On Thu, Dec 22, 2011, Per Hedeland wrote:
> "Dr. Stephen Henson" <st...@openssl.org> wrote:
> >
> >Well whatever you do here is likely to be a a hack which could well break in
> >future etc etc etc...
>
> Understood.
>
> >With that disclaimer out of the way you *might* be able to make use of the
> >EVP_CIPHER structures here. Take a look at crypto/evp/e_rc4.c and you'll see
> >the ctx_size field is set to sizeof(EVP_RC4_KEY).
> >
> >So one possibility is to compare this value to the expected value. You can do
> >similar things with DES.
>
> Excellent, thank you very much! I guess I should have spent some more
> time contemplating that recommendation in the rc4(3) man page.:-) With
> this method, not only does the check work 100% with current code, it is
> also much clearer what it is doing - and I even get the feeling that
> it's pretty future-proof. Basically
>
> EVP_EncryptInit(&rc4, EVP_rc4(), dummy_rc4_key, NULL);
> if (rc4.cipher->ctx_size != sizeof(RC4_KEY)) {
> error("RC4_CHAR");
> }
> EVP_EncryptInit(&des, EVP_des_cbc(), dummy_des_key, dummy_des_iv);
> if (des.cipher->ctx_size != sizeof(DES_key_schedule)) {
> error("DES_INT");
> }
>
>
You don't actually need that EVP_EncryptInit call: you can look at
EVP_rc4()->ctx_size etc.
While that will work with all current OpenSSL releases there is no guarantee
that some future release wont do something else with the cipher internals.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
