On 7/24/07, Zdenek Kotala <[EMAIL PROTECTED]> wrote:
Marko Kreen wrote:
> NAK.  The fix is broken because it uses EVP interface.  EVP is not
> a general-purpose interface because not all valid keys for cipher
> pass thru it.  Only key-lengths used in SSL will work...

I'm not openssl expert, but if you look how to EVP call for setkey is
implemented you can see that finally is call BF_set_key. Only there is
one extra layer  see
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/common/openssl/crypto/evp/e_bf.c

I glanced into evp.h for 0.9.7 and 0.9.6j and remembered that
there were 2 things EVP forced - key length and padding.

When I replied to you I remembered things bit wrong, there are
indeed way for changing key size even in 0.9.6, but not for
padding.  EVP_CIPHER_CTX_set_padding() appers in only in 0.9.7.

I suspect as I could not work around forced padding I did not
research key size issue very deeply.

So we can revisit the issue when we are ready to drop
support for 0.9.6x.

> Could you rework the fix that it uses the BF_* interface,
> does a test-encoding with full-length key and compares it to
> expected result.  And does it just once, not on each call.

OK. I can do, but it is not general solution. Because it will work only
in our case, because we know 128 is a restricted limit.

It _is_ a general solution if you test with a 448 bit key.

Using BF_ API but testing via EVP_ API is unobvious first,
in addition leaving the user depending whether the molesters
got all the details right.

When everything uses EVP then indeed, we can test via EVP.

> I must admit the internal API for ciphers is clumsy and could
> need rework to something saner.  This shows here.
>
>> I attach patch which fix both issues, but main problem is there that old
>> openssl API is used and supported key lengths are hardcoded. I think we
>> can add to TODO list rewrite pgcrypto to use evp openssl interface.
>
> pgcrypto _was_ written using EVP, but I needed to rewrite it
> when I found out EVP supports only key lengths used in SSL.

Is it still correct? It seems that blowfish accepts all key range, but

Yes, seems since 0.9.7 we could work with EVP.

How I mention I'm not openssl guru and documentation is very bad :(.

It's somewhat lacking, yes.  User is forced to read their source
which isn't very nice either...

--
marko

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

Reply via email to