On 2021-11-25 15:00, Matt Caswell wrote:
Please see the new blog post by Tim Hudson giving an update on the
OpenSSL Project.
https://www.openssl.org/blog/blog/2021/11/25/openssl-update/
Followup:
While the OpenSSL leadership may think they have made things easier
for algorithm developers, the changes have actually removed the
existing APIs for implementing new modes on top of the existing
library:
1. The ability to easily provide or override new EVP algorithm
implementations within "application" code has been removed with
the opaqueness of the structure defining the implementation
function pointers for an algorithm.
2. The interfaces to directly call primitives like the AES block
function have gone, leaving only awkward workarounds based on
setting specific block cipher modes and calling the entire EVP
stack for each block. Other "trivial" operations on block mode
states (such as saving and storing running states) have also been
lost.
3. Some BigNum library features have also been lost in the opaque
everything push, in particular the ability to preallocate buffers
for bignums up to an application specific bit count using the
BN_FLG_STATIC_DATA option.
4. Any attempt to compare the "modern" source code to the classic
source code from before the influx of new developers and money is
heavily frustrated by the decision to reformat all source files
midway through the 1.0.x patch series.
All 4 changes have greatly affected my own work to use OpenSSL in
an application originally designed around another open
cryptographic API. Where the application included such things as
optional use of a different AES mode, and security rules for when/if
to restore algorithm states in error/trial decryption scenarios.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded