David Benjamin

Oh yeah, the multiple parameter thing was just me bemoaning the state of the world. Definitely agreed that test vectors aren't really the place to address that. (TBH we're pretty...

Definitely not! Those OIDs are *absurdly* complicated. We explicitly rejected implementing them in BoringSSL because of how badly they were defined. :-) It takes more bytes to say "RSA-PSS-SHA256" than...

> The error is odd. [...] I do believe `-fPIC` option is passed to the compiler. The linker error does not make sense to me. `-fPIC` will change the kinds...

I suspect this will break stuff. See: https://mta.openssl.org/pipermail/openssl-dev/2016-September/008488.html https://github.com/openssl/openssl/pull/1597 https://github.com/openssl/openssl/pull/3181

Does that client support any non-ECDHE ciphers? I would expect OpenSSL to fall back to those. Also, note that this is not perfectly okay according to TLS 1.3. It is,...

It sounds like core the issue is the `OSSL_PARAM` semantic of ignoring unused parameters. That seems not the right design for precisely this issue. If you mis-specify an optional parameter,...

Something seems off here. https://github.com/openssl/openssl/issues/24650 cites `N=1048576, r=8, p=1` tests in the RFC as evidence that the restriction is wrong. It further cites other implementations... > [Golang x/crypto](https://cs.opensource.google/go/x/crypto/+/master:scrypt/scrypt_test.go;l=112-127) and [BoringSSL](https://github.com/google/boringssl/blob/master/crypto/evp/scrypt_tests.txt#L30-L38)...

Sounds like the erratum is invalid and should be marked as such.

Ah, nevermind, I see. The erratum wasn't filed because of this misdiagnosis but something else.

Given these chips all have NEON, I suspect that's not all of it. For ARMv8 chips without crypto extensions (sigh), the 32-bit code still has some NEON paths, while the...