Hi guys, ist has been 10 days since I posted this mail about certain questions with regard to the suboptimal integration of VIA padlock support in OpenSSL.
Is there some kind of taboo against this topic or some bad history that I'm missing? If yes, I'm sorry to hear that. In any case, I am here, I have time, and I will do whatever it takes to the code to make you guys happy with it for integration. So please talk to me ;) Thanks again. On Mon, Sep 01, 2008 at 09:51:30PM +0800, Harald Welte wrote: > Hi Michal, > Hi OpenSSL developers, > > as part of my work for VIA, I am trying to find out what we can do to > make sure the VIA Padlock RNG is activated by default. > > I have read the comments in the source code, referring that the RNG is not > used > the way that VIA recommends for secure applications. > > I have also read the padlock programming guides from > http://linux.via.com.tw/support/beginDownload.action?eleid=181&fid=261 > and > http://linux.via.com.tw/support/beginDownload.action?eleid=181&fid=281 > > So from what I can tell, Michal Ludvig originally included RNG support in his > patch, but it was deactivated by the OpenSSL maintainers due to security > concerns. > > Can somebody please indicate what exactly those concerns were? I would be > willing to put in some of my own time to come up with a patch to address > the concerns, and then have that patch reviewed by OpenSSL guys, Michal as > well > as the respective Padlock security expert inside VIA. > > I also have a question about Michal's SHA1/224/256 patch at > http://marc.info/?l=openssl-dev&m=115243758508970&w=2 > > It never received any feedback on the list, and it wasn't merged into mainline > OpenSSL. Was this simply lost? Can I (or VIA) do anything to help this > along? > > Thanks in advance, -- - Harald Welte <[EMAIL PROTECTED]> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
signature.asc
Description: Digital signature
