I'm firmly in the don't remove them camp too.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-Original Message-
From: Viktor Dukhovni [mailto:openssl-us...@dukhovni.org]
Sent: Wednesday, 8 August 2018 11:52 PM
To:
On 08/08/18 21:22, Viktor Dukhovni wrote:
> Don't know whether everyone here also reads openssl-users, so to recap,
> Robert Moskowitz reports considerable frustration
> as a result of "default_md = sha256" being incompatible with Ed25519
> (and Ed448). He's working around this with "-md
Don't know whether everyone here also reads openssl-users, so to recap,
Robert Moskowitz reports considerable frustration
as a result of "default_md = sha256" being incompatible with Ed25519
(and Ed448). He's working around this with "-md null" sprinkled about
liberally, but it is not especially
On Wed, Aug 08, 2018 at 08:19:24PM +1000, Tim Hudson wrote:
> We don't have a formal policy of no NULL checks - we just have a few
> members that think we should have such a policy but it has never been voted
> on as we had sufficiently varying views for a consensus approach to not be
> possible.
> On Aug 8, 2018, at 6:19 AM, Tim Hudson wrote:
>
> However in the context of removing such checks - that we should not be doing
> - the behaviour of the APIs in this area should not be changed
Should not be changed period. Even across major release boundaries.
This is not an ABI
For the full background to this issue see:
https://github.com/openssl/openssl/issues/6490
TL;DR summary:
The TLSv1.2 and TLSv1.3 PSK mechanisms are quite different to each
other. OpenSSL (along with at least GnuTLS maybe others) has implemented
an upgrade path which enables the reuse of a
We've had a policy for a while of not requiring NULL checks in
functions. However there is a difference between not adding them for new
functions and actively removing them for old ones.
See https://github.com/openssl/openssl/pull/6893
In this case the removal of a NULL check in the stack code