[openssl-dev] A new openssl engine

Alexander Gostrer agostrer at gmail.com
Thu Jun 25 17:48:41 UTC 2015 

Matt,

When you say "would prefer new engines to be maintained outside of the
OpenSSL tree", do you mean a private webpage and/or GitHub? Is there a
central list of Engine implementations? Something that helps the outside
world to find a solution not covered by the openssl community?

Thank you,
Alex.

On Thu, Jun 25, 2015 at 9:03 AM, David Woodhouse <dwmw2 at infradead.org>
wrote:

> On Thu, 2015-06-25 at 15:45 +0000, Viktor Dukhovni wrote:
> > On Thu, Jun 25, 2015 at 04:34:34PM +0100, Matt Caswell wrote:
> >
> > > Whether such a patch would be accepted though is an entirely
> > > different
> > > thing. Personally I would prefer new engines to be maintained
> > > outside of
> > > the OpenSSL tree. Inclusion in the OpenSSL tree implies that the
> > > OpenSSL
> > > dev team will support the code. That becomes very
> > > difficult/impossible
> > > if we do not have access to the hardware.
> >
> > In addition, in order to not dig the hole we're in deeper, the
> > contributed code would have to be high quality code.  That is,
> > clearly written, sensibly commented and well documented.
> >
> > All in all, it seems unlikely that new engines will become part of
> > the OpenSSL official distribution.  If anything, some existing
> > engines are likely to be retired.
>
> FWIW I hope that a PKCS#11 engine might be an exception to that rule.
>
> Note that I say "a" PKCS#11 engine not necessarily "the" PKCS#11
> engine, given the comments about code quality.
>
> Or rather than an engine, merging a suitably licensed version of
> something like libp11 into crypto/p11/ and making PKCS#11 a first-class
> citizen in OpenSSL would perhaps be a better option...
>
>
> --
> dwmw2
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150625/981a632b/attachment-0001.html>

More information about the openssl-dev mailing list