----- Original Message -----
From: "Dr. Stephen Henson" <[email protected]>
On Tue, Jun 16, 2009, [email protected] wrote:
Hi,
I'm getting failures decrypting a CMS (KEK or KTRI) when using an engine
(RSA bsafe).
It appears that when the IV ( from EVP_cipher_asn1_to_param) is set into
the
context, the engine is not handling this somehow.
The second call to EVP_cipher_init_ex has a NULL IV pointer in
CMS_EncryptedContent_init_bio(), and if I change this to pass in ctx->oiv
temporarily then the decryption succeeds OK. So - I am guessing that the
IV
is not being passed to the engine somehow.
Is this an OpenSSL issue or an issue with the engine?
ctx->cipher->flags is set to 2 (EVP_CIPH_CBC_MODE). Should it have
EVP_CIPH_CUSTOM_IV set somehow?
Thanks for any guidance/advice.
ENGINE issue, looks like it isn't handling the possible multiple calls to
EVP_CipherInit_ex() correctly. The default OpenSSL ciphers have no
problems
with this.
Thank you Dr Henson.
CMS_EncryptedContent_init_bio() calls EVP_CipherInit_ex twice() during the
decrypt phase. In neither case does it pass the IV into EVP_CipherInit_ex().
How would the engine be expected to pick up the IV, aside from the cipher
context?
Carl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
