Marko Kreen wrote:
> On 7/24/07, Zdenek Kotala <[EMAIL PROTECTED]> wrote:
>> Marko Kreen wrote:
>> > NAK.  The fix is broken because it uses EVP interface.  EVP is not
>> > a general-purpose interface because not all valid keys for cipher
>> > pass thru it.  Only key-lengths used in SSL will work...
>> I'm not openssl expert, but if you look how to EVP call for setkey is
>> implemented you can see that finally is call BF_set_key. Only there is
>> one extra layer  see
> I glanced into evp.h for 0.9.7 and 0.9.6j and remembered that
> there were 2 things EVP forced - key length and padding.
> When I replied to you I remembered things bit wrong, there are
> indeed way for changing key size even in 0.9.6, but not for
> padding.  EVP_CIPHER_CTX_set_padding() appers in only in 0.9.7.
> I suspect as I could not work around forced padding I did not
> research key size issue very deeply.
> So we can revisit the issue when we are ready to drop
> support for 0.9.6x.

the last openssl 0.9.6 release was in march 2004 and 0.9.7 is available
since early 2003 - I don't think dropping support for it in 8.3+ would
be unreasonable at all ...


---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to [EMAIL PROTECTED] so that your
       message can get through to the mailing list cleanly

Reply via email to