Skip to content

Comments

Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()#10815

Closed
levitte wants to merge 1 commit intoopenssl:masterfrom
levitte:fix-evp_digestsign-and-evp_digestverify-3
Closed

Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()#10815
levitte wants to merge 1 commit intoopenssl:masterfrom
levitte:fix-evp_digestsign-and-evp_digestverify-3

Conversation

@levitte
Copy link
Member

@levitte levitte commented Jan 12, 2020

The returned -2 was to mark when these operations are unsupported.
However, that breaks away from the previous API and expectations, and
there's not enough justification for that not being zero.

@levitte
Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()
70731c3 
The returned -2 was to mark when these operations are unsupported.
However, that breaks away from the previous API and expectations, and
there's not enough justification for that not being zero.
@levitte levitte added branch: master Applies to master branch approval: review pending This pull request needs review by a committer labels Jan 12, 2020
@levitte levitte requested a review from romen January 12, 2020 00:14
@levitte
Copy link
Member Author

levitte commented Jan 12, 2020

@romen, thanks for your input in #10805... here's the other way to deal with this issue 😄

romen
romen approved these changes Jan 12, 2020
View reviewed changes
Copy link
Member

@romen romen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM !

What could we do to put this on the path for revision for a release after 3.0?

I share the wish of uniformity across the board for the family of EVP_<someop>_init() and it seems reasonable to dedicate a return value (-2 is somewhat our default for this in many places) for the "op not supported with this obscure key you gave me".

@romen
Copy link
Member

romen commented Jan 12, 2020

I believe that excluding the change to crypto/evp/m_sigver.c this PR should be backported to 1.1.1 as well.

Do we need a separate PR for that in this case?

@romen romen added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Jan 12, 2020
@levitte
Copy link
Member Author

levitte commented Jan 13, 2020

Do we need a separate PR for that in this case?

I don't think so. You've essentially approved a selective backport, and it should be clean.

@kaduk
Copy link
Contributor

kaduk commented Jan 13, 2020

LGTM !

What could we do to put this on the path for revision for a release after 3.0?

I share the wish of uniformity across the board for the family of EVP_<someop>_init() and it seems reasonable to dedicate a return value (-2 is somewhat our default for this in many places) for the "op not supported with this obscure key you gave me".

I'd really like to be able to do this as well, but having reflected about the broader topic a lot over the past several months, I'm coming around to think that the only reliable way to effect this kind of change is to define completely new APIs with the "proper semantics", and go through the full (5-year) deprecation cycle for the old APIs. The risk of silently breaking applications seems to outweigh the marginal consistency gains, otherwise.

@levitte levitte added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Jan 15, 2020
openssl-machine pushed a commit that referenced this pull request Jan 15, 2020
@levitte
Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()
7612366 
The returned -2 was to mark when these operations are unsupported.
However, that breaks away from the previous API and expectations, and
there's not enough justification for that not being zero.

Reviewed-by: Nicola Tuveri <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from #10815)
@levitte levitte added the branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) label Jan 15, 2020
@levitte
Copy link
Member Author

levitte commented Jan 15, 2020

Merged.

7612366 Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()

The backport to 1.1.1 has a different commit message, so I'm submitting a separate PR for it.

@levitte levitte mentioned this pull request Jan 15, 2020
Closed
@levitte
Copy link
Member Author

levitte commented Jan 15, 2020

See #10847 for the backport

@levitte levitte closed this Jan 15, 2020
@Jakuje Jakuje mentioned this pull request Jan 15, 2020
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@t8m t8m t8m approved these changes

+1 more reviewer

@romen romen romen approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Applies to master branch branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@levitte @romen @kaduk @t8m