New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Doc update - legacy provider's cipher algorithms #15197
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor wording changes mostly.
doc/man7/OSSL_PROVIDER-legacy.pod
Outdated
@@ -52,6 +52,30 @@ The OpenSSL legacy provider supports these operations and algorithms: | |||
|
|||
=back | |||
|
|||
=head2 Symmetric Ciphers | |||
|
|||
Not all the symmetric cipher algorithms can be enabled in a particular OpenSSL build. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not all of these symmetric cipher algorithms are enabled by default.
Although, it would also be good to indicate which aren't: This cipher is not enabled by default. Use the enable-XXX configuration to enable it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This still needs changing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added the mentioning to the rc5 section (which seems the only disabled by default). Could you please clarify what else should be done?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change the text to Not all of these symmetric cipher algorithms are enabled by default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Thanks!
be767f8
to
6baf46d
Compare
Hopefully fixed |
6baf46d
to
51b2a92
Compare
Not sure the third party implementation should even be mentioned - these are fairly DEAD algorithms.. |
I agree, I think it was better without that mention. |
'Enumerating the ' sounds like a code change.. |
Oops - that wasnt what I meant to do,, |
What about saying that they aren't available with OpenSSL's default provider, and that to use them, you will for example have to load OpenSSL's legacy provider? |
That seems reasonable. |
51b2a92
to
3183d1e
Compare
3183d1e
to
a32e0bd
Compare
doc/man3/EVP_des_cbc.pod
Outdated
@@ -54,6 +54,10 @@ EVP_des_ofb() | |||
DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit | |||
shift and OFB modes. | |||
|
|||
All these algorithms are not provided by the default OpenSSL provider. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of these algorithms...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think "None of these algorithms are provided" is more clear.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a native here, so feel free to disregard this completely, but would "OpenSSL default
provider" be more appropriate here? To me here default
is more akin to the name of a particular provider instance than a generic adjective qualifying the provider.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reworded. @romen, would you mind reapproving?
a32e0bd
to
34f9c0b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved subject to the second of being added.
I'm sorry, @paulidale, I don't understand it the phrasing should be polished a bit more (and then could you please give an exact formula) or it's OK to you (and then could you please add the approval label)? Many thanks! |
34f9c0b
to
aabfb52
Compare
Ping @openssl/otc to re-approve after, hopefully, final rewording |
aabfb52
to
15e3ce6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Finally 👍
(here was a long quote from "Parkinson's law") |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #15197)
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #15197)
Finally merged. Thanks! |
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#15197)
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#15197)
Checklist