Re: [openssl-project] FW: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2

2018-05-10 Thread Richard Levitte
A simple 'got log --oneline' confirms this: 13f6857db1 PPC assembly pack: add POWER9 results. 41b77d5447 .travis.yml: add pair of linux-ppc64le targets. a01b9cd5a7 Fix no-cms 60155b9ae1 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 7f35627c79 Fix typos in x509

Re: [openssl-project] build/test before merging

2018-05-23 Thread Richard Levitte
gt;I'm happy doing the build/test manually before merging, too. rsalz> rsalz> rsalz> So do you guys use the ghmerge script or own procedures? I'm curious. I use addrev and git commands. ghmerge does too much for my taste. -- Richard Levitte levi...@openssl.org OpenSSL P

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-12 Thread Richard Levitte
In message <2418fe0a-8a61-47ad-9e60-f40bd0c79...@openssl.org> on Mon, 11 Jun 2018 19:29:09 +0200, Richard Levitte said: levitte> levitte> levitte> "Salz, Rich" skrev: (11 juni 2018 18:54:37 CEST) levitte> >>Except that, because of the way PKCS12_ge

[openssl-project] Votes on the use of other libraries in general and iconv in particular

2018-06-07 Thread Richard Levitte
by Richard Levitte Public: yes opened: 2018-06-07 closed: 2018-06-21 -- topic: We can use the iconv API in our applications Proposed by Richard Levitte Public: yes opened: 2018-06-07 closed: 2018-06-21 -- The vote tallies will be presented here when the votes are closed. Cheers

[openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-07 Thread Richard Levitte
libiconv on Mac OS/X to be such a library) 2. A vote about the use of the iconv API Please discuss here, no in the vote threads. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte

Re: [openssl-project] Votes on the use of other libraries in general and iconv in particular

2018-06-07 Thread Richard Levitte
to be concluded, does that not allow discussion? Has that ever stopped us from discussing before? Cheers Richard "Salz, Rich" skrev: (7 juni 2018 16:51:30 CEST) >I am disappointed that no time was allowed for discussion. > >On 6/7/18, 8:38 AM, "Richard Levitte" wrote: >

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-07 Thread Richard Levitte
with windows. In my mind, this makes that more general vote ridiculous, but the matter was brought up to me, and I wasn't going to ignore it, no matter what my personal feelings are. Cheers Richard Richard Levitte skrev: (7 juni 2018 13:54:11 CEST) >Hi, > >This PR has been blocked, forci

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-07 Thread Richard Levitte
st or get patches for, as with anything else. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-07 Thread Richard Levitte
"Salz, Rich" skrev: (7 juni 2018 21:09:55 CEST) >>We don't have to answer the question "how high" now. I'm fully > prepared to have the use of iconv limited to platforms where we know >it's available > >That then means that the pkcs12 program is not compatible in behavior >across

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-07 Thread Richard Levitte
In message on Thu, 7 Jun 2018 11:56:00 -0400, Viktor Dukhovni said: openssl-users> openssl-users> openssl-users> > On Jun 7, 2018, at 11:19 AM, Richard Levitte wrote: openssl-users> > openssl-users> > Regarding general use of other libraries, please openssl-users&g

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-07 Thread Richard Levitte
Viktor Dukhovni skrev: (7 juni 2018 21:16:53 CEST) >On Thu, Jun 07, 2018 at 09:01:15PM +0200, Richard Levitte wrote: > >> We don't have to answer the question "how high" now. I'm fully >> prepared to have the use of iconv limited to platforms where we know >&g

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-07 Thread Richard Levitte
"Salz, Rich" skrev: (7 juni 2018 21:29:40 CEST) >>My main concern is that currently, openssl pkcs12 may create >broken pkcs12 files (because it misinterprets the pass phrase when >constructing a BMPString), and doesn't notify the user at all (doesn't >even check). > > >For those who

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-12 Thread Richard Levitte
In message <333784c8-4870-4ddb-a892-13d552724...@dukhovni.org> on Tue, 12 Jun 2018 16:02:16 -0400, Viktor Dukhovni said: openssl-users> openssl-users> openssl-users> > On Jun 12, 2018, at 3:39 PM, Richard Levitte wrote: openssl-users> > openssl-users> &

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-12 Thread Richard Levitte
iconv on Unix). If the availability of -toutf8 depends on the presumed presence of iconv(), then we can assume that nl_langinfo() is present as well. That renders -encoding unnecessary, unless you want to use it to override the locale-specific encoding. Cheers, Richard -- Richard Levitte lev

[openssl-project] Monthly Status Report (May)

2018-06-13 Thread Richard Levitte
for the final release Others: - Worked on platform support database (yet unpublished) -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-11 Thread Richard Levitte
generate_mac() will then decode it and zero extend every resulting byte to 16 bits. If you *don't* do this, you risk having any byte sequence that looks like UTF-8 in the original input to be decoded and made into something other than what the user intended. Cheers, Richard -- Richard Levitte

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-11 Thread Richard Levitte
not at all what I'd expect for a flag named '-pass8bit' Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-11 Thread Richard Levitte
quire them to specify; (c) set the expectation that something will change in the future. A variant is to check if the 8bit string can be decoded as a UTF-8 string and warn the user that such string is going to get screwed. -- Richard Levitte levi...@openssl.org OpenSSL

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-11 Thread Richard Levitte
ncodings that will like like UTF-8 byte sequences), it will be used as if -passutf8 was given instead. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-proje

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

2018-06-11 Thread Richard Levitte
. That's Rich's intent, and I'm fine with that. It's the fine print of what message we tell with -pass8bit that's being disputed. -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mai

Re: [openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

2018-06-03 Thread Richard Levitte
_t would be Unicode characters. So ok, with this information, UTF-8 makes sense... Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list ope

[openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

2018-06-01 Thread Richard Levitte
ble that this will become implicit policy) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mail

Re: [openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

2018-06-01 Thread Richard Levitte
In message <20180602.004350.1602483119932820478.levi...@openssl.org> on Sat, 02 Jun 2018 00:43:50 +0200 (CEST), Richard Levitte said: levitte> In message <7c04edbc-9d70-42ea-9ec9-6e6c4fbb8...@dukhovni.org> on Fri, 1 Jun 2018 18:23:48 -0400, Viktor Dukhovni said: levitte>

Re: [openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

2018-06-02 Thread Richard Levitte
In message on Fri, 1 Jun 2018 19:08:04 -0400, Viktor Dukhovni said: openssl-users> openssl-users> openssl-users> > On Jun 1, 2018, at 6:47 PM, Richard Levitte wrote: openssl-users> > openssl-users> > Ah, forgot one important detail: it is well understood that *al

Re: [openssl-project] Is Mac a supported platform?

2018-06-01 Thread Richard Levitte
or OS X. But hey, if that helps, we can always do this: diff --git a/INSTALL b/INSTALL index 52e3f2ae6c..851093ec01 100644 --- a/INSTALL +++ b/INSTALL @@ -76,7 +76,7 @@ If you want to just get on with it, do: - on Unix: + on Unix (including Mac OS/X): $ ./config $ make Ch

Re: [openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

2018-06-01 Thread Richard Levitte
ibcrypto, and still only have to know the bare minimum of what the URI represents (preferably nothing at all)) -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

2018-06-06 Thread Richard Levitte
In message <4dca9a91-1487-4bfc-8a4e-b79fad473...@dukhovni.org> on Tue, 5 Jun 2018 18:37:21 -0400, Viktor Dukhovni said: openssl-users> openssl-users> openssl-users> > On Jun 3, 2018, at 4:45 AM, Richard Levitte wrote: openssl-users> > openssl-users> > Ye

Re: [openssl-project] Creating the OpenSSL_1_1_1-stable branch

2018-06-23 Thread Richard Levitte
ard it a little now and then. At some point, the above will become true, but you're right, we should probably update that detail. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___

Re: [openssl-project] GitHub labels

2018-06-20 Thread Richard Levitte
he pull request summary. Matthias.St.Pierre> IMHO it would make sense to use the version labels Matthias.St.Pierre> only to indicate merge intention and otherwise use Matthias.St.Pierre> milestones. I personally agree. -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Richard Levitte
In message <20180430.164908.1424770216194967097.levi...@openssl.org> on Mon, 30 Apr 2018 16:49:08 +0200 (CEST), Richard Levitte <levi...@openssl.org> said: levitte> In message <20180430.152609.587396153749337701.levi...@openssl.org> on Mon, 30 Apr 2018 15:26:09 +0200 (C

Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Richard Levitte
In message <20180430.152609.587396153749337701.levi...@openssl.org> on Mon, 30 Apr 2018 15:26:09 +0200 (CEST), Richard Levitte <levi...@openssl.org> said: levitte> In message <20180430131000.ga25...@roeckx.be> on Mon, 30 Apr 2018 15:10:01 +0200, Kurt Roeckx <k...@

Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Richard Levitte
In message <20180424172439.ga8...@roeckx.be> on Tue, 24 Apr 2018 19:24:40 +0200, Kurt Roeckx <k...@roeckx.be> said: kurt> On Tue, Apr 24, 2018 at 07:20:42AM +0200, Richard Levitte wrote: kurt> > Like I think I mentioned a few days ago, I'm currently on a conference. I'll

Re: [openssl-project] Entropy seeding the DRBG

2018-04-30 Thread Richard Levitte
t; but the estimation will be totally wrong. kurt> kurt> Passing the hashed data to the drbg as entropy input is fine if kurt> you already know how much entropy that it contains. Thanks, that's what I suspected. Ok, on to the next step -- Richard Levitte levi...@openssl.or

Re: [openssl-project] Fwd: [openssl-commits] Broken: openssl/openssl#15866 (master - cf8e923)

2018-01-26 Thread Richard Levitte
I think I said it earlier, that prefixing the output with '#' is a TAP compatible way to fix this. One way is to pipe the execution of the program through a "sed -e 's|^|# |'", except that it's not exactly portable... Another way *might* be to open("program |") and handle the output in

Re: [openssl-project] travis builds failing with aligment errors?

2018-01-30 Thread Richard Levitte
-fno-sanitize=alignment -fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer I just tried a fresh master and hacked reordered CFLAGS in Makefile to -fno-sanitize=alignment last, and suddenly, the tests work. So, err, I screwed up with the recent changes in Configure, in adding

Re: [openssl-project] chatty make output

2018-02-01 Thread Richard Levitte
Me, I've noticed that quite a lot of people don't read CHANGES, so this is to avoid getting a ton of reports about Configure not displaying all the stuff it used to do. Also, the message is geared to disappear with 1.1.1a or above. Cheers Richard "Salz, Rich" skrev: (1

Re: [openssl-project] chatty make output

2018-02-01 Thread Richard Levitte
I want to approve the PR that you're gonna submit any time now  (I would like to see that in just one statement if possible) Cheers Richard "Salz, Rich" skrev: (1 februari 2018 18:52:26 CET) >Fine. > >How about this change? >iff --git a/Configure b/Configure >index

Re: [openssl-project] Code freeze later today

2018-02-12 Thread Richard Levitte
This requires a bit of a rethink of config attributes and the make variables we do use in the end. - I'm trying to build ia64 assembler stuff on VMS. This also requires a bit of a rethink how we use the make variables (not as hard as it sounds). Just wanted to let you know what I've on my plate.

Re: [openssl-project] Code Freeze!!!

2018-02-12 Thread Richard Levitte
.@git.openssl.org freeze openssl matt matt> matt> Thanks Done -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openss

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
pport removal of blowfish viktor> ASM at this time... Those same systems will probably not have the newest OpenSSL either, and OpenSSH on those machines will certainly not be linked with a newer OpenSSL... Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project

Re: [openssl-project] should doc-nits flag long lines?

2018-02-10 Thread Richard Levitte
I would say on the contrary, that long lines in code section should be flagged, because they aren't wrapped in the final output. For the rest, warning on long lines is still nice for the readability of the original file, but to my judgment, that's slightly less important than the code

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
y major weakness... For what it's worth, https://en.wikipedia.org/wiki/Blowfish_(cipher) mentions some weaknesses, and also that the author recommends moving away from Blowfish (use Twofish instead, but we haven't implemented that) Cheers, Richard -- Richard Levitte

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-10 Thread Richard Levitte
d blowfish-cbc (all cbc ciphers, as a matter of fact) two years ago, and removed it (them) entirely last autumn. So one can say that even in the OpenSSH world, blowfish support has decreased. Ref: http://www.openssh.com/releasenotes.html Cheers, Richard -- Richard Levitte levi...@open

Re: [openssl-project] Removing assembler for outdated algorithms

2018-02-11 Thread Richard Levitte
"Salz, Rich" skrev: (11 februari 2018 14:07:13 CET) >> Those same systems will probably not have the newest OpenSSL >either, >and OpenSSH on those machines will certainly not be linked with a >newer OpenSSL... > >I apologize for not being clear enough. > >I do

Re: [openssl-project] VOTE on travel reimbursement policy

2018-02-14 Thread Richard Levitte
y) would be presented on the project list. Now, the initial posting went to both the OMC and the project list, and some chose to vote with a simple "Reply All" without editing the recipients. If that was on purpose or because attention wasn't payed to that detail, I cannot say. Cheer

Re: [openssl-project] GitHub labels

2018-06-22 Thread Richard Levitte
ned to the next major release. Bear in mind that we still don't know kaduk> of the release after 1.1.1 will be such a thing or not... Argh! I'm pretty sure I added a label '1.2.0' to do *exactly* that. Apparently, not everyone agrees with such indication... -- Richard Levitte l

Re: [openssl-project] Removal of NULL checks

2018-08-09 Thread Richard Levitte
t rad. However, I'd say that for the next major version, we're free to change an undefined behaviour to something more well defined, as we see fit. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ _

Re: [openssl-project] TLS 1.3 and the release

2018-08-11 Thread Richard Levitte
In message <641feb77-064e-4a49-a30b-41edf1279...@akamai.com> on Sat, 11 Aug 2018 13:37:07 +, "Salz, Rich" said: rsalz> Matt has already prepared a PR (the number escapes me) https://github.com/openssl/openssl/pull/6741 -- Richard Levitte levi...@openssl.

Re: [openssl-project] Removal of NULL checks

2018-08-09 Thread Richard Levitte
y empty and unfillable, or 2) an immediate crash. Either way, the application authors will have to learn to check their stack pointers. The real difference is how much they will have to scratch their heads to figure out what went wrong. Cheers, Richard -- Richard Levitte levi...

Re: [openssl-project] Removal of NULL checks

2018-08-09 Thread Richard Levitte
In message <20180809165255.gg14...@straasha.imrryr.org> on Thu, 9 Aug 2018 12:52:56 -0400, Viktor Dukhovni said: viktor> On Thu, Aug 09, 2018 at 06:40:14PM +0200, Richard Levitte wrote: viktor> > In message <20180809162245.gd14...@straasha.imrryr.org> on Thu, 9 Aug 2018 1

Re: [openssl-project] master is broken?

2018-07-24 Thread Richard Levitte
I can't reproduce, but looking into using Carp::Always uncovered a couple of bugs, which I'm submitting a PR for. When that is merged, you should be able to do this, and get a stack trace every time the death handler is called: PERL5OPT=-MCarp::Always ./config BTW, would you be so kind and

Re: [openssl-project] master is broken?

2018-07-24 Thread Richard Levitte
age was really just rogue output. The death handler was badly written, but got fixed up with this PR: https://github.com/openssl/openssl/pull/6776 Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http:/

Re: [openssl-project] master is broken?

2018-07-24 Thread Richard Levitte
which may be found in the Perl 5 source kit. rsalz> rsalz> Complete documentation for Perl, including FAQ lists, should be found on rsalz> this system using "man perl" or "perldoc perl". If you have access to the rsalz> Internet, point your browser at http://www.per

[openssl-project] Speaking of broken master, have a look at Travis

2018-07-24 Thread Richard Levitte
. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] To distribute just the repo file, or the result of 'make dist'?

2018-07-24 Thread Richard Levitte
In message <20180724122839.ga2...@roeckx.be> on Tue, 24 Jul 2018 14:28:40 +0200, Kurt Roeckx said: kurt> On Tue, Jul 24, 2018 at 02:08:46PM +0200, Richard Levitte wrote: kurt> > kurt> > The original intention (way back, I think we're even talking SSLeay kurt> > time

[openssl-project] To distribute just the repo file, or the result of 'make dist'?

2018-07-24 Thread Richard Levitte
-- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Richard Levitte
In message <20180907.025152.1131079938025695690.levi...@openssl.org> on Fri, 07 Sep 2018 02:51:52 +0200 (CEST), Richard Levitte said: > For example, *all* two-prime RSA keys from pre-1.1.1 become unreadable That was a bit of an over-statement... but it seems that there are things in

Re: [openssl-project] Please freeze the repo

2018-09-09 Thread Richard Levitte
In message <22962ad7-6232-dcd7-4ec4-11544360f...@openssl.org> on Sun, 9 Sep 2018 11:34:18 +0100, Matt Caswell said: > Please can someone freeze the repo: > > ssh openssl-...@git.openssl.org freeze openssl matt Done -- Richard Levitte levi...@openssl.org OpenSSL Proje

Re: [openssl-project] ghmerge problem

2018-07-11 Thread Richard Levitte
your own, you'll have to take a closer look there. The 'opensslbuild' that comes with ghmerge only sets that option of $CC contains the string 'clang'... I haven't tested, though... -- Richard Levitte levi...@openssl.org OpenSSL Project h

Re: [openssl-project] Welcome Dr. Matthias St. Pierre

2018-01-23 Thread Richard Levitte
d rsalz> instructions. Done and done! Welcome, Matthias -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Speaking of releases, did we finalize a release plan for 1.1.1?

2018-01-24 Thread Richard Levitte
reiterate this, perhaps? -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] VOTE report: Push the release of 1.1.1 beta1 (pre3) forward one week

2018-03-12 Thread Richard Levitte
at, 10 Mar 2018 11:45:46 +0100 (CET), Richard Levitte <levi...@openssl.org> said: levitte> I started a vote moments ago on the OMC list with the content that levitte> follows. The OMC will vote on it, hopefully on time, and the levitte> resulting tally will be posted here. levitte

[openssl-project] Updated 1.1.1 release timetable

2018-03-12 Thread Richard Levitte
: 15th May 2018) See https://www.openssl.org/policies/releasestrat.html for a reminder of all details. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing

[openssl-project] VOTE report: Push the release of 1.1.1 beta1 (pre3) forward one week

2018-03-10 Thread Richard Levitte
. All other current future release dates will be pushed one week as well. https://www.openssl.org/policies/releasestrat.html will be updated. An official announcement should be made. Proposed by Richard Levitte Public: yes opened: 2018-03-10 closed: -mm-dd THREE DAY VOTE

Re: [openssl-project] VOTE report: Push the release of 1.1.1 beta1 (pre3) forward one week

2018-03-10 Thread Richard Levitte
In message <20180310124318.ga26...@roeckx.be> on Sat, 10 Mar 2018 13:43:18 +0100, Kurt Roeckx <k...@roeckx.be> said: kurt> On Sat, Mar 10, 2018 at 11:45:46AM +0100, Richard Levitte wrote: kurt> > Vote text: kurt> > kurt> > NOTE: THREE DAY VOTE kurt> > Why

Re: [openssl-project] OID policy

2018-03-15 Thread Richard Levitte
In message <20180315.090502.2143972695067215526.levi...@openssl.org> on Thu, 15 Mar 2018 09:05:02 +0100 (CET), Richard Levitte <levi...@openssl.org> said: levitte> So can I assume there's a PR coming up? Ah, saw it! -- Richard Levitte levi...@openssl.org OpenSSL Proje

Re: [openssl-project] OID policy

2018-03-15 Thread Richard Levitte
, plus the approval. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

2018-04-07 Thread Richard Levitte
doesn't look like a POSIX environment. I tried, about 20 years ago. Cmake, which was otherwise a strong candidate i my book, has presented some challenges to port to VMS as well... others have tried. I don't know so many others that have become popular enough to be considered "industry st

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Richard Levitte
In message <20180407174527.gc20...@roeckx.be> on Sat, 7 Apr 2018 19:45:28 +0200, Kurt Roeckx <k...@roeckx.be> said: kurt> On Sat, Apr 07, 2018 at 07:00:21PM +0200, Richard Levitte wrote: kurt> > In message <20180407160031.gb12...@roeckx.be> on Sat, 7 Apr 2018 18:

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Richard Levitte
d2d...@akamai.com> on Sat, 7 Apr 2018 14:15:51 +, "Salz, Rich" <rs...@akamai.com> said: rsalz> I would like to see this put on hold until we fix the ‘now requires 50% more random seeding’ issue. rsalz> rsalz> What should I do to force that issue? rsalz> rsalz&

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-08 Thread Richard Levitte
In message <20180408080942.gb3...@roeckx.be> on Sun, 8 Apr 2018 10:09:42 +0200, Kurt Roeckx <k...@roeckx.be> said: kurt> On Sun, Apr 08, 2018 at 07:39:30AM +0200, Richard Levitte wrote: kurt> > In message <20180407190250.ga27...@roeckx.be> on Sat, 7 Apr 2018 21:

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-08 Thread Richard Levitte
In message <83ae9015-a766-4497-a71d-d537837cf...@openssl.org> on Sun, 08 Apr 2018 19:15:16 +0200, Richard Levitte <levi...@openssl.org> said: levitte> levitte> levitte> Kurt Roeckx <k...@roeckx.be> skrev: (8 april 2018 17:36:27 CEST) levitte> >On Sat, Apr 0

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-08 Thread Richard Levitte
eding a team vote on whether rsalz> or not we want to follow SP800-90A for this release. Hold that thought a moment more... -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mai

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-08 Thread Richard Levitte
t.Pierre> > function for VMS. Speaking of that, got any ideas on how to hook that Matthias.St.Pierre> > on appropriately, without butchering the current DRBG code? Matthias.St.Pierre> Matthias.St.Pierre> Hold the line, I'm currently working on it... Cool, I'll hold. -- Richard Levit

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-08 Thread Richard Levitte
Kurt Roeckx skrev: (8 april 2018 17:36:27 CEST) >On Sat, Apr 07, 2018 at 08:50:35PM +0200, Kurt Roeckx wrote: >> On Sat, Apr 07, 2018 at 05:55:14PM +, Salz, Rich wrote: >> > > Because >> > > - It is not clear we need to do so >> > >> > >That we need to

Re: [openssl-project] Entropy seeding the DRBG

2018-04-04 Thread Richard Levitte
ld prefer to keep it at 128. Raising rsalz> it to 384 is wrong. Note that with a nonce, that'll be 192 bits, unless I'm thinking wrong... But I agree with you, at least from a very practical point of view. -- Richard Levitte levi...@openssl.or

Re: [openssl-project] Some TLS 1.3 drafts don't have branches

2018-04-12 Thread Richard Levitte
ng. The current document matt> is at draft-28 but there have been no incompatible changes (other than matt> the draft version number itself). matt> matt> If someone gives me a +1 I'll create the above. +1 Cheers, Richard -- Richard Levitte levi...@openssl.org O

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Richard Levitte
ally to VMS. What "syscalls" do you expect? -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Richard Levitte
In message <20180407190250.ga27...@roeckx.be> on Sat, 7 Apr 2018 21:02:51 +0200, Kurt Roeckx <k...@roeckx.be> said: kurt> On Sat, Apr 07, 2018 at 06:49:50PM +0200, Richard Levitte wrote: kurt> > H... case 4 shouldn't pose too much problems unless you restart kurt>

Re: [openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

2018-04-07 Thread Richard Levitte
. You can keep the behaviour that if no get_nonce kurt> function is set that it increases the entropy requirement. Aha ok! Yeahok, I see, so if I implement a rand_drbg_get_nonce in rand_vms.c, we're basically set... but that means we need to implement a generic one as well, no? -- Richard Levitte

Re: [openssl-project] Entropy seeding the DRBG

2018-04-07 Thread Richard Levitte
In message <20180407160031.gb12...@roeckx.be> on Sat, 7 Apr 2018 18:00:32 +0200, Kurt Roeckx <k...@roeckx.be> said: kurt> On Sat, Apr 07, 2018 at 04:58:06PM +0200, Richard Levitte wrote: kurt> > > Can I suggest you try something like kurt> > > h

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

2018-04-14 Thread Richard Levitte
In message <20180414194244.ga27...@roeckx.be> on Sat, 14 Apr 2018 21:42:45 +0200, Kurt Roeckx <k...@roeckx.be> said: kurt> On Sat, Apr 14, 2018 at 09:32:31PM +0200, Richard Levitte wrote: kurt> > kurt> > a. 1.1.0's test/recipes/70-test_sslextension.t

[openssl-project] The problem of (implicit) relinking and changed behaviour

2018-04-14 Thread Richard Levitte
ctually pays attention to them? ... and it also begs the question if the alert type change was a bug fix, and in that case, why didn't it propagate to 1.1.0? Should it? Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project h

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

2018-04-14 Thread Richard Levitte
1. Fix any issues so that it is safe to upgrade. openssl-users> 2. Make the library version 1.2 openssl-users> 3. Hack the API to cap the protocol version based on compile-time openssl-users> maximum. openssl-users> openssl-users> -- openssl-users> -- openssl-u

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

2018-04-14 Thread Richard Levitte
In message <44fe0745-31df-41c3-b697-97025643c...@dukhovni.org> on Sat, 14 Apr 2018 16:24:56 -0400, Viktor Dukhovni <openssl-us...@dukhovni.org> said: openssl-users> openssl-users> openssl-users> > On Apr 14, 2018, at 4:18 PM, Richard Levitte <levi...@openss

[openssl-project] Release of OpenSSL beta release 3 (pre5) happens

2018-04-17 Thread Richard Levitte
Hi, just a reminder that we're scheduled to release openssl-1.1.1-pre5 today. I'll do the release this time. If someone could freeze the repo for me, I'd be grateful: ssh openssl-...@git.openssl.org freeze openssl levitte Cheers, Richard -- Richard Levitte levi...@openssl.org

[openssl-project] Release done, repository unfrozen

2018-04-17 Thread Richard Levitte
OpenSSL 1.1.1 pre release 5 done! Repository is now unfrozen. Thank you Matt for the review! Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list

[openssl-project] Problems with waiting for specific person to merge

2018-04-19 Thread Richard Levitte
When someone with write access to the main repo makes a PR and it gets approved, we usually wait for the person to do the final merge. This is perfectly fine to expect from us who are so called fellows, i.e. who are payed directly to work on OpenSSL... but to ask this of everyone else, when

Re: [openssl-project] Problems with waiting for specific person to merge

2018-04-19 Thread Richard Levitte
d habit... unless you have my tendencies, to *ahem* forget that you've self assigned something. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

2018-04-14 Thread Richard Levitte
collection for that matter. I may have missed something, but I am interested. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@opens

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

2018-04-15 Thread Richard Levitte
e was a point brought on by a couple of issues mentioned, I'll take that in a separate email. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-proj

[openssl-project] Proto over ciphers or ciphers over proto? (was: The problem of (implicit) relinking and changed behaviour)

2018-04-15 Thread Richard Levitte
ge to negotiate with the other end? Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Problems with waiting for specific person to merge

2018-04-19 Thread Richard Levitte
've self assigned something. rsalz> rsalz> There's a built-in filter that says "find my PR's" It's just rsalz> on the left side of the search box. Thanks... Now to remember to go there ;-) (I usually start from the notifications page and relatively seldom go to the PR list...

Re: [openssl-project] When to enable TLS 1.3

2018-04-19 Thread Richard Levitte
rises." (https://www.openssl.org/policies/releasestrat.html) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Absence now until Tuesday

2018-04-20 Thread Richard Levitte
I will be pretty much absent starting now and until tuesday. Monday and Tuesday, I'm attending this event: https://www.eventbrite.com/e/hp-connect-sweden-vms-sig-annual-meeting-tickets-42639545027 I might be responding to email sporadically. Don't wait up ;-) Cheers, Richard -- Richard

Re: [openssl-project] When to enable TLS 1.3

2018-04-23 Thread Richard Levitte
be enabled. For that, we would like to know how openssl-users> > applications behave with the current version. openssl-users> openssl-users> It is perhaps unclear in the last sentence what "the current version" openssl-users> means. I took that to mean "the 1.1.0 se

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

2018-04-17 Thread Richard Levitte
In message <87d0yxq0m7@fifthhorseman.net> on Tue, 17 Apr 2018 09:05:52 -0700, Daniel Kahn Gillmor <d...@fifthhorseman.net> said: dkg> On Mon 2018-04-16 08:22:59 +0200, Richard Levitte wrote: dkg> > Generally speaking, I don't necesseraly agree. If the use of an API dkg&

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

2018-04-17 Thread Richard Levitte
In message <fe841b85-ec0c-4e5a-9c3c-3703a8b19...@dukhovni.org> on Tue, 17 Apr 2018 14:32:37 -0400, Viktor Dukhovni <openssl-us...@dukhovni.org> said: openssl-users> openssl-users> openssl-users> > On Apr 17, 2018, at 2:15 PM, Richard Levitte <levi...@openss

[openssl-project] Speeding up the fuzz test...

2018-03-27 Thread Richard Levitte
, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] About PR 5702, etc.

2018-03-29 Thread Richard Levitte
t> during the beta as long as at least 3 OMC members approve the change" I can get behind that. -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@o

  1   2   3   >