> [li...@kaiser.cx - Mon Feb 15 23:16:48 2010]: > > Please see the attached patch (against 2010-02-07 snapshot) for a first > concept. Does this make sense to you or does it contradict your intended > use of the (yet unused) EVP_MD_CTX_FLAG_PAD_... flags? >
Actually that flag isn't unused. It is present in OpenSSL 0.9.8 as a hack to allow the use of different padding modes using EVP. That was added for the FIPS 140-2 1.2 module validation. Major infrastructural changes weren't possible under the constraints of the validation (had to be binary compatible with 0.9.8) so the smallest compatible change was done. I wouldn't want to do things that way for 1.0.0 and later because it isn't flexible enough: it squeezes parameters into one flag. I'll review your code when I have time. I'd probably go for something similar to the way the CMS/PKCS7 code works which is to use ctrls inside the EVP_PKEY_METHOD API.. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
