Re: [openssl-project] Removing assembler for outdated algorithms
"Salz, Rich"skrev: (11 februari 2018 14:07:13 CET) >> Those same systems will probably not have the newest OpenSSL >either, >and OpenSSH on those machines will certainly not be linked with a >newer OpenSSL... > >I apologize for not being clear enough. > >I do not want to remove any of those algorithms. I just want to remove >10,000 lines of assembler version and just have the C code. I want to >do that for safety and maintainability and because they do not justify >the burden -- ON US -- to keep hand-tuned assembler that only one, >maybe two, people understand. I'm worried that the number could go down to zero some day. I do see the benefits with the assembly code and personally find then justifiable enough to try and learn. (side note: I've just started compiling the ia64 code on VMS. It currently bombs for reasons I haven't fathomed yet, but am thinking it's a pointer size thing... It's about the quirkiest assembly I've seen, but I'm hell bent to get through it) Cheers Richard > > >___ >openssl-project mailing list >openssl-project@openssl.org >https://mta.openssl.org/mailman/listinfo/openssl-project -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
> So we should tread with some care. Perhaps the software-only Blowfish is fast enough, but my point is that Blowfish is much less of an obvious outdated cipher than the others... That's a different point. I still don't agree. The difference between hand-tuned assembler and C for Blowfish... enh. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
> On Feb 11, 2018, at 2:20 AM, Richard Levittewrote: > > Those same systems will probably not have the newest OpenSSL either, > and OpenSSH on those machines will certainly not be linked with a > newer OpenSSL... It is not those systems, but other systems that need to communicate with them (various "appliances" that may not see an SSH implementation update in years) that may need ongoing blowfish support. So we should tread with some care. Perhaps the software-only Blowfish is fast enough, but my point is that Blowfish is much less of an obvious outdated cipher than the others... -- -- Viktor. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
> Those same systems will probably not have the newest OpenSSL either, and OpenSSH on those machines will certainly not be linked with a newer OpenSSL... I apologize for not being clear enough. I do not want to remove any of those algorithms. I just want to remove 10,000 lines of assembler version and just have the C code. I want to do that for safety and maintainability and because they do not justify the burden -- ON US -- to keep hand-tuned assembler that only one, maybe two, people understand. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
In message <0ea60701-6e1a-4fe0-86f8-33b37d016...@dukhovni.org> on Sat, 10 Feb 2018 17:10:42 -0500, Viktor Dukhovnisaid: viktor> viktor> viktor> > On Feb 10, 2018, at 4:58 PM, Viktor Dukhovni wrote: viktor> > viktor> > viktor> > Is blowfish actually outdated? I thought it had some significant use, viktor> > and don't recall any major weakness... viktor> viktor> In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for viktor> the underlying cipher... OpenSSH disabled blowfish-cbc (all cbc ciphers, as a matter of fact) two years ago, and removed it (them) entirely last autumn. So one can say that even in the OpenSSH world, blowfish support has decreased. Ref: http://www.openssh.com/releasenotes.html Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
I am not suggesting we remove blowfish or any of those algorithms. I am suggesting we remove the assembler versions of them. On 2/10/18, 5:33 PM, "Viktor Dukhovni"wrote: On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote: > > Is blowfish actually outdated? I thought it had some significant use, > > and don't recall any major weakness... > > In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for > the underlying cipher... > > PGP use to be a heavy user, but now it only decrypts or does key-wrapping for compatibility; it no longer uses blowfish to encrypt data. > > SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 2014. > Schneier recommends not using it, and use its successor(s) instead, which we don't implement. Removed in 2014 is much too recent, there are still LTS systems with older SSH versions, and modern platforms that may want to interoperate. So I'm very reluctant to support removal of blowfish ASM at this time... -- Viktor. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote: > > Is blowfish actually outdated? I thought it had some significant use, > > and don't recall any major weakness... > > In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for > the underlying cipher... > > PGP use to be a heavy user, but now it only decrypts or does key-wrapping for > compatibility; it no longer uses blowfish to encrypt data. > > SSH uses it, but according to > https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa > 2014. > Schneier recommends not using it, and use its successor(s) instead, which we > don't implement. Removed in 2014 is much too recent, there are still LTS systems with older SSH versions, and modern platforms that may want to interoperate. So I'm very reluctant to support removal of blowfish ASM at this time... -- Viktor. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
> Is blowfish actually outdated? I thought it had some significant use, > and don't recall any major weakness... In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for the underlying cipher... PGP use to be a heavy user, but now it only decrypts or does key-wrapping for compatibility; it no longer uses blowfish to encrypt data. SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 2014. Schneier recommends not using it, and use its successor(s) instead, which we don't implement. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
Look at https://github.com/openssl/openssl/pull/5320 to get an example. It’s about safety and maintainability. From: Rich Salz <rs...@akamai.com> Reply-To: "openssl-project@openssl.org" <openssl-project@openssl.org> Date: Saturday, February 10, 2018 at 5:06 PM To: "openssl-project@openssl.org" <openssl-project@openssl.org> Subject: Re: [openssl-project] Removing assembler for outdated algorithms There is a maintenance cost. Maybe it is negligible, but there is a cost. * The build rules are more complicated; we have had errors with .S vs .s files * There are more internal config parameters to understand * There are more ifdefs in the code * There’s only one person who really understands the perlasm stuff I think “significant maintenance cost” is not the question to ask. It’s maintenance and risk versus use. From: "t...@openssl.org" <t...@openssl.org> Reply-To: "openssl-project@openssl.org" <openssl-project@openssl.org> Date: Saturday, February 10, 2018 at 4:29 PM To: "openssl-project@openssl.org" <openssl-project@openssl.org> Subject: Re: [openssl-project] Removing assembler for outdated algorithms Before we look at removing things like this, I think we should look at whether or not they actually have a significant maintenance cost. Tim. On 11 Feb. 2018 7:08 am, "Salz, Rich" <rs...@akamai.com<mailto:rs...@akamai.com>> wrote: This is derived from bureau/libcrypto-proposal that Emilila made in November 2015. We should remove the assembler versions of the following Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5 The reason is that they are outdated, not in use very much, and optimization is not important, compared to having a single reference source that we can maintain and debug. ___ openssl-project mailing list openssl-project@openssl.org<mailto:openssl-project@openssl.org> https://mta.openssl.org/mailman/listinfo/openssl-project<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dproject=DwMFaQ=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=47KNj5EcM4J5bu7SggXsMIQAazYObKX2PjUtZ71Dl3U=fh1Zx5a9eDRlRkP-mVoUh5Wl49tdWCb5J3UpjZNMuR4=> ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
> On Feb 10, 2018, at 4:58 PM, Viktor Dukhovniwrote: > > > Is blowfish actually outdated? I thought it had some significant use, > and don't recall any major weakness... In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for the underlying cipher... -- Viktor. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
There is a maintenance cost. Maybe it is negligible, but there is a cost. * The build rules are more complicated; we have had errors with .S vs .s files * There are more internal config parameters to understand * There are more ifdefs in the code * There’s only one person who really understands the perlasm stuff I think “significant maintenance cost” is not the question to ask. It’s maintenance and risk versus use. From: "t...@openssl.org" <t...@openssl.org> Reply-To: "openssl-project@openssl.org" <openssl-project@openssl.org> Date: Saturday, February 10, 2018 at 4:29 PM To: "openssl-project@openssl.org" <openssl-project@openssl.org> Subject: Re: [openssl-project] Removing assembler for outdated algorithms Before we look at removing things like this, I think we should look at whether or not they actually have a significant maintenance cost. Tim. On 11 Feb. 2018 7:08 am, "Salz, Rich" <rs...@akamai.com<mailto:rs...@akamai.com>> wrote: This is derived from bureau/libcrypto-proposal that Emilila made in November 2015. We should remove the assembler versions of the following Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5 The reason is that they are outdated, not in use very much, and optimization is not important, compared to having a single reference source that we can maintain and debug. ___ openssl-project mailing list openssl-project@openssl.org<mailto:openssl-project@openssl.org> https://mta.openssl.org/mailman/listinfo/openssl-project<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dproject=DwMFaQ=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=47KNj5EcM4J5bu7SggXsMIQAazYObKX2PjUtZ71Dl3U=fh1Zx5a9eDRlRkP-mVoUh5Wl49tdWCb5J3UpjZNMuR4=> ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Removing assembler for outdated algorithms
Before we look at removing things like this, I think we should look at whether or not they actually have a significant maintenance cost. Tim. On 11 Feb. 2018 7:08 am, "Salz, Rich"wrote: This is derived from bureau/libcrypto-proposal that Emilila made in November 2015. We should remove the assembler versions of the following Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5 The reason is that they are outdated, not in use very much, and optimization is not important, compared to having a single reference source that we can maintain and debug. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
[openssl-project] Removing assembler for outdated algorithms
This is derived from bureau/libcrypto-proposal that Emilila made in November 2015. We should remove the assembler versions of the following Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5 The reason is that they are outdated, not in use very much, and optimization is not important, compared to having a single reference source that we can maintain and debug. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project