On 06/02/2019 23:11, Kurt Roeckx wrote:
> On Thu, Jan 31, 2019 at 02:19:28PM -0600, David Benjamin wrote:
>> On Thu, Jan 31, 2019 at 2:01 PM Matt Caswell <m...@openssl.org> wrote:
>>
>>>
>>> On 31/01/2019 18:50, David Benjamin wrote:
>>>> We will see if this damage turns out fatal for KeyUpdate, but OpenSSL
>>> can at
>>>> least help slow its spread by issuing a fix
>>>
>>> That's precisely what PR 8096 does.
>>>
>>>
>>>> As a heuristic for API design: if the caller needs to know the
>>> implementation
>>>> details of OpenSSL to understand what this API does, the API is no good.
>>>> Existing code cannot possibly predict how OpenSSL's implementation will
>>> evolve
>>>> over time, so there is no way to use such an API in a future-proof way.
>>> Do not
>>>> introduce such APIs.
>>>
>>> The info callback has been around a *long* time. In fact OpenSSL did not
>>> introduce it at all - we inherited it from SSLeay. Arguments about whether
>>> it is
>>> a good API or not don't help the issue at hand. The API exists,
>>> applications use
>>> it, and so (for now at least) we continue to support it.
>>>
>>> Given that it already existed we had to make a decision about how it was
>>> going
>>> to work in the presence of TLSv1.3. We did what we believed to be the
>>> correct
>>> thing at the time. The changes were pretty minimal and we tried to keep
>>> things
>>> as close to what existing users of the callback would expect. It turns out
>>> we
>>> got it wrong.
>>>
>>
>> Right, but SSL_CB_POST_HANDSHAKE_START and SSL_CB_POST_HANDSHAKE_END are
>> new. It seems best to just omit it, so OpenSSL is not tied to the nebulous
>> notion of "post-handshake exchange".
>>
>> I.e. don't bracket post-handshake things with START/END at all.
>
> Matt, do you have any comment on this? Can we go forward with
> this?
I'm not particularly keen on not signalling at all. But its also "not a hill I'm
going to die on". So I updated #8096 accordingly.
That would make the proposed vote text for this OMC vote:
"master and 1.1.1 will be updated so that they do not signal the start and end
of post-handshake message exchanges in the info callback using
SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE."
Matt
_______________________________________________
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project
