Re: [openssl-project] Removal of NULL checks

2018-08-08 Thread Paul Dale
I'm firmly in the don't remove them camp too. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Viktor Dukhovni [mailto:openssl-us...@dukhovni.org] Sent: Wednesday, 8 August 2018 11:52 PM To:

Re: [openssl-project] EdDSA and "default_md"?

2018-08-08 Thread Matt Caswell
On 08/08/18 21:22, Viktor Dukhovni wrote: > Don't know whether everyone here also reads openssl-users, so to recap, > Robert Moskowitz reports considerable frustration > as a result of "default_md = sha256" being incompatible with Ed25519 > (and Ed448). He's working around this with "-md

[openssl-project] EdDSA and "default_md"?

2018-08-08 Thread Viktor Dukhovni
Don't know whether everyone here also reads openssl-users, so to recap, Robert Moskowitz reports considerable frustration as a result of "default_md = sha256" being incompatible with Ed25519 (and Ed448). He's working around this with "-md null" sprinkled about liberally, but it is not especially

Re: [openssl-project] Removal of NULL checks

2018-08-08 Thread Kurt Roeckx
On Wed, Aug 08, 2018 at 08:19:24PM +1000, Tim Hudson wrote: > We don't have a formal policy of no NULL checks - we just have a few > members that think we should have such a policy but it has never been voted > on as we had sufficiently varying views for a consensus approach to not be > possible.

Re: [openssl-project] Removal of NULL checks

2018-08-08 Thread Viktor Dukhovni
> On Aug 8, 2018, at 6:19 AM, Tim Hudson wrote: > > However in the context of removing such checks - that we should not be doing > - the behaviour of the APIs in this area should not be changed Should not be changed period. Even across major release boundaries. This is not an ABI

[openssl-project] Reuse of PSKs between TLSv1.2 and TLSv1.3

2018-08-08 Thread Matt Caswell
For the full background to this issue see: https://github.com/openssl/openssl/issues/6490 TL;DR summary: The TLSv1.2 and TLSv1.3 PSK mechanisms are quite different to each other. OpenSSL (along with at least GnuTLS maybe others) has implemented an upgrade path which enables the reuse of a

Re: [openssl-project] Removal of NULL checks

2018-08-08 Thread Tim Hudson
We don't have a formal policy of no NULL checks - we just have a few members that think we should have such a policy but it has never been voted on as we had sufficiently varying views for a consensus approach to not be possible. Personally I'm in favour of high-level APIs having NULL checks as

[openssl-project] Removal of NULL checks

2018-08-08 Thread Matt Caswell
We've had a policy for a while of not requiring NULL checks in functions. However there is a difference between not adding them for new functions and actively removing them for old ones. See https://github.com/openssl/openssl/pull/6893 In this case the removal of a NULL check in the stack code