On Thu, 2015-06-25 at 15:45 +0000, Viktor Dukhovni wrote: > On Thu, Jun 25, 2015 at 04:34:34PM +0100, Matt Caswell wrote: > > > Whether such a patch would be accepted though is an entirely > > different > > thing. Personally I would prefer new engines to be maintained > > outside of > > the OpenSSL tree. Inclusion in the OpenSSL tree implies that the > > OpenSSL > > dev team will support the code. That becomes very > > difficult/impossible > > if we do not have access to the hardware. > > In addition, in order to not dig the hole we're in deeper, the > contributed code would have to be high quality code. That is, > clearly written, sensibly commented and well documented. > > All in all, it seems unlikely that new engines will become part of > the OpenSSL official distribution. If anything, some existing > engines are likely to be retired.
FWIW I hope that a PKCS#11 engine might be an exception to that rule. Note that I say "a" PKCS#11 engine not necessarily "the" PKCS#11 engine, given the comments about code quality. Or rather than an engine, merging a suitably licensed version of something like libp11 into crypto/p11/ and making PKCS#11 a first-class citizen in OpenSSL would perhaps be a better option... -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
