[openssl-dev] A new openssl engine
Matt Caswell
matt at openssl.org
Thu Jun 25 23:23:39 UTC 2015
On 25/06/15 21:58, Viktor Dukhovni wrote:
> On Thu, Jun 25, 2015 at 10:48:08PM +0200, Kurt Roeckx wrote:
>
>> On Thu, Jun 25, 2015 at 11:36:58PM +0300, Dmitry Belyavsky wrote:
>>>
>>> BTW, what does the OpenSSL Team plan regarding the GOST engine?
>>
>> I think some of us want to get rid of it, because it's rather
>> crappy code.
>
> I think that if GOST is really going to be a supported set of
> algorithms, then it should not be an engine, and should be integrated
> properly, with robust well written and carefully reviewed code.
>
> The current engine is IMHO not a good long-term vehicle for providing
> GOST support to OpenSSL users.
>
I don't see GOST being integrated as a first class citizen in the near
future unless a member of the dev team volunteers to own it. So far I've
not seen any evidence of that happening (although to be fair I've not
asked the question until now!).
In the absence of such an owner stepping forward, my preferred solution
is to spin GOST out as a separately maintained engine - if we could find
someone willing to take it on.
Of course there's nothing to stop us doing both, i.e. in the short term
spin it out as a separate engine whilst looking towards a longer term
plan of integrating it as a first class citizen.
Matt
More information about the openssl-dev
mailing list