[openssl-dev] ECDH engine
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Wed Jan 20 21:35:59 UTC 2016
On 1/20/16, 16:25 , "openssl-dev on behalf of Salz, Rich"
<openssl-dev-bounces at openssl.org on behalf of rsalz at akamai.com> wrote:
>> The fact that these mechanisms are half-done means to be that it’s a
>>bug in need of fixing.
>
>I doubt that anyone else on the team will find this argument compelling.
I don’t know. “pkeyutl -engine pkcs11 -keyform engine -derive -inkey
id_03" does not work the way it’s supposed to. To me it usually means a
bug. Another supporting reason - no interface or parameters/arguments
would change, only the internal behavior would be adjusted, resulting in
actually succeeding with a crypto operation rather than returning an error.
But regardless, I hope the team would consider the complexity (or
simplicity :) of the proposed change and the benefits from it. After all,
we’re not lawyers, and (hopefully :) we all want to make/keep this tool as
useful as possible to as many users as feasible (as far as we can :). So
since this change doesn’t require moving heaven and earth (AFAICT),
perhaps the team would consider it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4308 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160120/a2267536/attachment.bin>
More information about the openssl-dev
mailing list