* Harald Welte ([EMAIL PROTECTED]) wrote: > > Hi guys, > > ist has been 10 days since I posted this mail about certain questions > with regard to the suboptimal integration of VIA padlock support in OpenSSL. > > Is there some kind of taboo against this topic or some bad history that I'm > missing? If yes, I'm sorry to hear that. > > In any case, I am here, I have time, and I will do whatever it takes to the > code to make you guys happy with it for integration. So please talk to me ;)
Hi Harald, No taboo, no bad history that I'm aware of, just plain old open-source, everyone's-always-got-something-else-less-free-to-do indifference. Don't take it personally :-) I just took a look at Michal's SHA patch and nothing lept out as overly terrifying. Perhaps Michal will comment if he's aware of any discussion about it? (I don't recall.) Otherwise did you happen to search the request tracker or mail archives about this? (Ie. beyond the fact that Michal's post didn't have a threaded response.) As for the RNG stuff, if you are able to find any references to discussion and/or cvs commits regarding the "deactivation by OpenSSL maintainers" then that would make it easier for me to follow up too. TIA. Cheers, Geoff > > Thanks again. > > On Mon, Sep 01, 2008 at 09:51:30PM +0800, Harald Welte wrote: > > Hi Michal, > > Hi OpenSSL developers, > > > > as part of my work for VIA, I am trying to find out what we can do to > > make sure the VIA Padlock RNG is activated by default. > > > > I have read the comments in the source code, referring that the RNG is not > > used > > the way that VIA recommends for secure applications. > > > > I have also read the padlock programming guides from > > http://linux.via.com.tw/support/beginDownload.action?eleid=181&fid=261 > > and > > http://linux.via.com.tw/support/beginDownload.action?eleid=181&fid=281 > > > > So from what I can tell, Michal Ludvig originally included RNG support in > > his > > patch, but it was deactivated by the OpenSSL maintainers due to security > > concerns. > > > > Can somebody please indicate what exactly those concerns were? I would be > > willing to put in some of my own time to come up with a patch to address > > the concerns, and then have that patch reviewed by OpenSSL guys, Michal as > > well > > as the respective Padlock security expert inside VIA. > > > > I also have a question about Michal's SHA1/224/256 patch at > > http://marc.info/?l=openssl-dev&m=115243758508970&w=2 > > > > It never received any feedback on the list, and it wasn't merged into > > mainline > > OpenSSL. Was this simply lost? Can I (or VIA) do anything to help this > > along? > > > > Thanks in advance, > -- > - Harald Welte <[EMAIL PROTECTED]> http://laforge.gnumonks.org/ > ============================================================================ > "Privacy in residential applications is a desirable marketing option." > (ETSI EN 300 175-7 Ch. A6) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
