Re: [openssl-project] Welcome Dr. Matthias St. Pierre

Very much deserved. Congratulations Matthias. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Dr. Matthias St. Pierre [mailto:matthias.st.pie...@ncp-e.com] Sent: Wednesday, 24 January 20

Re: [openssl-project] Local kid does good

Great going Ben!   Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia   From: Salz, Rich [mailto:rs...@akamai.com] Sent: Wednesday, 31 January 2018 2:14 AM To: openssl-project@openssl.org Subject: [openssl-project] L

Re: [openssl-project] New Committer

Congratulations David! Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Matt Caswell [mailto:m...@openssl.org] Sent: Thursday, 1 February 2018 6:31 PM To: openssl-project@openssl.org Sub

Re: [openssl-project] Style guide update -- summary so far

where having a space increases clarity but I'm sure some exist. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia ___ openssl-project mailing list openssl-project@openssl.org h

Re: [openssl-project] DRBGs, threads and locking

way to hook it up to avoid locks is (yet). Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Salz, Rich [mailto:rs...@akamai.com] Sent: Wednesday, 14 March 2018 11:27 AM To: openssl-project@

Re: [openssl-project] DRBGs, threads and locking

Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Tim Hudson [mailto:t...@cryptsoft.com] Sent: Wednesday, 14 March 2018 1:15 PM To: openssl-project@openssl.org Subject: Re: [openssl-project] DRBGs, threads and locking We have to keep in

Re: [openssl-project] DRBGs, threads and locking

found the numbers yet :( Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Tim Hudson [mailto:t...@cryptsoft.com] Sent: Wednesday, 14 March 2018 1:15 PM To: openssl-project@openssl.org Subject: Re: [openssl-project] DRBG

[openssl-project] OID policy

Is there a policy about filling in missing OIDs in objects.txt? I noticed that AES-128-XTS is in objects.txt but doesn't include an OID even though the IEEE Security in Storage Working Group has defined one. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encrypti

Re: [openssl-project] OID policy

> We should have OID's for the things we implement Sounds like a policy :) Vote time? Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia ___ openssl-project mailing

Re: [openssl-project] OID policy

d be added opportunistically when noticed. Thanks, Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Matt Caswell [mailto:m...@openssl.org] Sent: Thursday, 15 March 2018 6:33 PM To: openssl-proje

Re: [openssl-project] wiki info for pre-1.0.2

My view is to keep a note at the top saying versions prior to 1.0.2 didn’t check but remove the long bottom section about doing it. It will be in the page history forever and people using unsupported versions could reasonably be expected to check there.     Pauli -- Oracle Dr Paul Dale

Re: [openssl-project] Entropy seeding the DRBG

e usually is a single read size maximum. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Richard Levitte [mailto:levi...@openssl.org] Sent: Tuesday, 3 April 2018 11:29 PM To: openssl-projec

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

I’m for ABI compatibility going forward (but not necessarily backwards) and for testing it, preferably in a CI loop.   I know I’m late to the discussion but it has been enlightening and it looks like a good outcome.     Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security

Re: [openssl-project] Entropy seeding the DRBG

at ICMC if you're in the area. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Kurt Roeckx [mailto:k...@roeckx.be] Sent: Tuesday, 24 April 2018 5:46 AM To: openssl-project@openssl.org Su

Re: [openssl-project] Entropy seeding the DRBG

the CPU too much. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Kurt Roeckx [mailto:k...@roeckx.be] Sent: Wednesday, 25 April 2018 3:25 AM To: openssl-project@openssl.org Subject: Re: [openssl

[openssl-project] ghmerge problem

tion or with my build set up? Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.o

Re: [openssl-project] ghmerge problem

e local value. * the configure script used gcc since CC wasn't getting to it. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Richard Levitte [mailto:levi...@openssl.org] Sent: Wednesday, 11

Re: [openssl-project] Removal of NULL checks

I'm firmly in the don't remove them camp too. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Viktor Dukhovni [mailto:openssl-us...@dukhovni.org] Sent: Wednesday, 8 August 20

Re: [openssl-project] Removal of NULL checks

Rich wrote: > Real code often doesn't check return values. Even ours. :( Could we consider adding a lot more __owur tags to functions to encourage this? As an API change it would have to wait for a major release. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security &

[openssl-project] Is this still relevant to OpenSSL?

Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Release Criteria Update

PR for 7133 submitted.     Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia   From: Tim Hudson [mailto:t...@cryptsoft.com] Sent: Friday, 7 September 2018 8:51 AM To: openssl-project@openssl.org Subject: Re: [ope

Re: [openssl-project] Release strategy updates & other policies

efining otherwise undefined behaviour constitute a change in the API? Does documenting undefined behaviour constitute a change in the API? While I wouldn't consider adding a NULL check to be an API change, but what about removing one? I'd think the latter is. Pauli -- Oracle Dr Paul

Re: [openssl-project] NEW: A proposal for an updated OpenSSL version scheme (v3.0-dev)

Looks great Richard. I'd support that I think. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Richard Levitte [mailto:levi...@openssl.org] Sent: Tuesday, 25 September 2018 1

[openssl-project] Low severity timing attack in ECDSA (CVE-2018-0735)

updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Austr

[openssl-project] Low severity timing attack in DSA (CVE-2018-0734)

Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -BEGIN PGP MESSAGE- Version: GnuPG v2 owGlVGtsFFUU3j4kMHRThCYEELyQCm3ZZ7cvCkUXlodSaNltEaSF3s7c3Rk6O3eZ me2wWOWRtipSqaFQEBAt8ggEtVSKUiQQEaxEQXkUKAjlIZZHKVVIsJ

[openssl-project] FYI: NIST's post quantum cryptography progress

NIST's post quantum cryptography 1st round report is out: https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8240.pdf Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle

[openssl-project] OMC vote regarding completeness of CCLA and ICLA forms

does this mean for existing CLAs? Nothing. They are still valid. For CLAs going forwards, we'd prefer that all fields are provided but will accept forms with the some or all of the specified fields left blank. We will not accept CLAs with any other field left blank. Pauli -- Oracl

Thoughts about library contexts

ss all contexts - would they make better sense being one per context? There would be a space cost, a reduction in the cache efficiency, . but it would add to segregation. Enclaves could also assist. Thoughts anyone? Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Securi

SP 800-90C 10.1.2

(i.e. preserves the strength). The PR is done (#8660 https://github.com/openssl/openssl/pull/8660) but I've closed it since it seems unloved. If anyone here does think that that would beneficial, say something as justification or it is gone. Pauli -- Oracle Dr Paul Dale

Update

//www.openssl.org/blog/blog/2018/01/18/f2f-london/"national standard" or better. Thus, this change should be accepted. For TLS, would it be better if the inclusion requirement were amended to also include "IETF codepoints allocated"? Presumably DTLS and QUIC too.

RE: Welcoming our new committers

Welcome to the team. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Matt Caswell [mailto:m...@openssl.org] Sent: Monday, 20 May 2019 8:31 PM To: openssl-project@openssl.org Sub

RE: No two reviewers from same company

There hasn't been a vote about this, however both Shane and I have committed to not approve each other's PRs. I also asked Richard if this could be mechanically enforced, which I expect will happen eventually. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security &a

LibreSSL

An article about LibreSSL and indirectly OpenSSL: https://lwn.net/SubscriberLink/841664/0ba4265680b9dadf/ Pauli

Re: [openssl-project] Entropy seeding the DRBG

Apologies for the name I’ve been sending under. I don’t represent Oracle of course. A temporary new MUA that isn’t quite doing what I expected. Pauli > On 8 May 2018, at 7:33 pm, Oracle wrote: > > Kurt wrote: > >> The comment about not hashing it is if you want to use the tool to >> do entr

Re: [openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

I also believe that we shouldn’t be relying on locale, it is a Pandora’s box we don’t want to open. Even claiming that OpenSSL is UTF-8 compliant is probably a stretch (e.g. the isXXX functions aren’t). Saying we accept unsigned eight bit byte inputs and process them unmodified is as far as I’d

[openssl-project] Review

I’d like a prompt review of #7513 so I can push the second CVE out. #7512 is kind of related but not CVE level. Pauli ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Review

Thanks, Richard. I’ll merge tomorrow and publish CVE 20181030. Pauli > On 29 Oct 2018, at 8:21 pm, Richard Levitte wrote: > > In message <785270db-e18c-4c5a-a961-765859cd6...@oracle.com> on Mon, 29 Oct > 2018 19:45:36 +1000, Dr Paul Dale said: > >> I’d like a

Re: [openssl-project] inline functions

their instantiation and move the latter into its own C file. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 27 Jan 2019, at 8:33 pm, Tim Hudson wrote: > > From https://github.com/openssl/openssl/pull/7

Re: [openssl-project] inline functions

should have separate data structures for the different uses, each optimised for its specific usage. This would be a long path (and I’m hijacking this thread a bit), but it is something I’ve been wanting to do for a while now. Pauli -- Dr Paul Dale | Cryptographer | Network Security

Re: [openssl-project] inline functions

the DECLARE_LHASH_OF macro to prototype the functions. The .c file uses the DEFINE_LHASH_OF macro to create them. I chose lhash here because it is the simpler of the two, safestack has more options and is a bit more convoluted. I’m willing to make a stab at a PR for this. Pauli -- Dr Paul

Re: [openssl-project] inline functions

eans we’ve a compatibility issue. The functions are in a public header, they can be used by any application. We need to continue supporting such use. Asking a user to add a DEFINE_ line is API breaking. I would be pro making such a change but we’d need to accept the consequences. Pauli --

Re: Thoughts on OSSL_ALGORITHM

. My thought: add the provider data field. Use that when it can be done directly, use unique functions otherwise. The example with key and iv lengths would be a direct use. Code that dives through a function pointer or a switch statement would be an example of not. Pauli -- Dr Paul Dale

Re: Issues and pull requests are largely getting ignored

I agree with Matt. He and Richard are doing a great job but cannot quite keep up. They are doing a fantastic job given the time available to them. I’ve been a bit slack the last two weeks and will be so for the next four or so but I’ll attempt to catch up. Pauli -- Dr Paul Dale

Re: Any timeframe for the 1.1.1c release?

This seems reasonable to me. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 6 May 2019, at 5:40 pm, Richard Levitte wrote: > > Our last update release was by the end of February. With our usual > 3-is

OSSL_PARAMs

structured manner. Thoughts? Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia

Re: OSSL_PARAMs

changes to the params structure would be far easier. I kind of like using the OSSL_PARAM arrays as a replacement for string ctrl functions if not ctrl as well (subject to backward compatibility concerns). Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7

Re: OSSL_PARAMs

(the integer and the terminator) and both are stack allocated. I.e. there is currently is no example of the use case for which the indirection is present :( Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 5 Jun 2019, a

Re: OSSL_PARAMs

? Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 5 Jun 2019, at 10:50 am, Dr Paul Dale wrote: > > I thought the references were to allow const arrays of OSSL_PARAM to be > viable. > > A quick check th

Re: OSSL_PARAMs

Richard wrote: -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > So while this is an issue for *us*, it isn't necessarily an issue for > our users, all depending on what C language version they use. Supporting things *we*

Re: OSSL_PARAMs

-- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 5 Jun 2019, at 12:47 pm, Richard Levitte wrote: > But you're talking about allocating the whole OSSL_PARAM array on the > heap, aren't you? While not struct

Re: OSSL_PARAMs

The OSSL_PARAM structure needs to be visible and not subject to change. Providers shouldn’t necessarily have a dependency on functions from libcrypto. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 5 Jun 2019, at 1

Re: VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

r’s CPU Jitter <http://chronox.de/jent/doc/CPU-Jitter-NPTRNG.html>. He’s collected a large corpus of data from many processors and the scheme works relatively quickly. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 7 Jun 2019, at 5:19 pm, Mark J Cox wrote: > > Could we have this more detailed discussion on -project? > > Mark

Re: VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

expecting a somewhat lively discussion about a sensitive topic :) Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 7 Jun 2019, at 6:18 pm, Tomas Mraz wrote: > > On Fri, 2019-06-07 at 18:03 +1000, Dr Paul Dale wrot

VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

. This is just saying that 3.0.0 *will* have some mechanism. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia

Re: VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

small and relatively fast. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 8 Jun 2019, at 5:25 am, Kurt Roeckx wrote: > > On Fri, Jun 07, 2019 at 03:08:24PM -0400, Viktor Dukhovni wrote: >>> On Jun 7,

Start up entropy gathering

random has actually been seeded. I’ve not attempted to code this, persistent files containing seed material potentially introduce other problems. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia

Re: Removing function names from errors (PR 9058)

*); -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 14 Jun 2019, at 12:04 pm, Viktor Dukhovni > wrote: > > On Wed, Jun 12, 2019 at 05:51:44AM +0200, Richard Levitte wrote: > >> A discussion point in that

Re: punycode licensing

It seems okay from here too. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 21 Jun 2019, at 11:59 am, Benjamin Kaduk wrote: > > On Thu, Jun 20, 2019 at 12:27:38PM -0400, Viktor Dukhovni wrote: >> On Thu,

OSSL_PARAM thought

a lot of END’s throughout the codebase. Saving one line many times seems like a win. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia

Vote on PR

The following vote passed 6 to 0. topic: Accept the changes to the OpenSSL policies as per PR#133 (openssl/web). comment: The definition of trivial being clarified and moved to the web page that the missing CLA note references. Pauli -- Dr Paul Dale | Cryptographer | Network Security

Thread sanitiser problems

dependent algorithms as part of the registration process. The particular algorithm could be preloaded somehow. I’m not sure how ugly this will become but it will need names (nids) for each possible DRBG type. Thoughts anyone? Any better solutions? Any other solutions? Pauli -- Dr Paul Dale

Re: Thread sanitiser problems

uct provider_store_st *store = get_provider_store(ctx); CRYPTO_THREAD_read_lock(store->lock); Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 30 Jul 2019, at 8:52 pm, Matthias St. Pierre > wrote: > &g

Re: Thread sanitiser problems

ordering for grabbing locks which is also bad. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 31 Jul 2019, at 2:10 pm, Viktor Dukhovni > wrote: > >> On Jul 30, 2019, at 10:02 PM, Dr Paul Dale wrot

Re: Being socially aware

I’m not disputing the great effort put into this. My dispute is that it should be under the openssl list command….. I agree, this shouldn’t have been a “good first issue”. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

RAND, FIPS and providers

seed source for FIPS (so long as the DRBGs seed from inside their own provider). Thoughts or input anyone? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: RAND, FIPS and providers

Matt, thanks for the clarification. I’ve looked at the DRBG setup code dozens of times and it never clicked. It seems we’re down to making the DRBGs and, perhaps, the seed source available using fetch. That doesn’t seem anything like as difficult. Pauli -- Dr Paul Dale | Distinguished

Re: Reorganization of the header files (GitHub #9333)

Go for it, the antipodean contingent aren’t busy this weekend. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 28 Sep 2019, at 5:05 pm, Dr. Matthias St. Pierre > wrote: > >> Merge early is pretty

Re: Commit access to openssl/tools and openssl/web

face, I agree wholeheartedly. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 4 Oct 2019, at 5:39 pm, Matt Caswell wrote: > > > > On 04/10/2019 08:15, Dr. Matthias St. Pierre wrote: >> Dear

#10388

l have to support the new API for a long time and it is one which we are currently trying to move away from. Thoughts or comments anyone? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: #10388

The consensus seems to be to add the deprecated API to 3.0. I’ve removed the hold. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 15 Nov 2019, at 10:40 pm, Matthias St. Pierre > wrote: > > > >

Re: Malloc failures check

me of these. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 21 Nov 2019, at 1:26 pm, Dmitry Belyavsky wrote: > > Hello, > > Observing a series of similar bugs related to a lack of checks of the malloc

Re: Check NULL pointers or not...

from this point of view but it can cause a performance hit — most of the time it wouldn’t matter but when it does it would be a big deal. The middle ground doesn’t entail any performance loss in production code (it does in debug but that shouldn’t be relevant). Pauli -- Dr Paul Dale

Re: Check NULL pointers or not...

Oops, you are correct. I was under the mistaken impression that ossl_assert compiled to nothing outside of debug mode. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 29 Nov 2019, at 7:22 pm, Matt Caswell wr

Re: Flaw in our process for dealing with trivial changes

tter would be to add it only if the submitter doesn’t have a CLA on file but either works. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 12 Dec 2019, at 7:20 pm, Matt Caswell wrote: > > I notice t

Re: Flaw in our process for dealing with trivial changes

Before we start over engineering a solution, how about we try just having an automatic visual indicator for trivial PRs. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 13 Dec 2019, at 3:24 am, Kurt Roeckx wr

Re: Flaw in our process for dealing with trivial changes

A red blocker along the lines of: “Triviality Unconfirmed”. One of the reviewers needs to remove this before the PR can be merged. It’s in our face, it prevent accidental merges and its low overhead. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031

Re: Flaw in our process for dealing with trivial changes

A better example of this problem: #10607. Both Paul and I approved it yesterday and I merged it today without noticing until too late that it was tagged “CLA: trivial” :( I’ve not reverted it at this point but will if necessary. Let’s get the label in. Pauli -- Dr Paul Dale | Distinguished

Legacy Provider

is that the low level direct access functions (e.g. IDEA_encrypt) will continue to work (albeit deprecated), only the EVP access will go (again, by default). Before the vote is called, are there any additional thoughts from the past six months? Pauli -- Dr Paul Dale | Distinguished

Re: Legacy Provider

Kurt, It’s a policy decision: should we cause pain for users (& Matt) or effectively delay the end for these old/broken algorithms. Technically it is easy. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 J

Legacy provider

The OMC vote is closed. The vote text being: The legacy provider should be disabled by default in 3.0 With the clarification that "disabled" in this context means "not loaded”. The vote passed (two for, one against, four abstain) Pauli -- Dr Paul Dale | Distingu

Re: Legacy provider

r Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 16 Jan 2020, at 6:07 am, Benjamin Kaduk wrote: > > Hi Pauli, > > On Tue, Jan 14, 2020 at 09:34:40PM +1000, Dr Paul Dale wrote: >> The OMC vote is closed.

crypt(3)

password derivation functions into KDFs if necessary. Thoughts? Other alternatives? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: crypt(3)

. Removing these calls will require an OMC vote as a breaking API change. I’m fine to call one if it seems justified. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 17 Jan 2020, at 5:41 pm, Viktor Dukhovni >

Re: crypt(3)

Okay, it looks like the consensus is option 3 — deprecate and forget. As far as I can tell, they are only used (by us) in one place outside of libcrypto, so that will deprecate as well. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle

Re: crypt(3)

Could the people who work with distros confirm this default choice or suggest what they use please? Thanks, Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 18 Jan 2020, at 10:05 am, Dr Paul Dale wrote: >

Re: crypt(3)

I meant “what default makes the most sense for the passwd command line application?” It was crypt which is deprecated. Should it be BSD’s MD5? One of the SHA2 based algorithms? Or should it produce an error if no algorithm is selected? Pauli -- Dr Paul Dale | Distinguished Architect

Re: crypt(3)

Thanks for the feedback everyone. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Travis in solid red mode again

I thought I was subscribed but don’t seem to see the failures. I do get the (very many) PR activity emails…. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 1 Feb 2020, at 8:35 pm, Dr. Matthias St. Pierre >

Re: Github PR label automation

d to judge the relevancy. Agreed also over the “urgent” label. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 9 Feb 2020, at 1:56 am, Mark J Cox wrote: > > I've currently got a cron job running every ho

Deprecation

and switching to the provider model. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Deprecation

uecomment-585603911> And a further one via private email. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 14 Feb 2020, at 7:37 pm, Matt Caswell wrote: > > > > On 14/02/2020 02:30, Dr Paul Dale wrote: >&g

Re: Errored: openssl/openssl#31939 (master - 34b1676)

An alternative would be to only run a cut down selection of tests with msan. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 14 Feb 2020, at 11:00 pm, Matt Caswell wrote: > > > > On 14/02/2020 12:23

Re: Deprecations

The added complexity was of some concern to me when doing the deprecations. I suspect we’ll also encounter difficulties getting 100% equivalent behaviour via PKEY. There are some pretty arcane options in some of these. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic

Re: Deprecations

workable too. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 24 Feb 2020, at 5:53 am, Viktor Dukhovni > wrote: > >> On Feb 22, 2020, at 4:53 AM, Richard Levitte wrote: >> >> Something th

Re: Deprecations

Any suggestions for a consensus on this thread? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 24 Feb 2020, at 5:08 pm, Dr Paul Dale wrote: > > Most of the conversions to using PKEY were straightforward. O

Re: Deprecations

to be somewhat problematic. There isn’t a 1:1 conversion and some of the legacy options simply aren’t supported. I’m hoping to have a preliminary PR up later this week. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia >

Face to face

. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Deprecations

to the effect of: "The command dsa is deprecated. Use ‘pkey’ instead." when executed. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 5 Mar 2020, at 5:15 am, Kurt Roeckx wrote: > > On Mon, Mar 02,

Re: Deprecations

Matthew, Good idea. I’ll add it. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 5 Mar 2020, at 8:55 am, Matthew Lindner wrote: > > Shouldn't the deprecation notice that's printed also print

Re: An OpenSSL cookbook, where and how?

Might the demos be useful for something like this? I know they aren’t in great state and could do with better documentation but they seem to fulfil most of the suggested goals. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

  1   2   3   >