From: Andy Polyakov <ap...@openssl.org> Date: Fri, 28 Sep 2012 21:05:27 +0200
>>> As for Oracle, they all are [or definitely should be and have been] >>> pro-EVP, because crypto support on pre-T4 was relying on pluggable >>> engine interface and EVP is the *only* way to utilize it. >> That's really Oracle's problem, and nothing I am concerned with at >> all. >> >>> Secondly, if you stick to old interface [and want parallelizable >>> modes] you don't get adequate performance. AES-NI is available only >>> though EVP (normally developers target on multiple platforms). EVP >>> interface is the one that gets FIPS-validated, not low-level. There >>> is a lot of incentives to use EVP, and most critical applications do >>> so. >> Even supposedly well maintained trees using openssl's interfaces >> such as OpenSSH still use a mixture of EVP and direct AES calls. > > There is only one place OpenSSH calls AES_* directly and that's their > own counter mode implementations. The reason they do is that there was > no EVP counter in OpenSSL at the time. But what do they do with it? > They actually ... implement EVP interface. So that the only code > modification that is required in OpenSSH is to lookup if counter is > already provided and use it or fall back to own implementation. > >> A library is supposed to be maximally useful to it's users, both >> existing and new. This is violated by simply dismissing existing >> users who don't use EVP. > > Give more examples. Ok I could be convinced about crypto operations, in that case. >> And BTW, there is precedence for this, as this is what already is done >> for the s390 crypto instruction support. > > And I regret every bit of it! Day will come for a change... But you > contradict yourself:-) If you don't care about what Oracle does, why > do you care about IBM? It was a joke! My point was that I specifically am generally against how Oracle designed their T4 openssl changes. They even optimized hashing only via the EVP interfaces, and that's the real joke. Even something common like GIT does direct SHA1 calls. Also, instead of supporting Montgomery Multiply and Square instructions directly, they translate between OpenSSL bignums and the bignum format used in Solaris's libsoftcrypto, then they call into libsoftcrypto to do the work. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
