Backports to 1.1.1 and what is allowed

Matt Caswell matt at openssl.org
Fri Jun 19 21:29:24 UTC 2020



On 19/06/2020 21:42, Kurt Roeckx wrote:
> I think one other thing that has come up is adding support for a
> new target, which can just be some small change to configuration
> files. Is that something we want to accept?

I think previously we have said that a new target is a new feature and
therefore haven't allowed it. But even this I think is a grey area. If a
target could be added simply by adding some lines to Configure, probably
the risk to our existing users is very low. OTOH, if adding a platform
means adding lots of ifdef hackery throughout the codebase then the risk
of something going wrong is significantly higher.

> So we currently also have PR #12201 that adds a new constant time
> P-384 implementation. Do you think we should backport that to the
> 1.1.1 branch? If the answer is different than for the assembler,
> why?

My immediate reaction to that is no - it shouldn't go to 1.1.1. That
would impact a very high proportion of our user base.

Matt


More information about the openssl-project mailing list