Using des-cbc in 3.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm looking for an example of using des-cbc in openssl 3.0, I think I figured it out, but I'm not certain. I'm having trouble finding documentation, and the best kind of documentation is, of course, code.

I have existing code that uses EVP_des_cbc() followed by EVP_EncryptInit_ex().

It still compiles without issues, EVP_des_cbc() still works, then EVP_EncryptInit_ex fails.

I found https://github.com/openssl/openssl/blob/master/doc/man7/migration_guide.pod#Legacy- Algorithms

It directs me to OSSL_PROVIDER-legacy(7), which talks about EVP_CIPHER_fetch() and

# … has this property defined:
#
#       "provider=legacy"

I then see the following example in crypto(7):

# EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);

so I tried:

EVP_CIPHER *des=EVP_CIPHER_fetch(NULL, "DES-CBC", "provider=legacy");

which got me a NULL. After reading some more, I call

OSSL_PROVIDER_load(NULL, "legacy");

up front. The next thing that happened is all my SSL_CTX_new immediately exploded. So, then I also added an explicit call to

OSSL_PROVIDER_load(NULL, "default");

in addition that one. This /seems/ to work, and everything else that the code is doing, seems to work, but I don't feel like I'm on solid footing. Did I miss some important detail that's going to bite me in the arse?

Attachment: pgpmPW5VUfTWh.pgp
Description: PGP signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux