So I disagree, it is a bug when it is not constant time.
On 3/26/20 8:26 PM, Tim Hudson wrote: > +1 for a release - and soon - and without bundling any more changes. The > circumstances justify getting this fix out. But I also think we need to > keep improvements that aren't bug fixes out of stable branches. > > Tim. > > On Fri, 27 Mar 2020, 3:12 am Matt Caswell, <m...@openssl.org> wrote: > >> On 26/03/2020 15:14, Short, Todd wrote: >>> This type of API-braking change should be reserved for something like >>> 3.0, not a patch release. >>> >>> Despite it being a "incorrect", it is expected behavior. >>> >> >> Right - but the question now is not whether we should revert it (it has >> been reverted) - but whether this should trigger a 1.1.1f release soon? >> >> Matt >> >>> -- >>> -Todd Short >>> // tsh...@akamai.com <mailto:tsh...@akamai.com> >>> // “One if by land, two if by sea, three if by the Internet." >>> >>>> On Mar 26, 2020, at 11:03 AM, Dr. Matthias St. Pierre >>>> <matthias.st.pie...@ncp-e.com <mailto:matthias.st.pie...@ncp-e.com>> >>>> wrote: >>>> >>>> I agree, go ahead. >>>> >>>> Please also consider reverting the change for the 3.0 alpha release as >>>> well, see Daniel Stenbergs comment >>>> https://github.com/openssl/openssl/issues/11378#issuecomment-603730581 >>>> < >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378-23issuecomment-2D603730581&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=djWoIIXyggxwOfbwrmYGrSJdR5tWm06IdzY9x9tDxkA&e= >>> >>>> >>>> Matthias >>>> >>>> >>>> *From**:* openssl-project <openssl-project-boun...@openssl.org >>>> <mailto:openssl-project-boun...@openssl.org>> *On Behalf Of *Dmitry >>>> Belyavsky >>>> *Sent:* Thursday, March 26, 2020 3:48 PM >>>> *To:* Matt Caswell <m...@openssl.org <mailto:m...@openssl.org>> >>>> *Cc:* openssl-project@openssl.org <mailto:openssl-project@openssl.org> >>>> *Subject:* Re: 1.1.1f >>>> >>>> >>>> On Thu, Mar 26, 2020 at 5:14 PM Matt Caswell <m...@openssl.org >>>> <mailto:m...@openssl.org>> wrote: >>>> >>>> The EOF issue (https://github.com/openssl/openssl/issues/11378 >>>> < >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=MAiLjfGJWaKvnBvqnM4fcyvGVfUyj9CDANO_vh4wfco&e= >>> ) >>>> has >>>> resulted in us reverting the original EOF change in the 1.1.1 branch >>>> (https://github.com/openssl/openssl/pull/11400 >>>> < >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_11400&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=3hBU2pt84DQlrY1dCnSn9x1ah1gSzH6NEO_bNRH-6DE&e= >>> ). >>>> >>>> Given that this seems to have broken quite a bit of stuff, I propose >>>> that we do a 1.1.1f soon (possibly next Tuesday - 31st March). >>>> >>>> Thoughts? >>>> >>>> >>>> I strongly support this idea. >>>> >>>> -- >>>> SY, Dmitry Belyavsky >>> >> >