From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/3258
Path: news.gmane.org!not-for-mail
From: Szabolcs Nagy <nsz@port70.net>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: High-priority library replacements?
Date: Tue, 30 Apr 2013 13:30:20 +0200
Message-ID: <20130430113020.GL12689@port70.net>
References: <CAOPXC2=iHvRetaLzvdOuRKdXe5D19_-G+2N5vf-dxxYy7M6eQg@mail.gmail.com>
 <20130426005545.GA7923@Caracal>
 <CAOPXC2mtay5vyPUdLbbC3Pp+HQG3WxAH3mtRDZeby2+jfxzVrA@mail.gmail.com>
 <20130429101620.GG12689@port70.net>
 <CAOPXC2kYu7WxcRAqT-Ni=hYwJkxreSEvMRh7vsVap=e4VjcVjg@mail.gmail.com>
 <20130429215500.GJ12689@port70.net>
 <20130430021014.GC20323@brightrain.aerifal.cx>
 <CAOPXC2n3Q0Q5LKA9SG-Fz6gzj+_0HLjAetvXq-Sf80B5xh05eg@mail.gmail.com>
 <20130430083516.GK12689@port70.net>
 <CAOPXC2mdk397cWFkqAz4bJNo4_+fWBv-VupWCHJTLGuFawcFDw@mail.gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1367321435 602 80.91.229.3 (30 Apr 2013 11:30:35 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 30 Apr 2013 11:30:35 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-3262-gllmg-musl=m.gmane.org@lists.openwall.com Tue Apr 30 13:30:35 2013
Return-path: <musl-return-3262-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-3262-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1UX8lX-0000I9-4O
	for gllmg-musl@plane.gmane.org; Tue, 30 Apr 2013 13:30:35 +0200
Original-Received: (qmail 18389 invoked by uid 550); 30 Apr 2013 11:30:34 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 18348 invoked from network); 30 Apr 2013 11:30:31 -0000
Content-Disposition: inline
In-Reply-To: <CAOPXC2mdk397cWFkqAz4bJNo4_+fWBv-VupWCHJTLGuFawcFDw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Xref: news.gmane.org gmane.linux.lib.musl.general:3258
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/3258>

* Gregor Pintar <grpintar@gmail.com> [2013-04-30 11:58:26 +0200]:
> 2013/4/30, Szabolcs Nagy <nsz@port70.net>:
> > * Gregor Pintar <grpintar@gmail.com> [2013-04-30 08:32:26 +0200]:
> >> My idea was that program would be correct, if it inputs too much data
> >> to hash function. It is very cheap to implement in most algorithms
> >> (detect counter overflow). Otherwise program has to count it himself.
> >
> > i dont think the program has to count
> >
> > eg in case of sha1 if you know that the throughput is less than
> > 10gbps then it takes more than 50years to overflow
> >
> Blowfish can encrypt max 128GB.
> 

i see, i didn't know this

i wonder how often do ppl check the return value
(eg you don't seem to do it in your tests)

> > in theory there might be use-cases where the overflow could occure
> > in which case reporting error makes sense, but it seems to me that
> > can be avoided by the proper choice of algorithm or reasonable
> > application design
> >
> Choice of algorithm is not mine.

i meant that if a tool is used for something that it was not
designed for then that's a user error not a tool error


the lib looks fine otherwise, but the hard parts are missing for tls
(rsa,dsa,ecdsa require a bignum library, tls requires a parser for a
lot of complex formats)