On Tue, 2014-06-24 at 15:33 -0400, Simo Sorce wrote: > On Tue, 2014-06-24 at 20:30 +0200, Petr Spacek wrote:
> > In this case the standard says that user has to provide IV explicitly and > > the > > C_WrapKey should fall-back to standardized default if IV was not given by > > user. > > Sounds completely bogus, but in this case we'll have to either provide a > random IV ourselves (and then store it alongside or provide data with a Add "the key data)" here-------------------------^ Simo. > confounder at the start implementing padding on our own. > > > See section "6.13.3 AES Key Wrap" in "PKCS #11 Mechanisms v2.30: Cryptoki – > > Draft 7" on > > ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-30/pkcs-11v2-30m1-d7.pdf > > > > > > > >> >What do we do? > > >> >- Convince OpenSSL to review and accept the patch? > > > I would say the patch is not too useful as is - there are multiple > > > problems with it such as it is not using proper high level interfaces > > > for the AES encryption, etc. > > Ah, right, nowadays openssl/crypto/aes/aes_wrap.c file is very different > > from > > the 2010-version. I didn't notice it. > > > > Would you review the patch if we re-write it against current OpenSSL git > > head? > > > > -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel