Hi Michal, Hi OpenSSL developers, as part of my work for VIA, I am trying to find out what we can do to make sure the VIA Padlock RNG is activated by default.
I have read the comments in the source code, referring that the RNG is not used the way that VIA recommends for secure applications. I have also read the padlock programming guides from http://linux.via.com.tw/support/beginDownload.action?eleid=181&fid=261 and http://linux.via.com.tw/support/beginDownload.action?eleid=181&fid=281 So from what I can tell, Michal Ludvig originally included RNG support in his patch, but it was deactivated by the OpenSSL maintainers due to security concerns. Can somebody please indicate what exactly those concerns were? I would be willing to put in some of my own time to come up with a patch to address the concerns, and then have that patch reviewed by OpenSSL guys, Michal as well as the respective Padlock security expert inside VIA. I also have a question about Michal's SHA1/224/256 patch at http://marc.info/?l=openssl-dev&m=115243758508970&w=2 It never received any feedback on the list, and it wasn't merged into mainline OpenSSL. Was this simply lost? Can I (or VIA) do anything to help this along? Thanks in advance, -- - Harald Welte <[EMAIL PROTECTED]> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
