Steve Hay wrote:
>El hallabi-Kettani Abderrahmane wrote:
>
>
>
>>the function PKCS5_v2_PBE_keyivgen() exist in version
>>openssl0.7.9d in directory
>>openssl/crypto/evp/p5_crypt.c
>>it corresponds to what you want to do .
>>
>>
>>
>If you'd read my mail properly, you'd see that I'd already found that
>function.
>
>The problem is that it only exists in 0.9.4 and above, and I was looking
>for a way to do this (and/or wondering if I need to do this at all) in
>earlier versions as well.
>
It occurs to me that I can make use of PKCS5_v2_PBE_keyivgen() for
0.9.4+, and just use EVP_BytesToKey() for earlier versions -- the fact
that the latter doesn't support non-default key lengths isn't a problem
because I can't set the key length prior to 0.9.6 anyway!
So my question now is how do I use the (undocumented!)
PKCS5_v2_PBE_keyivgen() function? If I understand it correctly from
looking at the source code, the first three parameters are the cipher
context to have the generated key+iv set in plus the data and data
length to generate the key+iv from. The last two parameters are the
digest function to use and the encrypt/decrypt mode.
What are the other two parameters for? Namely, "param" and "cipher" in
the following signature:
int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int
passlen,
ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD
*md, int en_de);
I could set the "cipher" to the cipher function that is already set in
the "ctx", but why doesn't PKCS5_v2_PBE_keyivgen() just use that
itself? Am I missing something here?
I've no idea what the ASN1_TYPE *param is, or where to get one from. I
had a look at EVP_CIPHER_param_to_asn1(), but it says that the cipher IV
in the ctx passed to it must be set when the call is made, which seems
to be a chicken-and-egg problem to me -- I haven't got the cipher IV yet ;)
Any clues how to use PKCS5_v2_PBE_keyivgen() would be greatly appreciated.
- Steve
------------------------------------------------
Radan Computational Ltd.
The information contained in this message and any files transmitted with it are
confidential and intended for the addressee(s) only. If you have received this
message in error or there are any problems, please notify the sender immediately. The
unauthorized use, disclosure, copying or alteration of this message is strictly
forbidden. Note that any views or opinions presented in this email are solely those
of the author and do not necessarily represent those of Radan Computational Ltd. The
recipient(s) of this message should check it and any attached files for viruses: Radan
Computational will accept no liability for any damage caused by any virus transmitted
by this email.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
