Dmitry Belyavsky beldmit at gmail.com
Tue Nov 12 15:46:58 UTC 2019


I'm trying to implement the new Russian GOST CMS specification. It uses the
key wrap algorithm described here:

I've implemented the algorithm as a cipher with the EVP_CIPH_WRAP_MODE flag.

It seems to me that the only way to avoid clearing the
EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag in the EVP_CipherInit function is
providing the ctrl function in the corresponding EVP_CIPHER object because
the EVP_CipherInit function resets the passed EVP_CIPHER_CTX object.

The EVP_CipherInit_ex does not reset the EVP_CIPHER_CTX object and
theEVP_CIPHER_CTX_FLAG_WRAP_ALLOW stays untouched, so the behavior seems a
bit controversial (and undocumented, at least for the 1.1.1 branch).

Is this difference a desired one or an accidental one? Should it be
documented or fixed?

SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191112/6238767c/attachment.html>

More information about the openssl-users mailing list