[openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Viktor Dukhovni
openssl-users at dukhovni.org
Sun Nov 15 17:09:48 UTC 2015
On Sun, Nov 15, 2015 at 01:11:37PM +0100, Richard Levitte wrote:
> pl> It is perhaps time to split crypto library in two libraries
> pl> libcryptolegacy and libcryptostrong...
> pl>
> pl> My two cents.
>
> I though could be to make a "legacy" engine that holds the removed
> crypto algos. It could be maintained outside of mainstream OpenSSL,
> really by anyone...
If the engine is not automatically loaded, then scripting languages
that provide wrappers around the various algorithms, as does other
software that needs the legacy algoriths, but has never needed any
engines and makes no provisions for loading any.
With a separate library one might imagine its "init" method calling
some function in libcrypto that makes the legacy algorithms available
via EVP, and then Python, Perl, ... could be linked with:
-lweakcrypto -lssl -lcrypto
That's something distribution maintainers could do, but is this
really a productive step to take at this time? That library will
take more effort to produce than leaving things as they are.
--
Viktor.
More information about the openssl-dev
mailing list