[openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Nov 19 19:28:53 UTC 2015
On Thu, Nov 19, 2015 at 05:07:38PM +0000, Richard Moore wrote:
>Yes, but a several people (including me) disagree with you. And one of the
> options that has been suggested is to keep the code but have it disabled by
> default.
Note, we're talking about "disabled" as opposed to "not compiled".
Stuff that's not compiled by default tends to not get tested, and
breaks silently when it is needed. That's not terribly useful.
(Yes, I know about RC5, which is not compiled by default for IPR
reasons. Distributions that have never shipped IDEA compiled-in
can disable it downstream).
This means that absent explicit compile-time directives, the EVP
interface will not expose the legacy algorithms. Middleware that
provides general-purpose crypto interfaces on top of OpenSSL to
other software will need to enable the legacy algorithms.
I am not convinced that making people jump through the extra hoops
would be worth the effort on our part and theirs. Whom would we
be helping?
The simplest thing to do is to make legacy libcrypto code maximally
maintainable, and if removing assembly support does that, than we
do that. Beyond that, do nothing. What algorithms people use on
their own data is their choice and risk decision not ours.
--
Viktor.
More information about the openssl-dev
mailing list