[openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

Dmitry Belyavsky beldmit at gmail.com
Wed Feb 24 17:49:01 UTC 2016


Well, I think the ticket may be closed.

Thank you!

On Wed, Feb 24, 2016 at 8:47 PM, Richard Levitte via RT <rt at openssl.org>
wrote:

> If you're happy, I'm happy; it's that easy. If you think it's good, then
> it's
> time to close this ticket. You decide.
>
> Cheers,
> Richard
>
> Vid Ons, 24 Feb 2016 kl. 17.33.29, skrev beldmit at gmail.com:
> > Dear Richard,
> >
> > The patch you suggested seems not to break at least self-compatibility
> for
> > the smime -enc command.
> > Is this enough or should I do some more tests?
> >
> > Thank you!
> >
> > On Fri, Feb 19, 2016 at 12:40 AM, Dmitry Belyavsky <beldmit at gmail.com>
> > wrote:
> >
> > > Dear Richard,
> > >
> > > Sorry for the delay. I am out of office now so I will check it some
> days
> > > later.
> > >
> > >
> > > On Thursday, February 18, 2016, Richard Levitte via RT <rt at openssl.org
> >
> > > wrote:
> > >
> > >> Did that help, can we close this ticket now?
> > >>
> > >> Vid Ons, 17 Feb 2016 kl. 11.25.26, skrev levitte:
> > >> > May I suggest that you use EVP_CIPHER_set_asn1_iv() and/or
> > >> > EVP_CIPHER_get_asn1_iv()? With a temporary ASN1_TYPE to which you
> > >> > assign
> > >> > gcp->iv, that should be perfectly possible, no?
> > >> >
> > >> > Cheers,
> > >> > Richard
> > >> >
> > >> > Vid Ons, 17 Feb 2016 kl. 09.53.04, skrev beldmit at gmail.com:
> > >> > > Dear Richard,
> > >> > >
> > >> > > I am not sure it will not break the compatibility.
> > >> > > Both implementations of the GOST ciphers require access to this
> > >> > > field.
> > >> > >
> > >> > > On Wed, Feb 17, 2016 at 12:42 PM, Richard Levitte via RT
> > >> > > <rt at openssl.org>
> > >> > > wrote:
> > >> > >
> > >> > > > Hi,
> > >> > > >
> > >> > > > I'm sorry, the oiv field is EVP private. Sure, it's been
> accessible
> > >> > > > (and
> > >> > > > thoroughly misused in some cases) when EVP_CIPHER_CTX was open,
> but
> > >> > > > in
> > >> > > > essence,
> > >> > > > it's a EVP private store of the IV that was given at
> > >> > > > EVP_CipherInit().
> > >> > > >
> > >> > > > If you want to retain a copy of the original IV, I suggest you
> have
> > >> > > > one in
> > >> > > > GOSTs structure and take a copy of the IV given to the init()
> > >> > > > function.
> > >> > > >
> > >> > > > Thank you for the reminder, I meant to deal with this further.
> oiv
> > >> > > > should
> > >> > > > really not be publically accessible at all, not even as a
> constant.
> > >> > > >
> > >> > > > Cheers,
> > >> > > > Richard
> > >> > > >
> > >> > > > Vid Sat, 23 Jan 2016 kl. 09.40.19, skrev beldmit at gmail.com:
> > >> > > > > Hello,
> > >> > > > >
> > >> > > > > After making the EVP_CIPHER_CTX struct opaque I found that
> there
> > >> > > > > is a
> > >> > > > > missing non-const accessor to the oiv member. It is used in
> GOST
> > >> > > > > engine
> > >> > > > > when we set the cipher parameters from the ASN1 parameters.
> > >> > > > >
> > >> > > > > Thank you!
> > >> > > > >
> > >> > > >
> > >> > > >
> > >> > > > --
> > >> > > > Richard Levitte
> > >> > > > levitte at openssl.org
> > >> > > >
> > >> > > > --
> > >> > > > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267
> > >> > > > Please log in as guest with password guest if prompted
> > >> > > >
> > >> > > >
> > >> > >
> > >> > >
> > >> >
> > >> >
> > >> > --
> > >> > Richard Levitte
> > >> > levitte at openssl.org
> > >>
> > >>
> > >> --
> > >> Richard Levitte
> > >> levitte at openssl.org
> > >>
> > >> --
> > >> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267
> > >> Please log in as guest with password guest if prompted
> > >>
> > >>
> > >
> > > --
> > > SY, Dmitry Belyavsky
> > >
> >
> >
> >
>
>
> --
> Richard Levitte
> levitte at openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267
> Please log in as guest with password guest if prompted
>
>


-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160224/88bce661/attachment.html>


More information about the openssl-dev mailing list