<div dir="auto">We don't guarantee constant time.<div dir="auto"><br></div><div dir="auto">Tim.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 27 Mar 2020, 5:41 am Bernd Edlinger, <<a href="mailto:bernd.edlinger@hotmail.de">bernd.edlinger@hotmail.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So I disagree, it is a bug when it is not constant time.<br>
<br>
<br>
On 3/26/20 8:26 PM, Tim Hudson wrote:<br>
> +1 for a release - and soon - and without bundling any more changes. The<br>
> circumstances justify getting this fix out. But I also think we need to<br>
> keep improvements that aren't bug fixes out of stable branches.<br>
> <br>
> Tim.<br>
> <br>
> On Fri, 27 Mar 2020, 3:12 am Matt Caswell, <<a href="mailto:matt@openssl.org" target="_blank" rel="noreferrer">matt@openssl.org</a>> wrote:<br>
> <br>
>> On 26/03/2020 15:14, Short, Todd wrote:<br>
>>> This type of API-braking change should be reserved for something like<br>
>>> 3.0, not a patch release.<br>
>>><br>
>>> Despite it being a "incorrect", it is expected behavior.<br>
>>><br>
>><br>
>> Right - but the question now is not whether we should revert it (it has<br>
>> been reverted) - but whether this should trigger a 1.1.1f release soon?<br>
>><br>
>> Matt<br>
>><br>
>>> --<br>
>>> -Todd Short<br>
>>> // <a href="mailto:tshort@akamai.com" target="_blank" rel="noreferrer">tshort@akamai.com</a> <mailto:<a href="mailto:tshort@akamai.com" target="_blank" rel="noreferrer">tshort@akamai.com</a>><br>
>>> // “One if by land, two if by sea, three if by the Internet."<br>
>>><br>
>>>> On Mar 26, 2020, at 11:03 AM, Dr. Matthias St. Pierre<br>
>>>> <<a href="mailto:Matthias.St.Pierre@ncp-e.com" target="_blank" rel="noreferrer">Matthias.St.Pierre@ncp-e.com</a> <mailto:<a href="mailto:Matthias.St.Pierre@ncp-e.com" target="_blank" rel="noreferrer">Matthias.St.Pierre@ncp-e.com</a>>><br>
>>>> wrote:<br>
>>>><br>
>>>> I agree, go ahead.<br>
>>>><br>
>>>> Please also consider reverting the change for the 3.0 alpha release as<br>
>>>> well, see Daniel Stenbergs comment<br>
>>>> <a href="https://github.com/openssl/openssl/issues/11378#issuecomment-603730581" rel="noreferrer noreferrer" target="_blank">https://github.com/openssl/openssl/issues/11378#issuecomment-603730581</a><br>
>>>> <<br>
>> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378-23issuecomment-2D603730581&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=djWoIIXyggxwOfbwrmYGrSJdR5tWm06IdzY9x9tDxkA&e=" rel="noreferrer noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378-23issuecomment-2D603730581&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=djWoIIXyggxwOfbwrmYGrSJdR5tWm06IdzY9x9tDxkA&e=</a><br>
>>><br>
>>>><br>
>>>> Matthias<br>
>>>><br>
>>>><br>
>>>> *From**:* openssl-project <<a href="mailto:openssl-project-bounces@openssl.org" target="_blank" rel="noreferrer">openssl-project-bounces@openssl.org</a><br>
>>>> <mailto:<a href="mailto:openssl-project-bounces@openssl.org" target="_blank" rel="noreferrer">openssl-project-bounces@openssl.org</a>>> *On Behalf Of *Dmitry<br>
>>>> Belyavsky<br>
>>>> *Sent:* Thursday, March 26, 2020 3:48 PM<br>
>>>> *To:* Matt Caswell <<a href="mailto:matt@openssl.org" target="_blank" rel="noreferrer">matt@openssl.org</a> <mailto:<a href="mailto:matt@openssl.org" target="_blank" rel="noreferrer">matt@openssl.org</a>>><br>
>>>> *Cc:* <a href="mailto:openssl-project@openssl.org" target="_blank" rel="noreferrer">openssl-project@openssl.org</a> <mailto:<a href="mailto:openssl-project@openssl.org" target="_blank" rel="noreferrer">openssl-project@openssl.org</a>><br>
>>>> *Subject:* Re: 1.1.1f<br>
>>>><br>
>>>><br>
>>>> On Thu, Mar 26, 2020 at 5:14 PM Matt Caswell <<a href="mailto:matt@openssl.org" target="_blank" rel="noreferrer">matt@openssl.org</a><br>
>>>> <mailto:<a href="mailto:matt@openssl.org" target="_blank" rel="noreferrer">matt@openssl.org</a>>> wrote:<br>
>>>><br>
>>>>     The EOF issue (<a href="https://github.com/openssl/openssl/issues/11378" rel="noreferrer noreferrer" target="_blank">https://github.com/openssl/openssl/issues/11378</a><br>
>>>>     <<br>
>> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=MAiLjfGJWaKvnBvqnM4fcyvGVfUyj9CDANO_vh4wfco&e=" rel="noreferrer noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=MAiLjfGJWaKvnBvqnM4fcyvGVfUyj9CDANO_vh4wfco&e=</a><br>
>>> )<br>
>>>>     has<br>
>>>>     resulted in us reverting the original EOF change in the 1.1.1 branch<br>
>>>>     (<a href="https://github.com/openssl/openssl/pull/11400" rel="noreferrer noreferrer" target="_blank">https://github.com/openssl/openssl/pull/11400</a><br>
>>>>     <<br>
>> <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_11400&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=3hBU2pt84DQlrY1dCnSn9x1ah1gSzH6NEO_bNRH-6DE&e=" rel="noreferrer noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_11400&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=3hBU2pt84DQlrY1dCnSn9x1ah1gSzH6NEO_bNRH-6DE&e=</a><br>
>>> ).<br>
>>>><br>
>>>>     Given that this seems to have broken quite a bit of stuff, I propose<br>
>>>>     that we do a 1.1.1f soon (possibly next Tuesday - 31st March).<br>
>>>><br>
>>>>     Thoughts?<br>
>>>><br>
>>>><br>
>>>> I strongly support this idea.<br>
>>>><br>
>>>> --<br>
>>>> SY, Dmitry Belyavsky<br>
>>><br>
>><br>
> <br>
</blockquote></div>