On Wed Sep 17 21:41:01 2014, beld...@gmail.com wrote: > Hello Matt, > > the improved patch is attached. It uses the EVP_DigestSign* API > instead of > EVP_digest and does not modify any header files. > > Thank you!
Hi Dmitry There are still some significant problems with this patch as it is currently written. We don't really want to have lots of engine specific code within the apps. Ideally we should be writing for the generic case...and then it should just "work" (or at least with a bare minimum of tweaking) for an engine specific implementation. By writing this just for gost-mac, I think you are making assumptions about how things work generally. As I said in my previous response I would write this for HMAC/CMAC first, and then extend to gost-mac as required. I'm not convinced that the overloading of the evp option to do lots of different things is going to work out too well. Its already overloaded to handle ciphers and digests...and the code tries to work out which one you have supplied. You are overloading it further (but your approach only works for one mac). It could probably be made to work...but only after jumping through various hoops to get there. I'm also not convinced that you are timing the right thing. You are setting up the context, generating a new mac key, freeing the key and freeing the context all within the timing loop...which doesn't seem right. For all of the above reasons I am rejecting this patch at the current time. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org