On Fri, Sep 26, 2003, Robin Ehrlich wrote: > I have an application using the OpenSSL S/MIME interface. When I generate an > encryptred message using DES, the DES key generated does not have odd > parity. The key is generated in pk7_doit.c:PKCS7_dataInit by calling > RAND_bytes(). > > In testing interoperability with the NIST S/MIME test center, the message is > rejected. I know that odd parity is not a DES requirement, but DES keys > should have odd parity. > > What is the best way to fix this problem? Can some code be added to the next > OpenSSL release to do this?
Probably the best way is to add a flag to EVP_CIPHER which indicates that the key needs odd parity and then check the flag when a random key is generated and fix it up appropriately. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]