Dear Matt, On Fri, Jun 26, 2015 at 2:23 AM, Matt Caswell <m...@openssl.org> wrote:
> > > On 25/06/15 21:58, Viktor Dukhovni wrote: > > On Thu, Jun 25, 2015 at 10:48:08PM +0200, Kurt Roeckx wrote: > > > >> On Thu, Jun 25, 2015 at 11:36:58PM +0300, Dmitry Belyavsky wrote: > >>> > >>> BTW, what does the OpenSSL Team plan regarding the GOST engine? > >> > >> I think some of us want to get rid of it, because it's rather > >> crappy code. > > > > I think that if GOST is really going to be a supported set of > > algorithms, then it should not be an engine, and should be integrated > > properly, with robust well written and carefully reviewed code. > > > > The current engine is IMHO not a good long-term vehicle for providing > > GOST support to OpenSSL users. > > > > I don't see GOST being integrated as a first class citizen in the near > future unless a member of the dev team volunteers to own it. So far I've > not seen any evidence of that happening (although to be fair I've not > asked the question until now!). > > In the absence of such an owner stepping forward, my preferred solution > is to spin GOST out as a separately maintained engine - if we could find > someone willing to take it on. > It's not a problem to start mantaining the engine code outside the main OpenSSL tree. But comrehensive support of GOST requires much more: - TLS (the most messy) - pkcs12 - OIDs for algs themselves and for some extensions used in Russia - some smime-related stuff etc All the enumerated above seems to be much more complicated and could hardly be supported separately from the main tree. Thank you! -- SY, Dmitry Belyavsky
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
