owner-openssl-us...@openssl.org wrote on 05/10/2011 06:52:26 PM: > From: "Dr. Stephen Henson" <st...@openssl.org> > To: openssl-users@openssl.org > Date: 05/10/2011 06:57 PM > > The answer is "probably yes" but with some caveats. > > If the application is well behaved and doesn't rely on undocumented features > or access structure internals it should be fine.
The catch is that it's hard to determine what an 'undocumented feature' is. E.g., the AES_Encrypt function is not in the man page. Nor is MGF1. AES_Encrypt persisted from 0.9.8 to 1.0.0. MGF1 was dropped.
