On Mon, Nov 07, 2005, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Mon, 7 Nov 2005 13:37:19 +0100, "Dr. > Stephen Henson" <[EMAIL PROTECTED]> said: > > steve> As for incompatible chanhes there is one nasty incompatibility > steve> with PKCS#11 which EVP might have to address if we ever need a > steve> full PKCS#11 ENGINE. Even that though could be done in a > steve> compatible way. > > Without jumping through hoops and bending over backwards twice? >
Probably more than that :-( There are two PKCS#11 issue which are painful. One is its handling of fork() which I've mentioned before. The other is that its equivalent to EVP_CipherUpdate() and EVP_CipherFinal() which can output data in arbitrary sizes whereas our stuff will never be more than one block length larger than the input. I'm aware of some PKCS#11 implementations that buffer the input data until it reaches a few K in size and then dumps the whole lot. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
