[openssl-dev] Engine removal

Matt Caswell matt at openssl.org
Tue Oct 13 12:34:01 UTC 2015 

There are a number of engines within OpenSSL which, I believe, are
largely dead and unused. I would like to remove them from version 1.1.0.
Before I do so, I'd like to hear from anyone that can tell me about any
active use of these engines.

Specifically the ones I am currently looking at are:

4758cca: This provides support for the IBM 4758 PCI Cryptographic
Coprocessor which was discontinued in June 2005. It was replaced by the
4764 which was itself discontinued in December 2011. In its current form
this was added in 2002. There were a few emails about it to
openssl-users in 2002/2003 but not much since. I did find an email from
2006 from someone asking about support for the 4764.

aep: Believed to be developed by AEP Systems – which now does not seem
to exist. My guess is it is a predecessor of Ultra Electronics AEP. In
its current form the engine has been there since 2002. I found a
reference from 2004 of someone actually using it, and a post to
openssl-users in 2002, but that's about it. RT ticket 895 from 2004
describes a problem with the AEP engine not working with Linux pthreads.
No solution is recorded and the code as described in the ticket is still
present in the engine today.

atalla: Atalla is (now?) an HP brand (previously believed to be Compaq).
Earliest git log entry I could find was from 2000 (files have been
renamed since). Very little activity since. RT ticket 816 from 2004 has
a bug report filed by someone using the atalla engine (on HPUX). I found
a small number of openssl-users emails dating from between 2001-2004.
Nothing recent.

cswift: This is for the Rainbow Technologies CryptoSwift HSM
Cryptographic Accelerator. Rainbow Technologies was bought by SafeNet
Inc. RT825 provided a patch for the engine in 2004, which was applied in
2005. No significant activity since then. RT275 from 2002 also provided
a patch which was applied. I found a few openssl-users posts dating from
2001-2003 about it. Not much since then. I did find a post from 2007
about someone (unsuccessfully apparently) trying to get it going.

nuron: Google has failed me. I can't find anything out about this engine
at all. No posts to openssl-users. Moved as part of the engine rewrite
in 2002. No significant activity since then.

sureware: Engine for Sureware HSM from Baltimore Technologies, circa
2000.  I found some openssl-users enquiries about this from 2004. No
significant activity since the engine rewrite in 2002.

If anyone can tell me good reasons why these engines shouldn't go, then
please let me know!

Thanks

Matt

More information about the openssl-dev mailing list