On Wed, Dec 24, 2014 at 4:55 PM, Dr. Stephen Henson <steve at openssl.org> wrote: > On Wed, Dec 24, 2014, Ken Goldman wrote: > >> >Version 1.1.0 will (moderately) break source compatibility (for example we will make most structures opaque etc). >> >> I as a user, I have two points of concern" >> >> 1 - Will the RSA structure be opaque? I have a continuing need to >> construct an RSA structure from binary arrays of public and private >> key parts and vice versa. >> >> Will I lose that? >> > > RSA is something which most probably will be opaque along with DSA, DH and > the associated methods. Here's another counterpoint: when those structures are made opaque, that means we have to go to the memory manager for a struct that could otherwise be stack based. And we have to free it. That can slow things down considerably. I don't mind the extra cycles spent on parameter validation and return value checking. Crypto software is high integrity software, so little details like the CompSci 101 stuff needs to be done. But I despise having to go to the memory manager for something like a BN_CTX that could live on the stack. Jeff
