password based encryption routine
, const EVP_MD *md
const unsigned char *salt
const unsigned char *data
, unsigned char *key
unsigned char *iv
() derives a key and IV from
various parameters. type
is the cipher to
derive the key and IV for. md
is the message
digest to use. The salt
parameter is used as
a salt in the derivation: it should point to an 8-byte buffer or
if no salt is used.
is a buffer containing
bytes which is used to derive the
keying data. count
is the iteration count to
use. The derived key and IV will be written to
A typical application of this function is to derive keying material for an
encryption algorithm from a password in the
Increasing the count
parameter slows down the
algorithm, which makes it harder for an attacker to perform a brute force
attack using a large number of candidate passwords.
If the total key and IV length is less than the digest length and MD5 is used,
then the derivation algorithm is compatible with PKCS#5 v1.5. Otherwise, a
non-standard extension is used to derive the extra data.
Newer applications should use more standard algorithms such as PBKDF2 as defined
in PKCS#5v2.1 for key derivation.
The key and IV is derived by concatenating D_1, D_2, etc. until enough data is
available for the key and IV. D_i is defined recursively as:
D_i = HASH^count(D_(i-1) || data ||
where || denotes concatenation, D_0 is empty, HASH is the digest algorithm in
use, HASH^1(data) is simply HASH(data), HASH^2(data) is HASH(HASH(data)) and
The initial bytes are used for the key and the subsequent bytes for the IV.
() returns the number of
bytes needed to store the derived key. Otherwise,
() returns the size of the
derived key in bytes or 0 on error.
() first appeared in SSLeay
0.5.1 and has been available since OpenBSD 2.4