[openssl-dev] [RFC v2 2/2] pem: load engine keys
Roumen Petrov
openssl at roumenpetrov.info
Sun Dec 11 16:31:10 UTC 2016
Hi Richard,
Richard Levitte wrote:
> In message<20161206.223057.237264374331072901.levitte at openssl.org> on Tue, 06 Dec 2016 22:30:57 +0100 (CET), Richard Levitte<levitte at openssl.org> said:
>
> levitte> [SNIP]
>
> The easiest was actually to rewrite PEM_read_bio_PrivateKey()
> entirely, so it solely uses the internal store_file functions I've
> provided.
> I wonder what kind of impact this would have on the community at
> large.
PEM_read_bio_PrivateKey use custom password callback . You propose "Store-API" with UI_METHOD as password callback.
Rewrite of pem_read... method obsoletes pem_password_cb.
What about to ensure a transition period?
For instance in openssl 1.1 to provide new functions based on UI_METHOD and to mark existing as deprecated.
One remark for store load function api - in most cases (load from file) it is password callback but is other cases it could be PIN or something different.
Please use more generic description.
For instance engine callback is defined in generic way - ui_method and its callback_data.
> Cheers,
> Richard
Regards,
Roumen
More information about the openssl-dev
mailing list