William A. Rowe, Jr. wrote:
As a general observation, mod_ssl is a good example of library abuse; we really never leveraged it to do exactly what it does well, after sticking our fingers into every corner of the library at every layer.
Exactly, which is why the apr_evp interface is trying to do one thing and one thing well: encrypt and decrypt arbitrary strings.
There are some things that over the recent weeks I have found that OpenSSL doesn't do well, or at all (or that are undocumented), and the interface has been written and rewritten a number of times. Eventually I got tired of reinventing the thing based on my limited understanding of OpenSSL and decided to throw it to the wider and more knowledgeable audience here.
The library does not want to support every single feature of every single crypto API out there, but at the same time it doesn't want to throw arbitrary boulders in the way of getting stuff done. I hope to find a balance.
Fortunately the EVP interface seems pretty straightforward, I see no need for it to become big and unwieldy.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
