Re: [openssl.org #700] PKCS7 Des key parity
> I've checked in a fix to OpenSSL 0.9.8-dev let me know of any problems. > > Steve. Thank you very much for the fix. I have tested the fix and the fix corrects the problem I reported very nicely. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #700] PKCS7 Des key parity
[EMAIL PROTECTED] - Sat Sep 27 20:42:33 2003]: > I have an application using the OpenSSL S/MIME interface. When I >generate an encryptred message using DES, the DES key generated >does not have odd parity. The key is generated in >pk7_doit.c:PKCS7_dataInit by calling RAND_bytes(). > > In testing interoperability with the NIST S/MIME test center, the >message is rejected. I know that odd parity is not a DES >requirement, but DES keys should have odd parity. > > Dr Stephen N. Henson suggested the following solution and that this >problem be reported as a bug to be fixed in an upcoming release: > > Probably the best way is to add a flag to EVP_CIPHER which indicates >that the > key needs odd parity and then check the flag when a random key is >generated > and fix it up appropriately. > > I've checked in a fix to OpenSSL 0.9.8-dev let me know of any problems. Steve. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #700] PKCS7 Des key parity
I have an application using the OpenSSL S/MIME interface. When I generate an encryptred message using DES, the DES key generated does not have odd parity. The key is generated in pk7_doit.c:PKCS7_dataInit by calling RAND_bytes(). In testing interoperability with the NIST S/MIME test center, the message is rejected. I know that odd parity is not a DES requirement, but DES keys should have odd parity. Dr Stephen N. Henson suggested the following solution and that this problem be reported as a bug to be fixed in an upcoming release: Probably the best way is to add a flag to EVP_CIPHER which indicates that the key needs odd parity and then check the flag when a random key is generated and fix it up appropriately. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7 Des key parity
On Fri, Sep 26, 2003, Robin Ehrlich wrote: > I have an application using the OpenSSL S/MIME interface. When I generate an > encryptred message using DES, the DES key generated does not have odd > parity. The key is generated in pk7_doit.c:PKCS7_dataInit by calling > RAND_bytes(). > > In testing interoperability with the NIST S/MIME test center, the message is > rejected. I know that odd parity is not a DES requirement, but DES keys > should have odd parity. > > What is the best way to fix this problem? Can some code be added to the next > OpenSSL release to do this? Probably the best way is to add a flag to EVP_CIPHER which indicates that the key needs odd parity and then check the flag when a random key is generated and fix it up appropriately. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PKCS7 Des key parity
I have an application using the OpenSSL S/MIME interface. When I generate an encryptred message using DES, the DES key generated does not have odd parity. The key is generated in pk7_doit.c:PKCS7_dataInit by calling RAND_bytes(). In testing interoperability with the NIST S/MIME test center, the message is rejected. I know that odd parity is not a DES requirement, but DES keys should have odd parity. What is the best way to fix this problem? Can some code be added to the next OpenSSL release to do this?
