I think it fundamentally breaks the encapsulation of the EVP layer for there to be cipher-specific magic that clients have to explicitly know about such as DES parity.
I propose: (a) That EVP_CipherInit() return an error status on bad key (nobody seems to disagree with this one). (b) Some kind of *optional* EVP method (so it doesn't break interoperability with non-OpenSSL clients) that, given an EVP_CIPHER and key, will deterministically mutate the key into a correct form. Thoughts? James Yonan ----- Original Message ----- From: "Dilkie, Lee" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 6:39 AM Subject: RE: EVP_CipherInit() doesn't check for weak DES keys (0.9.6) > Good idea except the same mutate must also be performed on the "other" end or you'll end up with a key mismatch. We don't always run OpenSSL on both ends. > > -lee > > -----Original Message----- > From: James Yonan [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 02, 2002 6:55 PM > To: [EMAIL PROTECTED] > Subject: Re: EVP_CipherInit() doesn't check for weak DES keys (0.9.6) > > > > James Yonan wrote: > > > > > > Given that the EVP level is supposed to offer callers a > cipher-independent > > > interface, where the caller doesn't necessarily know the idiosyncracies > of > > > the underlying cipher, wouldn't it make sense for evp/e_des3.c to call > > > des_set_key_checked() instead of des_set_key_unchecked() and return an > error > > > status in the case of a weak key? > > > > Makes sense to me! > > Maybe EVP_CipherInit should silently mutate a bad key (such as DES weak, > semi-weak, or bad parity) using some kind of deterministic transform that's > guaranteed to generate a strong key (like des_set_odd_parity does for the > DES case of bad parity). The transform would be done internally, the key > passed to EVP_CipherInit wouldn't be touched. > > This way, apps can generate random keys and not have to worry about what > cipher they're going to be used for. And it protects apps against future > versions of OpenSSL that might contain new EVP ciphers that have their own > particular class of weak keys. > > James Yonan > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
