[openssl-dev] [openssl.org #3899] PATCH: Update to EVP_BytesToKey.pod documentation

noloader@gmail.com via RT rt at openssl.org
Sun Jun 7 01:22:41 UTC 2015


Another small issue revealed on Stack Overflow: "Utilizing PBKDF2 with
OpenSSL library," http://stackoverflow.com/q/22795471.

In the question the OP cited the man page for EVP_BytesToKey. He knew
he needed to use PBKDF2 from the man page, but the man page did not
explicit call out OpenSSL's function to do so. So he did not know whet
he was supposed to use.

This patch updates the recommendation by explicitly calling out
PKCS5_PBKDF2_HMAC.

*****

diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod
index e6df57d..dca5239 100644
--- a/doc/crypto/EVP_BytesToKey.pod
+++ b/doc/crypto/EVP_BytesToKey.pod
@@ -36,8 +36,8 @@ If the total key and IV length is less than the
digest length and
 B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
 otherwise a non standard extension is used to derive the extra data.

-Newer applications should use more standard algorithms such as PBKDF2 as
-defined in PKCS#5v2.1 for key derivation.
+Newer applications should use a more modern algorithm such as PBKDF2 as
+defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.

 =head1 KEY DERIVATION ALGORITHM

-------------- next part --------------
diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod
index e6df57d..dca5239 100644
--- a/doc/crypto/EVP_BytesToKey.pod
+++ b/doc/crypto/EVP_BytesToKey.pod
@@ -36,8 +36,8 @@ If the total key and IV length is less than the digest length and
 B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
 otherwise a non standard extension is used to derive the extra data.
 
-Newer applications should use more standard algorithms such as PBKDF2 as
-defined in PKCS#5v2.1 for key derivation.
+Newer applications should use a more modern algorithm such as PBKDF2 as
+defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
 
 =head1 KEY DERIVATION ALGORITHM
 
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod


More information about the openssl-dev mailing list