[sampo@symlabs.com - Thu May 12 15:24:02 2005]:

> Please find below a patch, with spec reference, against OpenSSL 0.9.7g.
>
> It could be argued that XMLENC spec is wrong in insisting on unpredictable
> values for the padding because this allows padding to be used as a
> covert channel. However, to deploy interoperable implementations it seems
> patching OpenSSL is the right thing to do. It has been observed that
> other crypto libraries, such as bouncing castle (a pure Java
> implementation) do not set all padding bytes to OpenSSL's satisfaction.
>


OpenSSL is complying with various other standards with its current
behaviour. For example PKCS#7.

If the EVP functions are being called directly (instead of inside
OpenSSL in its PKCS#7 code for example) you can disable the padding
altogether EVP_CIPHER_CTX_set_padding() and perfom padding and pad
checking at an application level.

Steve.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org