You are missing the point. OpenSSL-1.0.2 only exposed ECDSA, not
ECDH to external engines. It took years to even get ECDSA exposed.
OpenSSL approach to support this is OpenSSL-1.1 that does a lot of
other things. But that was there approach. Its their package.
From working package to distribution always takes several years...
On 1/20/2016 1:34 PM, Blumenthal, Uri -
0553 - MITLL wrote:
Probably it was one of the main reasons why
we didn't use pkcs11 for ATECC508A and wrote an engine
instead
I still argue with the approach (IMHO nobody needs yet
another limited engine), but constraining ECC additions to 1.1
does not make any sense to me. 1.0.2 is going to be around for a
quite a while. A lot of applications won’t migrate to 1.1
quickly – a few years would be a good/reasonable/safe bet.
To restrict this work to 1.1 means pushing this basic
capability off by (realistically) several years. Most people
can’t/won't deploy openssl-1.1 as long as it interferes with the
majority of the applications they or their OS is using, is not
good. I for one won’t be able to use 1.1 in practice until it
becomes the embraced standard and software such as Macports port
set is moved to support it. I’m 100% sure there are many more of us in this bus,
on different OS (e.g., it looks like Ubuntu is even worse off
than Macports).
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
Douglas E. Engert <deeng...@gmail.com>
|
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev