[openssl-users] The evolution of the 'master' branch
jb-openssl at wisemo.com
Wed Feb 4 15:48:18 UTC 2015
On 03/02/2015 23:02, Rich Salz wrote:
> As we've already said, we are moving to making most OpenSSL data
> structures opaque. We deliberately used a non-specific term. :)
> As of Matt's commit of the other day, this is starting to happen
> now. We know this will inconvenience people as some applications
> no longer build. We want to work with maintainers to help them
> migrate, as we head down this path.
> We have a wiki page to discuss this effort. It will eventually include
> tips on migration, application and code updates, and anything else the
> community finds useful. Please visit:
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Not much on that page so far, not even a "kill list" of
intended victims except anadmission that EAY's popular DES
library can no longer be accessed via the copyin OpenSSL.
I fear that this is an indication that you will be killing
off all the othernon-EVP entrypoints in libcrypto, making
it much harder to use thelibrary with experimental or
non-standard algorithms and methods.
Just consider how hard it would now be to use libcrypto to
implement stuff like AES-GCM (if it was not already in the
library) or any of the block modes that were proposed in
the FIPS process, but not standardised by NIST (and thus
not included in EVP).
With the classic non-EVP API, it is trivial to wrap a custom
mode around the basic DES/AES/IDEA/... block functions.
And this is just one example of the flexibility provided by
not going through the more rigid EVP API.
Should everyone not doing just TLS1.2 move to a different
librarynow, such as crypto++ ?
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users