Dr. Stephen Henson wrote:
>On Mon, Sep 13, 2004, Steve Hay wrote:
>
>
>>So now I'm back to square one: How do I do PKCS#5 key derivation using a
>>non-default key length?
>>
>>
>>
>
>Urk, yes you are right. There isn't a way to set the key length in
>PKCS5_pbe2_set().
>
>OK, I'd hoped to avoid this but I don't think there's an option without
>modifying the API...
>
>What you *can* do is to create a new EVP_CIPHER structure which has its
>default key length set to whatever you want.
>
>So something like...
>
>EVP_CIPHER new_cipher;
>
>new_cipher = *EVP_bf_cbc();
>new_cipher.key_len = whatever_key_length;
>
>then you pass &new_cipher to the relevant functions.
>
>This should work with EVP_BytesToKey() too.
>
The above seems to work OK after a quick test, but why does one need
EVP_CIPHER cipher = *EVP_bf_cbc();
cipher.key_len = ...
rather than
EVP_CIPHER *cipher = (EVP_CIPHER *)EVP_bf_cbc();
cipher->key_len = ...
?
The program below does a similar thing for a struct called FRED and
works fine, but the equivalent with EVP_CIPHER produces an Access
Violation error when attempting to set the key_len.
//----------
#include <stdio.h>
#include <openssl/evp.h>
typedef struct fred_st FRED;
struct fred_st { int foo; };
const FRED *new_fred(void) {
static FRED fred;
fred.foo = 16;
return &fred;
}
void main(void) {
FRED *fred = (FRED *)new_fred();
EVP_CIPHER *cipher = (EVP_CIPHER *)EVP_bf_cbc();
printf("FRED foo = %d\n", fred->foo);
fred->foo = 24;
printf("FRED foo = %d\n", fred->foo);
printf("BF-CBC key len = %d\n", EVP_CIPHER_key_length(cipher));
// The next line causes an Access Violation:
cipher->key_len = 24;
printf("BF-CBC key len = %d\n", EVP_CIPHER_key_length(cipher));
}
//----------
This outputs:
FRED foo = 16
FRED foo = 24
BF-CBC key len = 16
and then crashes.
- Steve
------------------------------------------------
Radan Computational Ltd.
The information contained in this message and any files transmitted with it are
confidential and intended for the addressee(s) only. If you have received this
message in error or there are any problems, please notify the sender immediately. The
unauthorized use, disclosure, copying or alteration of this message is strictly
forbidden. Note that any views or opinions presented in this email are solely those
of the author and do not necessarily represent those of Radan Computational Ltd. The
recipient(s) of this message should check it and any attached files for viruses: Radan
Computational will accept no liability for any damage caused by any virus transmitted
by this email.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
