Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <20180210223253.gr3...@mournblade.imrryr.org> on Sat, 10 Feb 2018 22:32:53 +, Viktor Dukhovni said: viktor> On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote: viktor> viktor> > > Is blowfish actually outdated? I thought it had some significant

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <0ea60701-6e1a-4fe0-86f8-33b37d016...@dukhovni.org> on Sat, 10 Feb 2018 17:10:42 -0500, Viktor Dukhovni said: viktor> viktor> viktor> > On Feb 10, 2018, at 4:58 PM, Viktor Dukhovni wrote: viktor> > viktor> > viktor> > Is blowfish

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <3eac8b7f-ea48-465b-b4be-3d5ac62d9...@dukhovni.org> on Sat, 10 Feb 2018 16:58:36 -0500, Viktor Dukhovni said: viktor> viktor> viktor> > On Feb 10, 2018, at 4:08 PM, Salz, Rich wrote: viktor> > viktor> > This is derived from

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
I am not suggesting we remove blowfish or any of those algorithms. I am suggesting we remove the assembler versions of them. On 2/10/18, 5:33 PM, "Viktor Dukhovni" wrote: On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote: > > Is blowfish

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni
On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote: > > Is blowfish actually outdated? I thought it had some significant use, > > and don't recall any major weakness... > > In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for > the underlying cipher...

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
> Is blowfish actually outdated? I thought it had some significant use, > and don't recall any major weakness... In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for the underlying cipher... PGP use to be a heavy user, but now it only decrypts or does

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
Look at https://github.com/openssl/openssl/pull/5320 to get an example. It’s about safety and maintainability. From: Rich Salz Reply-To: "openssl-project@openssl.org" Date: Saturday, February 10, 2018 at 5:06 PM To: "openssl-project@openssl.org"

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni
> On Feb 10, 2018, at 4:58 PM, Viktor Dukhovni wrote: > > > Is blowfish actually outdated? I thought it had some significant use, > and don't recall any major weakness... In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for the underlying cipher... --

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
There is a maintenance cost. Maybe it is negligible, but there is a cost. * The build rules are more complicated; we have had errors with .S vs .s files * There are more internal config parameters to understand * There are more ifdefs in the code * There’s only one person who

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni
> On Feb 10, 2018, at 4:08 PM, Salz, Rich wrote: > > This is derived from bureau/libcrypto-proposal that Emilila made in November > 2015. > > We should remove the assembler versions of the following > Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5 >

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Tim Hudson
Before we look at removing things like this, I think we should look at whether or not they actually have a significant maintenance cost. Tim. On 11 Feb. 2018 7:08 am, "Salz, Rich" wrote: This is derived from bureau/libcrypto-proposal that Emilila made in November 2015. We

Re: [openssl-project] should doc-nits flag long lines?

2018-02-10 Thread Richard Levitte
I would say on the contrary, that long lines in code section should be flagged, because they aren't wrapped in the final output. For the rest, warning on long lines is still nice for the readability of the original file, but to my judgment, that's slightly less important than the code

[openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
This is derived from bureau/libcrypto-proposal that Emilila made in November 2015. We should remove the assembler versions of the following Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5 The reason is that they are outdated, not in use very much, and optimization is not