In message <[EMAIL PROTECTED]> on Wed, 3 Dec 2003 16:43:29 +0000 (GMT), Dave Roberts
<[EMAIL PROTECTED]> said:
dave.roberts> On Wed, 3 Dec 2003, Dr. Stephen Henson wrote:
dave.roberts>
dave.roberts> > Are you suggesting that OpenSSL should include support
dave.roberts> > for other padding schemes or that it should be
dave.roberts> > possible to disable PKCS#5 padding so an application
dave.roberts> > can handle its own padding?
dave.roberts>
dave.roberts> The former would be my preference. I already know that
dave.roberts> I could disable the padding and cope with it in my
dave.roberts> application.
dave.roberts>
dave.roberts> However, coping with FIPS 81 padding would be a minor
dave.roberts> change to the OpenSSL code, which I've done locally. I
dave.roberts> could submit a patch, but it's trivial.
dave.roberts>
dave.roberts> The "issues" are how to cope with it within the
dave.roberts> set_padding function.
Hmm, extend the flags just a little bit maybe, so we'd end up adding
the following lines:
#define EVP_CIPH_PADDING 0xf00 /* A bit mask for currently
known padding types */
/* The first two are in that specific order to be compatible with
older OpenSSL versions */
#define EVP_CIPH_PKCS5_PADDING 0x000
#define EVP_CIPH_NO_PADDING 0x100
#define EVP_CIPH_FIPS81_PADDING 0x200
#define EVP_CIPH_whatever_PADDING 0x300
...
and change EVP_CIPHER_CTX_set_padding() like this:
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
{
if (pad == 1 || pad == -1)
pad = EVP_CIPH_NO_PADDING;
if ((pad & ~EVP_CIPH_PADDING) != 0)
return 0;
ctx->flags &= ~EVP_CIPH_PADDING;
ctx->flags |= pad;
return 1;
}
Just an idea, but it would work with applications that expect the old
behavior, as long as they used 0, 1 or -1 for the pad parameter (I
haven't seen any deviation from that rule of thumb).
dave.roberts> Is this something that the team would be interested in
dave.roberts> adding, or is there a reason why it's not been done?
I personally have no problem with adding variantions of padding to
OpenSSL.
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte \ Tunnlandsv�gen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
