Marko Kreen wrote:
> solaris openssl refuses to handle keys longer than 128bits.
>
> * aes will crash on longer keys
> * blowfish will silently cut the key which can result
> data corruption
>
> to fix it:
>
> - test errors from AES functions
> - bf errors cannot be tested, do test encryption
> - change aes compat macros to static function so they
> can return values
>
Tested on Solaris Nevada and works fine.
> More general appriaches that also fix the problems are:
>
> - test all ciphers on first use and test fails then disable
> completely. This is nice as it could detect much braded range
> of errors.
>
> Problem with this approach is that its too big overhead for small
> gain, as it cannot still 100% guarantee that everything is working
> correctly.
>
> - Use EVP functions for encryption as they have better error
> handling. So crippled openssl can report via regular means
> that something is not supported.
+1 for EVP solution.
Thank you very much
Zdenek