Using des-cbc in 3.0
Sam Varshavchik
mrsam at courier-mta.com
Mon May 23 22:38:43 UTC 2022
I'm looking for an example of using des-cbc in openssl 3.0, I think I
figured it out, but I'm not certain. I'm having trouble finding
documentation, and the best kind of documentation is, of course, code.
I have existing code that uses EVP_des_cbc() followed by
EVP_EncryptInit_ex().
It still compiles without issues, EVP_des_cbc() still works, then
EVP_EncryptInit_ex fails.
I found
https://github.com/openssl/openssl/blob/master/doc/man7/migration_guide.pod#Legacy-
Algorithms
It directs me to OSSL_PROVIDER-legacy(7), which talks about
EVP_CIPHER_fetch() and
# … has this property defined:
#
# "provider=legacy"
I then see the following example in crypto(7):
# EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);
so I tried:
EVP_CIPHER *des=EVP_CIPHER_fetch(NULL, "DES-CBC", "provider=legacy");
which got me a NULL. After reading some more, I call
OSSL_PROVIDER_load(NULL, "legacy");
up front. The next thing that happened is all my SSL_CTX_new immediately
exploded. So, then I also added an explicit call to
OSSL_PROVIDER_load(NULL, "default");
in addition that one. This /seems/ to work, and everything else that the
code is doing, seems to work, but I don't feel like I'm on solid footing.
Did I miss some important detail that's going to bite me in the arse?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220523/5b69972d/attachment.sig>
More information about the openssl-users
mailing list