[EMAIL PROTECTED] - Thu May 12 15:24:02 2005]: > Please find below a patch, with spec reference, against OpenSSL 0.9.7g. > > It could be argued that XMLENC spec is wrong in insisting on unpredictable > values for the padding because this allows padding to be used as a > covert channel. However, to deploy interoperable implementations it seems > patching OpenSSL is the right thing to do. It has been observed that > other crypto libraries, such as bouncing castle (a pure Java > implementation) do not set all padding bytes to OpenSSL's satisfaction. >
OpenSSL is complying with various other standards with its current behaviour. For example PKCS#7. If the EVP functions are being called directly (instead of inside OpenSSL in its PKCS#7 code for example) you can disable the padding altogether EVP_CIPHER_CTX_set_padding() and perfom padding and pad checking at an application level. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
