PATCH: Update to EVP_BytesToKey.pod documentation
Jeffrey Walton
noloader at gmail.com
Sun Jun 7 00:20:25 UTC 2015
Another small issue revealed on Stack Overflow: "Utilizing PBKDF2 with
OpenSSL library," http://stackoverflow.com/q/22795471.
In the question the OP cited the man page for EVP_BytesToKey. He knew
he needed to use PBKDF2 from the man page, but the man page did not
explicit call out OpenSSL's function to do so. So he did not know whet
he was supposed to use.
This patch updates the recommendation by explicitly calling out
PKCS5_PBKDF2_HMAC.
*****
diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod
index e6df57d..dca5239 100644
--- a/doc/crypto/EVP_BytesToKey.pod
+++ b/doc/crypto/EVP_BytesToKey.pod
@@ -36,8 +36,8 @@ If the total key and IV length is less than the
digest length and
B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
otherwise a non standard extension is used to derive the extra data.
-Newer applications should use more standard algorithms such as PBKDF2 as
-defined in PKCS#5v2.1 for key derivation.
+Newer applications should use a more modern algorithm such as PBKDF2 as
+defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
=head1 KEY DERIVATION ALGORITHM
-------------- next part --------------
diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod
index e6df57d..dca5239 100644
--- a/doc/crypto/EVP_BytesToKey.pod
+++ b/doc/crypto/EVP_BytesToKey.pod
@@ -36,8 +36,8 @@ If the total key and IV length is less than the digest length and
B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
otherwise a non standard extension is used to derive the extra data.
-Newer applications should use more standard algorithms such as PBKDF2 as
-defined in PKCS#5v2.1 for key derivation.
+Newer applications should use a more modern algorithm such as PBKDF2 as
+defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
=head1 KEY DERIVATION ALGORITHM
More information about the openssl-bugs-mod
mailing list