Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-11 Thread Salz, Rich
>I'm worried that the number could go down to zero some day. I do see the 
> benefits with the assembly code and personally find then justifiable enough 
> to try and learn. 
  
I am not at all worried about that.  The best current algorithms will always 
benefit from assembler.  It's just that this is  moving window.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-11 Thread Richard Levitte


"Salz, Rich"  skrev: (11 februari 2018 14:07:13 CET)
>> Those same systems will probably not have the newest OpenSSL
>either,
>and OpenSSH on those machines will certainly not be linked with a
>newer OpenSSL...
>   
>I apologize for not being clear enough.
>
>I do not want to remove any of those algorithms.  I just want to remove
>10,000 lines of assembler version and just have the C code.  I want to
>do that for safety and maintainability and because they do not justify
>the burden -- ON US -- to keep hand-tuned assembler that only one,
>maybe two, people understand.

I'm worried that the number could go down to zero some day. I do see the 
benefits with the assembly code and personally find then justifiable enough to 
try and learn. 

(side note: I've just started compiling the ia64 code on VMS. It currently 
bombs for reasons I haven't fathomed yet, but am thinking it's a pointer size 
thing... It's about the quirkiest assembly I've seen, but I'm hell bent to get 
through it) 

Cheers 
Richard 
>
>
>___
>openssl-project mailing list
>openssl-project@openssl.org
>https://mta.openssl.org/mailman/listinfo/openssl-project

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-11 Thread Salz, Rich
> So we should tread with some care.  Perhaps the software-only Blowfish
is fast enough, but my point is that Blowfish is much less of an obvious
outdated cipher than the others...
   
That's a different point.  I still don't agree.  The difference between 
hand-tuned assembler and C for Blowfish... enh.



___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-11 Thread Viktor Dukhovni


> On Feb 11, 2018, at 2:20 AM, Richard Levitte  wrote:
> 
> Those same systems will probably not have the newest OpenSSL either,
> and OpenSSH on those machines will certainly not be linked with a
> newer OpenSSL...

It is not those systems, but other systems that need to communicate
with them (various "appliances" that may not see an SSH implementation
update in years) that may need ongoing blowfish support.

So we should tread with some care.  Perhaps the software-only Blowfish
is fast enough, but my point is that Blowfish is much less of an obvious
outdated cipher than the others...

-- 
-- 
Viktor.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-11 Thread Salz, Rich
> Those same systems will probably not have the newest OpenSSL either,
and OpenSSH on those machines will certainly not be linked with a
newer OpenSSL...
   
I apologize for not being clear enough.

I do not want to remove any of those algorithms.  I just want to remove 10,000 
lines of assembler version and just have the C code.  I want to do that for 
safety and maintainability and because they do not justify the burden -- ON US 
-- to keep hand-tuned assembler that only one, maybe two, people understand.


___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <20180210223253.gr3...@mournblade.imrryr.org> on Sat, 10 Feb 2018 
22:32:53 +, Viktor Dukhovni  said:

viktor> On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote:
viktor> 
viktor> > > Is blowfish actually outdated?  I thought it had some 
significant use,
viktor> > > and don't recall any major weakness...
viktor> > 
viktor> > In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL 
for
viktor> > the underlying cipher...
viktor> > 
viktor> > PGP use to be a heavy user, but now it only decrypts or does 
key-wrapping for compatibility; it no longer uses blowfish to encrypt data.
viktor> > 
viktor> > SSH uses it, but according to 
https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 
2014.
viktor> > Schneier recommends not using it, and use its successor(s) instead, 
which we don't implement.
viktor> 
viktor> Removed in 2014 is much too recent, there are still LTS systems
viktor> with older SSH versions, and modern platforms that may want to
viktor> interoperate.  So I'm very reluctant to support removal of blowfish
viktor> ASM at this time...

Those same systems will probably not have the newest OpenSSL either,
and OpenSSH on those machines will certainly not be linked with a
newer OpenSSL...

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <0ea60701-6e1a-4fe0-86f8-33b37d016...@dukhovni.org> on Sat, 10 Feb 
2018 17:10:42 -0500, Viktor Dukhovni  said:

viktor> 
viktor> 
viktor> > On Feb 10, 2018, at 4:58 PM, Viktor Dukhovni  
wrote:
viktor> > 
viktor> > 
viktor> > Is blowfish actually outdated?  I thought it had some significant use,
viktor> > and don't recall any major weakness...
viktor> 
viktor> In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
viktor> the underlying cipher...

OpenSSH disabled blowfish-cbc (all cbc ciphers, as a matter of fact)
two years ago, and removed it (them) entirely last autumn.  So one can
say that even in the OpenSSH world, blowfish support has decreased.
Ref: http://www.openssh.com/releasenotes.html

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
In message <3eac8b7f-ea48-465b-b4be-3d5ac62d9...@dukhovni.org> on Sat, 10 Feb 
2018 16:58:36 -0500, Viktor Dukhovni  said:

viktor> 
viktor> 
viktor> > On Feb 10, 2018, at 4:08 PM, Salz, Rich  wrote:
viktor> > 
viktor> > This is derived from bureau/libcrypto-proposal that Emilila made in 
November 2015.
viktor> >  
viktor> > We should remove the assembler versions of the following
viktor> > Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5
viktor> >  
viktor> > The reason is that they are outdated, not in use very much, and 
optimization is not important, compared to having a single reference source 
that we can maintain and debug.
viktor> 
viktor> Is blowfish actually outdated?  I thought it had some significant use,
viktor> and don't recall any major weakness...

For what it's worth, https://en.wikipedia.org/wiki/Blowfish_(cipher)
mentions some weaknesses, and also that the author recommends moving
away from Blowfish (use Twofish instead, but we haven't implemented
that)

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
I am not suggesting we remove blowfish or any of those algorithms.  I am 
suggesting we remove the assembler versions of them.

On 2/10/18, 5:33 PM, "Viktor Dukhovni"  wrote:

On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote:

> > Is blowfish actually outdated?  I thought it had some significant 
use,
> > and don't recall any major weakness...
> 
> In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
> the underlying cipher...
> 
> PGP use to be a heavy user, but now it only decrypts or does key-wrapping 
for compatibility; it no longer uses blowfish to encrypt data.
> 
> SSH uses it, but according to 
https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 
2014.
> Schneier recommends not using it, and use its successor(s) instead, which 
we don't implement.

Removed in 2014 is much too recent, there are still LTS systems
with older SSH versions, and modern platforms that may want to
interoperate.  So I'm very reluctant to support removal of blowfish
ASM at this time...

-- 
Viktor.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni
On Sat, Feb 10, 2018 at 10:19:20PM +, Salz, Rich wrote:

> > Is blowfish actually outdated?  I thought it had some significant use,
> > and don't recall any major weakness...
> 
> In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
> the underlying cipher...
> 
> PGP use to be a heavy user, but now it only decrypts or does key-wrapping for 
> compatibility; it no longer uses blowfish to encrypt data.
> 
> SSH uses it, but according to 
> https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 
> 2014.
> Schneier recommends not using it, and use its successor(s) instead, which we 
> don't implement.

Removed in 2014 is much too recent, there are still LTS systems
with older SSH versions, and modern platforms that may want to
interoperate.  So I'm very reluctant to support removal of blowfish
ASM at this time...

-- 
Viktor.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
> Is blowfish actually outdated?  I thought it had some significant use,
> and don't recall any major weakness...

In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
the underlying cipher...

PGP use to be a heavy user, but now it only decrypts or does key-wrapping for 
compatibility; it no longer uses blowfish to encrypt data.

SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613 
it has been removed, circa 2014.
Schneier recommends not using it, and use its successor(s) instead, which we 
don't implement.


___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
Look at https://github.com/openssl/openssl/pull/5320 to get an example.  It’s 
about safety and maintainability.

From: Rich Salz <rs...@akamai.com>
Reply-To: "openssl-project@openssl.org" <openssl-project@openssl.org>
Date: Saturday, February 10, 2018 at 5:06 PM
To: "openssl-project@openssl.org" <openssl-project@openssl.org>
Subject: Re: [openssl-project] Removing assembler for outdated algorithms

There is a maintenance cost.  Maybe it is negligible, but there is a cost.

  *   The build rules are more complicated; we have had errors with .S vs .s 
files
  *   There are more internal config parameters to understand
  *   There are more ifdefs in the code
  *   There’s only one person who really understands the perlasm stuff

I think “significant maintenance cost” is not the question to ask.  It’s 
maintenance and risk versus use.

From: "t...@openssl.org" <t...@openssl.org>
Reply-To: "openssl-project@openssl.org" <openssl-project@openssl.org>
Date: Saturday, February 10, 2018 at 4:29 PM
To: "openssl-project@openssl.org" <openssl-project@openssl.org>
Subject: Re: [openssl-project] Removing assembler for outdated algorithms

Before we look at removing things like this, I think we should look at whether 
or not they actually have a significant maintenance cost.

Tim.


On 11 Feb. 2018 7:08 am, "Salz, Rich" 
<rs...@akamai.com<mailto:rs...@akamai.com>> wrote:
This is derived from bureau/libcrypto-proposal that Emilila made in November 
2015.

We should remove the assembler versions of the following
Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5

The reason is that they are outdated, not in use very much, and optimization is 
not important, compared to having a single reference source that we can 
maintain and debug.


___
openssl-project mailing list
openssl-project@openssl.org<mailto:openssl-project@openssl.org>
https://mta.openssl.org/mailman/listinfo/openssl-project<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dproject=DwMFaQ=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=47KNj5EcM4J5bu7SggXsMIQAazYObKX2PjUtZ71Dl3U=fh1Zx5a9eDRlRkP-mVoUh5Wl49tdWCb5J3UpjZNMuR4=>

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni


> On Feb 10, 2018, at 4:58 PM, Viktor Dukhovni  wrote:
> 
> 
> Is blowfish actually outdated?  I thought it had some significant use,
> and don't recall any major weakness...

In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
the underlying cipher...

-- 
Viktor.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
There is a maintenance cost.  Maybe it is negligible, but there is a cost.

  *   The build rules are more complicated; we have had errors with .S vs .s 
files
  *   There are more internal config parameters to understand
  *   There are more ifdefs in the code
  *   There’s only one person who really understands the perlasm stuff

I think “significant maintenance cost” is not the question to ask.  It’s 
maintenance and risk versus use.

From: "t...@openssl.org" <t...@openssl.org>
Reply-To: "openssl-project@openssl.org" <openssl-project@openssl.org>
Date: Saturday, February 10, 2018 at 4:29 PM
To: "openssl-project@openssl.org" <openssl-project@openssl.org>
Subject: Re: [openssl-project] Removing assembler for outdated algorithms

Before we look at removing things like this, I think we should look at whether 
or not they actually have a significant maintenance cost.

Tim.


On 11 Feb. 2018 7:08 am, "Salz, Rich" 
<rs...@akamai.com<mailto:rs...@akamai.com>> wrote:
This is derived from bureau/libcrypto-proposal that Emilila made in November 
2015.

We should remove the assembler versions of the following
Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5

The reason is that they are outdated, not in use very much, and optimization is 
not important, compared to having a single reference source that we can 
maintain and debug.


___
openssl-project mailing list
openssl-project@openssl.org<mailto:openssl-project@openssl.org>
https://mta.openssl.org/mailman/listinfo/openssl-project<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dproject=DwMFaQ=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=47KNj5EcM4J5bu7SggXsMIQAazYObKX2PjUtZ71Dl3U=fh1Zx5a9eDRlRkP-mVoUh5Wl49tdWCb5J3UpjZNMuR4=>

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Viktor Dukhovni


> On Feb 10, 2018, at 4:08 PM, Salz, Rich  wrote:
> 
> This is derived from bureau/libcrypto-proposal that Emilila made in November 
> 2015.
>  
> We should remove the assembler versions of the following
> Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5
>  
> The reason is that they are outdated, not in use very much, and optimization 
> is not important, compared to having a single reference source that we can 
> maintain and debug.

Is blowfish actually outdated?  I thought it had some significant use,
and don't recall any major weakness...

-- 
Viktor.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Tim Hudson
Before we look at removing things like this, I think we should look at
whether or not they actually have a significant maintenance cost.

Tim.


On 11 Feb. 2018 7:08 am, "Salz, Rich"  wrote:

This is derived from bureau/libcrypto-proposal that Emilila made in
November 2015.



We should remove the assembler versions of the following

Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5



The reason is that they are outdated, not in use very much, and
optimization is not important, compared to having a single reference source
that we can maintain and debug.



___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Salz, Rich
This is derived from bureau/libcrypto-proposal that Emilila made in November 
2015.

We should remove the assembler versions of the following
Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5

The reason is that they are outdated, not in use very much, and optimization is 
not important, compared to having a single reference source that we can 
maintain and debug.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project