Project direction

2020-10-29 Thread Dr Paul Dale
being that supporting existing users means not changing the existing API, whereas catering to new users means working towards a new fresh consistent API. This is all in the context of function naming, argument ordering, cleanup for beta 1. Pauli -- Dr Paul Dale | Distinguished Architect

Hacktoberfest

2020-10-20 Thread Dr Paul Dale
the PR or a topic to the project. Is either something the project is interested in doing? Rather than polluting our already busy tags menu, the topic seems the easier path to me. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: LTS+

2020-10-19 Thread Dr Paul Dale
Unless the change can be argued to be security hardening — an improved entropy source would be IMO. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 20 Oct 2020, at 9:10 am, Dr Paul Dale wr

Re: LTS+

2020-10-19 Thread Dr Paul Dale
Not with the wording used. The feature exists even if it’s rubbish. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 20 Oct 2020, at 5:07 am, Tomas Mraz wrote: > > I wonder if something like adding a ne

Re: OTC VOTE: The PR #11359 (Allow to continue with further checks on UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch

2020-10-09 Thread Dr Paul Dale
+1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Oct 2020, at 10:02 pm, Tomas Mraz wrote: > > topic: The PR #11359 (Allow to continue with further checks on > UNABLE_TO_VERIFY_LEAF_SIGNATURE) i

Re: VOTE: Weekly OTC meetings until 3.0 beta1 is released

2020-10-09 Thread Dr Paul Dale
Nowhere has it been said that the weekly meeting will be 3 hours. The existing 1.5 - 2 hour slot should be enough, although perhaps not for a few more weeks. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 10 Oct 2

Re: VOTE: Weekly OTC meetings until 3.0 beta1 is released

2020-10-09 Thread Dr Paul Dale
+1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Oct 2020, at 10:00 pm, Nicola Tuveri wrote: > > topic: Hold online weekly OTC meetings starting on Tuesday 2020-10-13 > and until 3.0 beta1

Re: VOTE: Technical Items still to be done

2020-10-08 Thread Dr Paul Dale
[to the project list this time] +1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Oct 2020, at 12:47 am, Matt Caswell wrote: > > topic: The following items are required prerequisites for the first beta

Re: VOTE: Accept the Fully Pluggable TLSv1.3 KEM functionality

2020-10-08 Thread Dr Paul Dale
+1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Oct 2020, at 12:27 am, Matt Caswell wrote: > > topic: We should accept the Fully Pluggable TLSv1.3 KEM functionality as > shown in PR #13018 into the

Re: Vote proposal: Private keys can exist independently of public keys

2020-10-07 Thread Dr Paul Dale
Would it be feasible to change code that does ->pub_key to call a function that null checks the field and generates the public key if it is absent? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 7 Oct 2020, a

Would this be interesting to the project?

2020-10-01 Thread Dr Paul Dale
https://github.blog/2020-09-30-code-scanning-is-now-available/ <https://github.blog/2020-09-30-code-scanning-is-now-available/> Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Memory leak in openssl 1.1.1d

2020-09-30 Thread Dr Paul Dale
This isn’t enough information to diagnose the issue. Which of the leak summary records is the problem? Are you sure that your application is cleaning up properly (hint: it isn’t, e.g. OpenSSL never calls operator new() from the second record). Pauli -- Dr Paul Dale | Distinguished Architect

Re: Integration of new algorithms

2020-09-30 Thread Dr Paul Dale
Instead of using an engine, you should write a provider (assuming you’re using the soon to be released OpenSSL 3.0). It doesn’t need a NID. If you are using OpenSSL 1.1.1, try the OBJ_new_nid() function. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7

Re: VOTE: Accept the OTC voting policy as defined:

2020-09-28 Thread Dr Paul Dale
+1 Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 28 Sep 2020, at 10:02 pm, Dr. Matthias St. Pierre > wrote: > > topic: Accept the OTC voting policy as defined: > > The proposer of a

Freeze?

2020-09-23 Thread Dr Paul Dale
requests continuing. It’s the rest that is more concerning. Does anyone else have a similar view? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: New GitHub label for release blockers

2020-09-13 Thread Dr Paul Dale
> BTW: It took me all my force of will to resist the temptation of making a pun > by naming the label [urgent: beta blocker]. Failed you have. Your training is not yet compete :) Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217

Re: Beta1 PR deadline

2020-09-10 Thread Dr Paul Dale
of a stretch as a comparison. The API renaming discussion *must* reach a conclusion before beta. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 10 Sep 2020, at 8:40 pm, Matt Caswell wrote: > > > > On 09/09/2

Re: More GitHub labels

2020-09-10 Thread Dr Paul Dale
: required changes see review/comments” might be workable. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 10 Sep 2020, at 4:03 pm, Dr. Matthias St. Pierre > wrote: > >> Just wondering if we should have

More GitHub labels

2020-09-09 Thread Dr Paul Dale
826#pullrequestreview-485480847>). These would give a clear indication of what additional material is being expected as per CLA required and need rebase. A “hold: code needed" seems less useful :) Thoughts or should we just add them? Pauli -- Dr Paul Dale | Distinguished Architect | Cr

Re: Reordering new API's that have a libctx, propq

2020-09-09 Thread Dr Paul Dale
Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 10 Sep 2020, at 12:08 am, Tomas Mraz wrote: > > On Wed, 2020-09-09 at 22:29 +1000, Dr Paul Dale wrote: >>> On 9 Sep 2020, at 9:38 pm, Tomas Mraz wrote: >>>

Re: Reordering new API's that have a libctx, propq

2020-09-09 Thread Dr Paul Dale
> On 9 Sep 2020, at 9:38 pm, Tomas Mraz wrote: > > We could even provide a convenience thread local stack of lib contexts > so the caller would not have to keep the old value but would just push > the new libctx when entering and pop the old one when leaving. With > that, I think the changes

Re: Beta1 PR deadline

2020-08-26 Thread Dr Paul Dale
It is also worth noting that new features will not be accepted during the beta period. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 27 Aug 2020, at 1:58 am, Matt Caswell wrote: > > Hi all > &

TLS 1.3 illustrated

2020-08-16 Thread Dr Paul Dale
This might be interesting to some: https://tls13.ulfheim.net <https://tls13.ulfheim.net/> Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

RAND_DRBG futures

2020-08-03 Thread Dr Paul Dale
I’ve closed the vote. Five for, none against, the vote passes. RAND_DRBG will be absent in 3.0. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: RAND_DRBG

2020-07-27 Thread Dr Paul Dale
So far a universal voice for removal of the DRBG_RAND APIs. I’ll write up an OMC vote. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 27 Jul 2020, at 6:51 pm, Matt Caswell wrote: > > I'm ok with

RAND_DRBG

2020-07-26 Thread Dr Paul Dale
name and might change — this is not relevant to this discussion. 4. The RAND_DRBG APIs are unlikely to be widely used — they were introduced in 1.1.1. The two users I know of (Akamai and NCP) are both fine with them being removed. Thoughts anyone? Pauli -- Dr Paul Dale | Distinguished

Re: API renaming

2020-07-24 Thread Dr Paul Dale
I think the types should change to match any function name changes. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 24 Jul 2020, at 2:45 am, Short, Todd wrote: > > They also correspond directly to EVP_MAC an

Re: API renaming

2020-07-24 Thread Dr Paul Dale
get longer and would have the same issue. Then there are the inevitable merge conflicts…. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 24 Jul 2020, at 6:15 pm, Dr. Matthias St. Pierre > wrote: > >&

Re: API renaming

2020-07-23 Thread Dr Paul Dale
The exact same points apply to EVP_MAC & EVP_KDF. We have also been telling people “use EVP” for ages. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 24 Jul 2020, at 3:20 pm, Richard Levitte wrote: >

API renaming

2020-07-23 Thread Dr Paul Dale
There has been a suggestion to rename EVP_RAND to OSSL_RAND. This seems reasonable. Would it also make sense to rename the other new APIs similarly. More specifically, EVP_MAC and EVP_KDF to OSSL_MAC and OSSL_KDF respectively? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic

Re: Reducing the security bits for MD5 and SHA1 in TLS

2020-06-17 Thread Dr Paul Dale
I’d agree it’s major for for SHA1 but not for MD5. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 18 Jun 2020, at 12:20 pm, Tim Hudson wrote: > > Given that this change impacts interoperability in a

Re: Backports to 1.1.1 and what is allowed

2020-06-16 Thread Dr Paul Dale
for possible breakage but the bulk of the changes are S390x specific. I support formalising the rules better than we have at the moment. Even if this is in conflict with the above. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle

Seeking assistance

2020-06-03 Thread Dr Paul Dale
and CMS calls removed from the KDF and the various structures constructed piecemeal using calls that already exist within the FIPS provider. If somebody is willing to take this work on, it will likely be included in the FIPS validation for 3.0. If not, it won’t be. Pauli -- Dr Paul Dale

Vote re: #11577

2020-06-03 Thread Dr Paul Dale
topic: Accept and merge #11577. comment: #11577 reduces the maximum length of TLS labels. It also breaks standards compliance. 8 against, none for, no abstentions, 3 not yet voted. The vote failed, the PR will be closed. Pauli -- Dr Paul Dale | Distinguished Architect

Re: OMC Vote on deprecation of command line apps

2020-05-08 Thread Dr Paul Dale
This vote has passed: 3 for, 1 against and 2 abstentions. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 8 May 2020, at 3:08 pm, Dr Paul Dale wrote: > > PR 11575 <https://github.com/openssl/openssl/pul

OMC Vote on deprecation of command line apps

2020-05-07 Thread Dr Paul Dale
erging it will leave them flagged as deprecated. Proposed by: Paul Dale Public: yes opened: 2020-05-08 Ideally we’ll have a decision in time for the next 3.0 alpha release. The crux of the matter is that a number of the command line utilities are flagged as deprecated currently: dhparam dsa dsapa

FIPS_mode() vote results

2020-05-04 Thread Dr Paul Dale
The vote: Remove the calls FIPS_mode() & FIPS_mode_set() in 3.0. Has closed. For: 3 Against: 1 Abstain: 2 The vote passes. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Cherry-pick proposal

2020-04-29 Thread Dr Paul Dale
My concern is are 1.1.1 and 3.0 really all that different? The core is quite different but the cryptographic algorithms aren’t. CMS, x509, …? I’d rather not introduce a burden where it isn’t necessary. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7

Re: An OpenSSL cookbook, where and how?

2020-03-07 Thread Dr Paul Dale
Might the demos be useful for something like this? I know they aren’t in great state and could do with better documentation but they seem to fulfil most of the suggested goals. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Deprecations

2020-03-04 Thread Dr Paul Dale
Matthew, Good idea. I’ll add it. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 5 Mar 2020, at 8:55 am, Matthew Lindner wrote: > > Shouldn't the deprecation notice that's printed also print th

Re: Deprecations

2020-03-04 Thread Dr Paul Dale
to the effect of: "The command dsa is deprecated. Use ‘pkey’ instead." when executed. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 5 Mar 2020, at 5:15 am, Kurt Roeckx wrote: > > On Mon, Mar 02,

Face to face

2020-03-03 Thread Dr Paul Dale
. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Deprecations

2020-03-02 Thread Dr Paul Dale
to be somewhat problematic. There isn’t a 1:1 conversion and some of the legacy options simply aren’t supported. I’m hoping to have a preliminary PR up later this week. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 2

Re: Deprecations

2020-02-28 Thread Dr Paul Dale
Any suggestions for a consensus on this thread? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 24 Feb 2020, at 5:08 pm, Dr Paul Dale wrote: > > Most of the conversions to using PKEY were straightforward. O

Re: Deprecations

2020-02-23 Thread Dr Paul Dale
be workable too. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 24 Feb 2020, at 5:53 am, Viktor Dukhovni > wrote: > >> On Feb 22, 2020, at 4:53 AM, Richard Levitte wrote: >> >> Something th

Re: Deprecations

2020-02-21 Thread Dr Paul Dale
The added complexity was of some concern to me when doing the deprecations. I suspect we’ll also encounter difficulties getting 100% equivalent behaviour via PKEY. There are some pretty arcane options in some of these. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic

Re: Errored: openssl/openssl#31939 (master - 34b1676)

2020-02-14 Thread Dr Paul Dale
An alternative would be to only run a cut down selection of tests with msan. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 14 Feb 2020, at 11:00 pm, Matt Caswell wrote: > > > > On 14/02/2020 12:23

Re: Deprecation

2020-02-14 Thread Dr Paul Dale
uecomment-585603911> And a further one via private email. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 14 Feb 2020, at 7:37 pm, Matt Caswell wrote: > > > > On 14/02/2020 02:30, Dr Paul Dale wrote: >&g

Deprecation

2020-02-13 Thread Dr Paul Dale
and switching to the provider model. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Github PR label automation

2020-02-08 Thread Dr Paul Dale
d to judge the relevancy. Agreed also over the “urgent” label. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Feb 2020, at 1:56 am, Mark J Cox wrote: > > I've currently got a cron job running every hour th

Re: Travis in solid red mode again

2020-02-01 Thread Dr Paul Dale
I thought I was subscribed but don’t seem to see the failures. I do get the (very many) PR activity emails…. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 1 Feb 2020, at 8:35 pm, Dr. Matthias St. Pierre >

Re: crypt(3)

2020-01-20 Thread Dr Paul Dale
Thanks for the feedback everyone. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: crypt(3)

2020-01-18 Thread Dr Paul Dale
I meant “what default makes the most sense for the passwd command line application?” It was crypt which is deprecated. Should it be BSD’s MD5? One of the SHA2 based algorithms? Or should it produce an error if no algorithm is selected? Pauli -- Dr Paul Dale | Distinguished Architect

Re: crypt(3)

2020-01-17 Thread Dr Paul Dale
Could the people who work with distros confirm this default choice or suggest what they use please? Thanks, Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 18 Jan 2020, at 10:05 am, Dr Paul Dale wrote: >

Re: crypt(3)

2020-01-17 Thread Dr Paul Dale
Okay, it looks like the consensus is option 3 — deprecate and forget. As far as I can tell, they are only used (by us) in one place outside of libcrypto, so that will deprecate as well. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle

Re: crypt(3)

2020-01-17 Thread Dr Paul Dale
. Removing these calls will require an OMC vote as a breaking API change. I’m fine to call one if it seems justified. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 17 Jan 2020, at 5:41 pm, Viktor Dukhovni >

crypt(3)

2020-01-16 Thread Dr Paul Dale
the password derivation functions into KDFs if necessary. Thoughts? Other alternatives? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Legacy provider

2020-01-15 Thread Dr Paul Dale
r Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 16 Jan 2020, at 6:07 am, Benjamin Kaduk wrote: > > Hi Pauli, > > On Tue, Jan 14, 2020 at 09:34:40PM +1000, Dr Paul Dale wrote: >> The OMC vote is closed.

Legacy provider

2020-01-14 Thread Dr Paul Dale
The OMC vote is closed. The vote text being: The legacy provider should be disabled by default in 3.0 With the clarification that "disabled" in this context means "not loaded”. The vote passed (two for, one against, four abstain) Pauli -- Dr Paul Dale | Distingu

Re: Legacy Provider

2020-01-08 Thread Dr Paul Dale
Kurt, It’s a policy decision: should we cause pain for users (& Matt) or effectively delay the end for these old/broken algorithms. Technically it is easy. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 J

Legacy Provider

2020-01-06 Thread Dr Paul Dale
is that the low level direct access functions (e.g. IDEA_encrypt) will continue to work (albeit deprecated), only the EVP access will go (again, by default). Before the vote is called, are there any additional thoughts from the past six months? Pauli -- Dr Paul Dale | Distinguished

Re: Flaw in our process for dealing with trivial changes

2019-12-12 Thread Dr Paul Dale
A better example of this problem: #10607. Both Paul and I approved it yesterday and I merged it today without noticing until too late that it was tagged “CLA: trivial” :( I’ve not reverted it at this point but will if necessary. Let’s get the label in. Pauli -- Dr Paul Dale | Distinguished

Re: Flaw in our process for dealing with trivial changes

2019-12-12 Thread Dr Paul Dale
A red blocker along the lines of: “Triviality Unconfirmed”. One of the reviewers needs to remove this before the PR can be merged. It’s in our face, it prevent accidental merges and its low overhead. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031

Re: Flaw in our process for dealing with trivial changes

2019-12-12 Thread Dr Paul Dale
Before we start over engineering a solution, how about we try just having an automatic visual indicator for trivial PRs. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 13 Dec 2019, at 3:24 am, Kurt Roeckx wr

Re: Flaw in our process for dealing with trivial changes

2019-12-12 Thread Dr Paul Dale
tter would be to add it only if the submitter doesn’t have a CLA on file but either works. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 12 Dec 2019, at 7:20 pm, Matt Caswell wrote: > > I noti

Re: Check NULL pointers or not...

2019-11-29 Thread Dr Paul Dale
Oops, you are correct. I was under the mistaken impression that ossl_assert compiled to nothing outside of debug mode. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 29 Nov 2019, at 7:22 pm, Matt Caswell wr

Re: Check NULL pointers or not...

2019-11-29 Thread Dr Paul Dale
from this point of view but it can cause a performance hit — most of the time it wouldn’t matter but when it does it would be a big deal. The middle ground doesn’t entail any performance loss in production code (it does in debug but that shouldn’t be relevant). Pauli -- Dr Paul Dale

Re: Malloc failures check

2019-11-20 Thread Dr Paul Dale
of these. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 21 Nov 2019, at 1:26 pm, Dmitry Belyavsky wrote: > > Hello, > > Observing a series of similar bugs related to a lack of checks of the malloc >

Re: #10388

2019-11-15 Thread Dr Paul Dale
The consensus seems to be to add the deprecated API to 3.0. I’ve removed the hold. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 15 Nov 2019, at 10:40 pm, Matthias St. Pierre > wrote: > > > >

#10388

2019-11-13 Thread Dr Paul Dale
l have to support the new API for a long time and it is one which we are currently trying to move away from. Thoughts or comments anyone? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Commit access to openssl/tools and openssl/web

2019-10-04 Thread Dr Paul Dale
to face, I agree wholeheartedly. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 4 Oct 2019, at 5:39 pm, Matt Caswell wrote: > > > > On 04/10/2019 08:15, Dr. Matthias St. Pierre wrote: >> D

Re: Reorganization of the header files (GitHub #9333)

2019-09-28 Thread Dr Paul Dale
Go for it, the antipodean contingent aren’t busy this weekend. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 28 Sep 2019, at 5:05 pm, Dr. Matthias St. Pierre > wrote: > >> Merge early is pretty

Re: RAND, FIPS and providers

2019-09-24 Thread Dr Paul Dale
Matt, thanks for the clarification. I’ve looked at the DRBG setup code dozens of times and it never clicked. It seems we’re down to making the DRBGs and, perhaps, the seed source available using fetch. That doesn’t seem anything like as difficult. Pauli -- Dr Paul Dale | Distinguished

RAND, FIPS and providers

2019-09-23 Thread Dr Paul Dale
the seed source for FIPS (so long as the DRBGs seed from inside their own provider). Thoughts or input anyone? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Being socially aware

2019-09-17 Thread Dr Paul Dale
I’m not disputing the great effort put into this. My dispute is that it should be under the openssl list command….. I agree, this shouldn’t have been a “good first issue”. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Thread sanitiser problems

2019-07-31 Thread Dr Paul Dale
ordering for grabbing locks which is also bad. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 31 Jul 2019, at 2:10 pm, Viktor Dukhovni > wrote: > >> On Jul 30, 2019, at 10:02 PM, Dr Paul Dale wrot

Re: Thread sanitiser problems

2019-07-30 Thread Dr Paul Dale
uct provider_store_st *store = get_provider_store(ctx); CRYPTO_THREAD_read_lock(store->lock); Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 30 Jul 2019, at 8:52 pm, Matthias St. Pierre > wrote: >

Thread sanitiser problems

2019-07-29 Thread Dr Paul Dale
dependent algorithms as part of the registration process. The particular algorithm could be preloaded somehow. I’m not sure how ugly this will become but it will need names (nids) for each possible DRBG type. Thoughts anyone? Any better solutions? Any other solutions? Pauli -- Dr Paul Dale

Vote on PR

2019-07-07 Thread Dr Paul Dale
The following vote passed 6 to 0. topic: Accept the changes to the OpenSSL policies as per PR#133 (openssl/web). comment: The definition of trivial being clarified and moved to the web page that the missing CLA note references. Pauli -- Dr Paul Dale | Cryptographer | Network Security

Re: Removing function names from errors (PR 9058)

2019-06-13 Thread Dr Paul Dale
*); -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 14 Jun 2019, at 12:04 pm, Viktor Dukhovni > wrote: > > On Wed, Jun 12, 2019 at 05:51:44AM +0200, Richard Levitte wrote: > >> A discussion point in that

Start up entropy gathering

2019-06-13 Thread Dr Paul Dale
random has actually been seeded. I’ve not attempted to code this, persistent files containing seed material potentially introduce other problems. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia

Re: VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

2019-06-07 Thread Dr Paul Dale
small and relatively fast. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 8 Jun 2019, at 5:25 am, Kurt Roeckx wrote: > > On Fri, Jun 07, 2019 at 03:08:24PM -0400, Viktor Dukhovni wrote: >>> On Jun 7,

VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

2019-06-07 Thread Dr Paul Dale
on. This is just saying that 3.0.0 *will* have some mechanism. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia

Re: VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

2019-06-07 Thread Dr Paul Dale
expecting a somewhat lively discussion about a sensitive topic :) Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 7 Jun 2019, at 6:18 pm, Tomas Mraz wrote: > > On Fri, 2019-06-07 at 18:03 +1000, Dr Paul Dale wrot

Re: OSSL_PARAMs

2019-06-04 Thread Dr Paul Dale
The OSSL_PARAM structure needs to be visible and not subject to change. Providers shouldn’t necessarily have a dependency on functions from libcrypto. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 5 Jun 2019, at 1

Re: OSSL_PARAMs

2019-06-04 Thread Dr Paul Dale
-- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 5 Jun 2019, at 12:47 pm, Richard Levitte wrote: > But you're talking about allocating the whole OSSL_PARAM array on the > heap, aren't you? While not structly opposed

Re: OSSL_PARAMs

2019-06-04 Thread Dr Paul Dale
Richard wrote: -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > So while this is an issue for *us*, it isn't necessarily an issue for > our users, all depending on what C language version they use. Supporting things *we* can’t

Re: OSSL_PARAMs

2019-06-04 Thread Dr Paul Dale
? Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 5 Jun 2019, at 10:50 am, Dr Paul Dale wrote: > > I thought the references were to allow const arrays of OSSL_PARAM to be > viable. > > A quick check th

Re: OSSL_PARAMs

2019-06-04 Thread Dr Paul Dale
(the integer and the terminator) and both are stack allocated. I.e. there is currently is no example of the use case for which the indirection is present :( Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 5 Jun 2019, a

OSSL_PARAMs

2019-06-04 Thread Dr Paul Dale
structured manner. Thoughts? Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia

RE: No two reviewers from same company

2019-05-23 Thread Paul Dale
There hasn't been a vote about this, however both Shane and I have committed to not approve each other's PRs. I also asked Richard if this could be mechanically enforced, which I expect will happen eventually. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryp

Update

2019-05-19 Thread Paul Dale
f2f-london/"national standard" or better. Thus, this change should be accepted. For TLS, would it be better if the inclusion requirement were amended to also include "IETF codepoints allocated"? Presumably DTLS and QUIC too. Pauli -- Oracle Dr Paul Dale | Crypt

Re: Any timeframe for the 1.1.1c release?

2019-05-06 Thread Dr Paul Dale
This seems reasonable to me. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 6 May 2019, at 5:40 pm, Richard Levitte wrote: > > Our last update release was by the end of February. With our usual > 3-is

SP 800-90C 10.1.2

2019-04-09 Thread Paul Dale
preserves the strength). The PR is done (#8660 https://github.com/openssl/openssl/pull/8660) but I've closed it since it seems unloved. If anyone here does think that that would beneficial, say something as justification or it is gone. Pauli -- Oracle Dr Paul Dale | Cryptographer

Re: Thoughts on OSSL_ALGORITHM

2019-03-22 Thread Dr Paul Dale
. My thought: add the provider data field. Use that when it can be done directly, use unique functions otherwise. The example with key and iv lengths would be a direct use. Code that dives through a function pointer or a switch statement would be an example of not. Pauli -- Dr Paul Dale

Thoughts about library contexts

2019-02-17 Thread Paul Dale
- would they make better sense being one per context? There would be a space cost, a reduction in the cache efficiency, . but it would add to segregation. Enclaves could also assist. Thoughts anyone? Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryp

[openssl-project] OMC vote regarding completeness of CCLA and ICLA forms

2019-02-04 Thread Paul Dale
this mean for existing CLAs? Nothing. They are still valid. For CLAs going forwards, we'd prefer that all fields are provided but will accept forms with the some or all of the specified fields left blank. We will not accept CLAs with any other field left blank. Pauli -- Oracle Dr Paul

[openssl-project] FYI: NIST's post quantum cryptography progress

2019-02-01 Thread Paul Dale
NIST's post quantum cryptography 1st round report is out: https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8240.pdf Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Austr

Re: [openssl-project] inline functions

2019-01-27 Thread Dr Paul Dale
means we’ve a compatibility issue. The functions are in a public header, they can be used by any application. We need to continue supporting such use. Asking a user to add a DEFINE_ line is API breaking. I would be pro making such a change but we’d need to accept the consequences. Pauli --

Re: [openssl-project] inline functions

2019-01-27 Thread Dr Paul Dale
the DECLARE_LHASH_OF macro to prototype the functions. The .c file uses the DEFINE_LHASH_OF macro to create them. I chose lhash here because it is the simpler of the two, safestack has more options and is a bit more convoluted. I’m willing to make a stab at a PR for this. Pauli -- Dr Paul

  1   2   >