We don't guarantee constant time. Tim.
On Fri, 27 Mar 2020, 5:41 am Bernd Edlinger, <bernd.edlin...@hotmail.de> wrote: > So I disagree, it is a bug when it is not constant time. > > > On 3/26/20 8:26 PM, Tim Hudson wrote: > > +1 for a release - and soon - and without bundling any more changes. The > > circumstances justify getting this fix out. But I also think we need to > > keep improvements that aren't bug fixes out of stable branches. > > > > Tim. > > > > On Fri, 27 Mar 2020, 3:12 am Matt Caswell, <m...@openssl.org> wrote: > > > >> On 26/03/2020 15:14, Short, Todd wrote: > >>> This type of API-braking change should be reserved for something like > >>> 3.0, not a patch release. > >>> > >>> Despite it being a "incorrect", it is expected behavior. > >>> > >> > >> Right - but the question now is not whether we should revert it (it has > >> been reverted) - but whether this should trigger a 1.1.1f release soon? > >> > >> Matt > >> > >>> -- > >>> -Todd Short > >>> // tsh...@akamai.com <mailto:tsh...@akamai.com> > >>> // “One if by land, two if by sea, three if by the Internet." > >>> > >>>> On Mar 26, 2020, at 11:03 AM, Dr. Matthias St. Pierre > >>>> <matthias.st.pie...@ncp-e.com <mailto:matthias.st.pie...@ncp-e.com>> > >>>> wrote: > >>>> > >>>> I agree, go ahead. > >>>> > >>>> Please also consider reverting the change for the 3.0 alpha release as > >>>> well, see Daniel Stenbergs comment > >>>> > https://github.com/openssl/openssl/issues/11378#issuecomment-603730581 > >>>> < > >> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378-23issuecomment-2D603730581&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=djWoIIXyggxwOfbwrmYGrSJdR5tWm06IdzY9x9tDxkA&e= > >>> > >>>> > >>>> Matthias > >>>> > >>>> > >>>> *From**:* openssl-project <openssl-project-boun...@openssl.org > >>>> <mailto:openssl-project-boun...@openssl.org>> *On Behalf Of *Dmitry > >>>> Belyavsky > >>>> *Sent:* Thursday, March 26, 2020 3:48 PM > >>>> *To:* Matt Caswell <m...@openssl.org <mailto:m...@openssl.org>> > >>>> *Cc:* openssl-project@openssl.org <mailto:openssl-project@openssl.org > > > >>>> *Subject:* Re: 1.1.1f > >>>> > >>>> > >>>> On Thu, Mar 26, 2020 at 5:14 PM Matt Caswell <m...@openssl.org > >>>> <mailto:m...@openssl.org>> wrote: > >>>> > >>>> The EOF issue (https://github.com/openssl/openssl/issues/11378 > >>>> < > >> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=MAiLjfGJWaKvnBvqnM4fcyvGVfUyj9CDANO_vh4wfco&e= > >>> ) > >>>> has > >>>> resulted in us reverting the original EOF change in the 1.1.1 > branch > >>>> (https://github.com/openssl/openssl/pull/11400 > >>>> < > >> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_11400&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=3hBU2pt84DQlrY1dCnSn9x1ah1gSzH6NEO_bNRH-6DE&e= > >>> ). > >>>> > >>>> Given that this seems to have broken quite a bit of stuff, I > propose > >>>> that we do a 1.1.1f soon (possibly next Tuesday - 31st March). > >>>> > >>>> Thoughts? > >>>> > >>>> > >>>> I strongly support this idea. > >>>> > >>>> -- > >>>> SY, Dmitry Belyavsky > >>> > >> > > >
