"Dr Stephen Henson (by way of Goetz Babin-Ebell )" wrote:
>
> Ulf Moeller wrote:
> >
> > >Was I assuming too much when I assumed that OpenSSL would be a useful
> > >framework for implementing cryptosystems not currently used by SSL or
> > >TLS?
> >
> > It depends on what you want to do. I have found OpenSSL a very useful
> > basis for my OpenPGP implementation. Implementing ElGamal as specified
> > in OpenPGP was a matter of minutes (bignum support, parameter
> > generation and padding functions already being available). Extending
> > the EVP library probably is more work.
>
> The EVP library is long overdue an overhaul. Did anyone ever ask for the
> patches Lutz Behnke <[EMAIL PROTECTED]> was developing which looked
> like they would address some of these issues?
An is long overdue a valid response B-(, And I have not even been taking
the time to read openssl-dev in the last few weeks.
Ok, since I do this on company time, my focus has been less to change
the
whole EVP system, but more to add the need to add support for PKCS11
What I did do is add an interface to the symetric ciphers that allows
to set parameters for them. But this still needs the ASN.1 routines to
put in a structure that contains all the parameters. steve and I had
a brief discussion in march.
I also split up the mechanism and the actual key for the asym
algorithms.
BUT (an this is a big one), it still does not work properly and the
diffs
out of my CVS are as large as the whole library, because I cannot tell
it
to disregard WS changes.
I could put the patch on the ML, but I would rather not due to size, if
it
doesn't even work right.
But once I am on the subject, I have a question:
Up till now the pub/priv key object was called 'PKEY'. Because I wanted
to seperate the key from the mechansim I invented a PKEY_CTX and had
my complile slam into all of the incorect usages of PKEY because
it contained none of the right fields in the structure. Now that
I am through with that proces I have too seperate names for all the
symbols
in the code that I can assign a good name to. And this is the question:
what is the context. The actual key, as it seems to me in the symetric
ciphers, or the mechanism in which the key exists and without the
information
of the key is not sufficient to do any work?
Please advise, and on the subject of posting a meg of data to a ML as
well.
mgh lutz
--
*******************************************************************
Lutz Behnke Tel.: 040 / 766 29 1423
TC TrustCenter for Security Fax.: 040 / 766 29 577
in Data Networks GmbH email: [EMAIL PROTECTED]
Am Werder 1
21073 Hamburg, Germany
S/MIME Cryptographic Signature
