recommends moving
away from Blowfish (use Twofish instead, but we haven't implemented
that)

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
I am not suggesting we remove blowfish or any of those algorithms.  I am 
suggesting we remove the assembler versions of them.

On 2/10/18, 5:33 PM, "Viktor Dukhovni"  wrote:

On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote:

> > Is blowfish actually outdated?  I thought it had some significant 
use,
> > and don't recall any major weakness...
> 
> In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
> the underlying cipher...
> 
> PGP use to be a heavy user, but now it only decrypts or does key-wrapping 
for compatibility; it no longer uses blowfish to encrypt data.
> 
> SSH uses it, but according to 
https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 
2014.
> Schneier recommends not using it, and use its successor(s) instead, which 
we don't implement.

Removed in 2014 is much too recent, there are still LTS systems
with older SSH versions, and modern platforms that may want to
interoperate.  So I'm very reluctant to support removal of blowfish
ASM at this time...

-- 
Viktor.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni
On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote:

> > Is blowfish actually outdated?  I thought it had some significant use,
> > and don't recall any major weakness...
> 
> In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
> the underlying cipher...
> 
> PGP use to be a heavy user, but now it only decrypts or does key-wrapping for 
> compatibility; it no longer uses blowfish to encrypt data.
> 
> SSH uses it, but according to 
> https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 
> 2014.
> Schneier recommends not using it, and use its successor(s) instead, which we 
> don't implement.

Removed in 2014 is much too recent, there are still LTS systems
with older SSH versions, and modern platforms that may want to
interoperate.  So I'm very reluctant to support removal of blowfish
ASM at this time...

-- 
Viktor.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
> Is blowfish actually outdated?  I thought it had some significant use,
> and don't recall any major weakness...

In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
the underlying cipher...

PGP use to be a heavy user, but now it only decrypts or does key-wrapping for 
compatibility; it no longer uses blowfish to encrypt data.

SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613 
it has been removed, circa 2014.
Schneier recommends not using it, and use its successor(s) instead, which we 
don't implement.


___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
Look at https://github.com/openssl/openssl/pull/5320 to get an example.  It’s 
about safety and maintainability.

From: Rich Salz 
Reply-To: "openssl-project@openssl.org" 
Date: Saturday, February 10, 2018 at 5:06 PM
To: "openssl-project@openssl.org" 
Subject: Re: [openssl-project] Removing assembler for outdated algorithms

There is a maintenance cost.  Maybe it is negligible, but there is a cost.

  *   The build rules are more complicated; we have had errors with .S vs .s 
files
  *   There are more internal config parameters to understand
  *   There are more ifdefs in the code
  *   There’s only one person who really understands the perlasm stuff

I think “significant maintenance cost” is not the question to ask.  It’s 
maintenance and risk versus use.

From: "t...@openssl.org" 
Reply-To: "openssl-project@openssl.org" 
Date: Saturday, February 10, 2018 at 4:29 PM
To: "openssl-project@openssl.org" 
Subject: Re: [openssl-project] Removing assembler for outdated algorithms

Before we look at removing things like this, I think we should look at whether 
or not they actually have a significant maintenance cost.

Tim.


On 11 Feb. 2018 7:08 am, "Salz, Rich" 
> wrote:
This is derived from bureau/libcrypto-proposal that Emilila made in November 
2015.

We should remove the assembler versions of the following
Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5

The reason is that they are outdated, not in use very much, and optimization is 
not important, compared to having a single reference source that we can 
maintain and debug.


___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni


> On Feb 10, 2018, at 4:58 PM, Viktor Dukhovni  wrote:
> 
> 
> Is blowfish actually outdated?  I thought it had some significant use,
> and don't recall any major weakness...

In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
the underlying cipher...

-- 
Viktor.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
There is a maintenance cost.  Maybe it is negligible, but there is a cost.

  *   The build rules are more complicated; we have had errors with .S vs .s 
files
  *   There are more internal config parameters to understand
  *   There are more ifdefs in the code
  *   There’s only one person who really understands the perlasm stuff

I think “significant maintenance cost” is not the question to ask.  It’s 
maintenance and risk versus use.

From: "t...@openssl.org" 
Reply-To: "openssl-project@openssl.org" 
Date: Saturday, February 10, 2018 at 4:29 PM
To: "openssl-project@openssl.org" 
Subject: Re: [openssl-project] Removing assembler for outdated algorithms

Before we look at removing things like this, I think we should look at whether 
or not they actually have a significant maintenance cost.

Tim.


On 11 Feb. 2018 7:08 am, "Salz, Rich" 
> wrote:
This is derived from bureau/libcrypto-proposal that Emilila made in November 
2015.

We should remove the assembler versions of the following
Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5

The reason is that they are outdated, not in use very much, and optimization is 
not important, compared to having a single reference source that we can 
maintain and debug.


___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni


> On Feb 10, 2018, at 4:08 PM, Salz, Rich  wrote:
> 
> This is derived from bureau/libcrypto-proposal that Emilila made in November 
> 2015.
>  
> We should remove the assembler versions of the following
> Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5
>  
> The reason is that they are outdated, not in use very much, and optimization 
> is not important, compared to having a single reference source that we can 
> maintain and debug.

Is blowfish actually outdated?  I thought it had some significant use,
and don't recall any major weakness...

-- 
Viktor.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Tim Hudson
Before we look at removing things like this, I think we should look at
whether or not they actually have a significant maintenance cost.

Tim.


On 11 Feb. 2018 7:08 am, "Salz, Rich"  wrote:

This is derived from bureau/libcrypto-proposal that Emilila made in
November 2015.



We should remove the assembler versions of the following

Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5



The reason is that they are outdated, not in use very much, and
optimization is not important, compared to having a single reference source
that we can maintain and debug.



___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] should doc-nits flag long lines?

2018-02-10 Thread Richard Levitte
I would say on the contrary, that long lines in code section should be flagged, 
because they aren't wrapped in the final output.

For the rest, warning on long lines is still nice for the readability of the 
original file, but to my judgment, that's slightly less important than the code 
sections.

Cheers
Richard


"Salz, Rich"  skrev: (19 januari 2018 16:21:07 CET)
>Maybe not within code displays?

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


[openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
This is derived from bureau/libcrypto-proposal that Emilila made in November 
2015.

We should remove the assembler versions of the following
Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5

The reason is that they are outdated, not in use very much, and optimization is 
not important, compared to having a single reference source that we can 
maintain and debug.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project