Fw: patch to PERL Crypt::DBC = openssl compliant ?

[Erik Aronesty]

I thought this might be relevant to the DEV list as well...(see below).

I think that the EVP_cipher implementation could be made to optionally to
strip off the PERL "RandomIV" keyword and stuff the first IV "block" with
the random IV (which is actually a good algorithm if the random source is
good).

That way openssl CBC lib input could read perl CBC lib output.

We could do it by optionally OR'ing the EVP_cipher op (ENCRYPT |
PERL_CBC_COMPATIBLE) and (DECRYPT | PERL_CBC_COMPATIBLE)????

Does anyone think it's useful?  I'd be happy to do it/test it.

                - Erik


> I had to modify the Crypt::CBC algorithm to make version 1.25 Crypt::CBC
> compatible with openssl.
>
> Otherwise you can't use the two libraries together, and I think it's
> important that they be cross-compatible.
>
> As you can see, the openssl implementation keeps reusing the key in the
hash
> (not just the resulting material from the first hash) to produce a hash
> that's comparable to a good randomized key.
>
> -----CUT-----
>     # the real key is computed from the first N bytes of the
>     # MD5 hash of the provided key.
>     # hash is compatible with openssl
>     my $material = '';
>     my $md5 = Digest::MD5->new;
>     while (length($material) < $ks + $bs)  {
>         print "$material\n";
>         $md5->reset();
>         $md5->add($material) if ($material);
>         $md5->add($key);
>         $material .= $md5->digest()
>     }
> -----CUT-----
>
> Also, all of the "randomiv magic" stuff in PERL should be optional, so the
> system can be compatible with openssl.  I'm just adding a flag
> $cbc->setrandomiv(bool)
>
> -----CUT-----
> ....
>
>     return bless {'crypt' => $cipher->new($k),
>           'iv'    => $iv,
>           'randomiv' => 1
>           },$class;
>
> ....
>
> sub setrandomiv(\$$) {
>     my $self = shift;
>     $self->{'randomiv'} = shift;
> }
>
> ....
>
>
>       } else { # encrypting
>       if ($self->{'randomiv'}) {
>     $self->{'iv'} = pack("C*",map {rand(255)} 1..8);
>     $result = 'RandomIV';
>     $result .= $self->{'iv'};
>         }
>       }
>
> ------------
>
>
> This way the two libs can easily talk to each other completely without any
> differences.  If you use setrandomiv(0) in the patched PERL (above) , it
> makes the library result in the exact same output as openssl.
>
>             - Erik
>
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]