From: Andy Polyakov <ap...@openssl.org> Date: Fri, 28 Sep 2012 17:37:19 +0200
> As for Oracle, they all are [or definitely should be and have been] > pro-EVP, because crypto support on pre-T4 was relying on pluggable > engine interface and EVP is the *only* way to utilize it. That's really Oracle's problem, and nothing I am concerned with at all. > Secondly, if you stick to old interface [and want parallelizable > modes] you don't get adequate performance. AES-NI is available only > though EVP (normally developers target on multiple platforms). EVP > interface is the one that gets FIPS-validated, not low-level. There > is a lot of incentives to use EVP, and most critical applications do > so. Even supposedly well maintained trees using openssl's interfaces such as OpenSSH still use a mixture of EVP and direct AES calls. It is impractical to say that everyone should convert. A library is supposed to be maximally useful to it's users, both existing and new. This is violated by simply dismissing existing users who don't use EVP. >> I consider supporting the old APIs a requirement. > > Not at arbitrary high costs... At least for AES and Camellia, the amount of changes necessary for T4 direct support was very low. And BTW, there is precedence for this, as this is what already is done for the s390 crypto instruction support. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
