Matt Caswell

From my brief scan of X9.63 I don't see a default length specified. I agree with @t8m. This looks like a documentation issue.

I'm not sure how we handle it but failure to supply one of "-pbkdf2" or "-iter" options to the "enc" app results in this warning being printed: ```` BIO_printf(bio_err, "***...

> f folks post their lists of deprecated options here There are a number of them in "speed".

The "-issuer_checks" and "-no_alt_chains" options in apps.h have a description of "(deprecated)" against them.

> of which the evp_generic_fetch path is one At least one of the read locks here is namemap related - see also #23370. There's another one in the method store...

@abasapax it would be interesting if you could get equivalent figures for 3.2. There are numerous performance improvements in 3.2 compared to 3.0 that might make some difference here.

> IMO if EVP_PKEY_KEYPAIR is specified - you should import at least public or private key part. Basically the selection should be the maximum that is possibly being imported. However...

My interpretation is my preferred approach. Otherwise if you attempt to import a private key you have no way of knowing whether it actually worked and you ended up with...

The `-hmac` option expects an argument which is the key. Note this is *not* the key in hex format. It is the exact key that is to be used. So...

> ad12d06829e909e10404c7beca0b93504b4f987294f5300f6d68bb78af8407b8 and therefore I don't understand why openssl dgst -sha256 -hmac key.txt q1.txt fails to work. Because the `-hmac` option *does not read a file*. It reads the key...