[Softhsm-develop] AES wrap_key_with_pad & OpenSSL master branch
pspacek at redhat.com
Fri Oct 3 15:04:55 UTC 2014
On 21.8.2014 11:23, Jakob Schlyter wrote:
> On 20 aug 2014, at 10:32, Petr Spacek <pspacek at redhat.com> wrote:
>> Unfortunately I have had to re-write the original patch  to make it acceptable and the final API is not compatible with API from the original patch. (Now the key wrap mode is part of EVP API.)
>> I would like to send patches for SoftHSM with support for the 'official' OpenSSL API so AES key wrap with padding will be usable on systems even without custom OpenSSL build.
>> Can I remove the unofficial API and replace it with the official one? Or is it necessary to keep support the unofficial API around?
> Since we've not yet released SoftHSM 2.0, I believe we can replace it.
Great, patch https://github.com/opendnssec/SoftHSMv2/pull/91 does exactly that.
The old/proprietary interface was completely replaced with "standard" OpenSSL
EVP interface (I didn't touch code for Botan).
I didn't change anything on encryption/wrapping method separation but
technically for now.
In future, it should be possible to implement SymmetricAlgorithm::wrapKey() as
a wrapper around SymmetricAlgorithm::encryptInit/Update/Final() in similar way
as it is done with AsymmetricAlgorithm::wrapKey().
I didn't do it because it would require bigger changes to internal
SymmetricAlgorithm structure so it can be let as possible optimization.
I'm looking forward to code review!
Have a nice day.
Petr Spacek @ Red Hat
More information about the Softhsm-develop