[openssl-dev] [openssl.org #4344] Re: Missing accessor to the EVP_CIPHER_CTX member oiv

Dmitry Belyavsky via RT rt at openssl.org
Wed Feb 24 17:33:29 UTC 2016


Dear Richard,

The patch you suggested seems not to break at least self-compatibility for
the smime -enc command.
Is this enough or should I do some more tests?

Thank you!

On Fri, Feb 19, 2016 at 12:40 AM, Dmitry Belyavsky <beldmit at gmail.com>
wrote:

> Dear Richard,
>
> Sorry for the delay. I am out of office now so I will check it some days
> later.
>
>
> On Thursday, February 18, 2016, Richard Levitte via RT <rt at openssl.org>
> wrote:
>
>> Did that help, can we close this ticket now?
>>
>> Vid Ons, 17 Feb 2016 kl. 11.25.26, skrev levitte:
>> > May I suggest that you use EVP_CIPHER_set_asn1_iv() and/or
>> > EVP_CIPHER_get_asn1_iv()? With a temporary ASN1_TYPE to which you
>> > assign
>> > gcp->iv, that should be perfectly possible, no?
>> >
>> > Cheers,
>> > Richard
>> >
>> > Vid Ons, 17 Feb 2016 kl. 09.53.04, skrev beldmit at gmail.com:
>> > > Dear Richard,
>> > >
>> > > I am not sure it will not break the compatibility.
>> > > Both implementations of the GOST ciphers require access to this
>> > > field.
>> > >
>> > > On Wed, Feb 17, 2016 at 12:42 PM, Richard Levitte via RT
>> > > <rt at openssl.org>
>> > > wrote:
>> > >
>> > > > Hi,
>> > > >
>> > > > I'm sorry, the oiv field is EVP private. Sure, it's been accessible
>> > > > (and
>> > > > thoroughly misused in some cases) when EVP_CIPHER_CTX was open, but
>> > > > in
>> > > > essence,
>> > > > it's a EVP private store of the IV that was given at
>> > > > EVP_CipherInit().
>> > > >
>> > > > If you want to retain a copy of the original IV, I suggest you have
>> > > > one in
>> > > > GOSTs structure and take a copy of the IV given to the init()
>> > > > function.
>> > > >
>> > > > Thank you for the reminder, I meant to deal with this further. oiv
>> > > > should
>> > > > really not be publically accessible at all, not even as a constant.
>> > > >
>> > > > Cheers,
>> > > > Richard
>> > > >
>> > > > Vid Sat, 23 Jan 2016 kl. 09.40.19, skrev beldmit at gmail.com:
>> > > > > Hello,
>> > > > >
>> > > > > After making the EVP_CIPHER_CTX struct opaque I found that there
>> > > > > is a
>> > > > > missing non-const accessor to the oiv member. It is used in GOST
>> > > > > engine
>> > > > > when we set the cipher parameters from the ASN1 parameters.
>> > > > >
>> > > > > Thank you!
>> > > > >
>> > > >
>> > > >
>> > > > --
>> > > > Richard Levitte
>> > > > levitte at openssl.org
>> > > >
>> > > > --
>> > > > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267
>> > > > Please log in as guest with password guest if prompted
>> > > >
>> > > >
>> > >
>> > >
>> >
>> >
>> > --
>> > Richard Levitte
>> > levitte at openssl.org
>>
>>
>> --
>> Richard Levitte
>> levitte at openssl.org
>>
>> --
>> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267
>> Please log in as guest with password guest if prompted
>>
>>
>
> --
> SY, Dmitry Belyavsky
>



-- 
SY, Dmitry Belyavsky

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4344
Please log in as guest with password guest if prompted



More information about the openssl-dev mailing list