Dr. Stephen Henson wrote:
Our goal is really to save and restore the cipher state of an RC4 cipher context. It does not seem to be possible to ask an EVP_CIPHER_CTX to save and restore it's internal state. Any ideas would be welcomed?
Here here! I feel your pain. Search the openssl-users/openssl-devel mailing lists archives for my point of view on this matter.
This is such a common usage of MD that I'm supprised the committers of OpenSSL could not see this problem coming a mile off.
A new "ENGINE capable" MD API should be been added, the design choice to modify the existing API to be able to be ENGINE capable was a mistake IMHO.
Instead the one solution has been to used 3rd party crypto implementations that facilite the usage you require or to extract from OpenSSL 0.9.6 (or even latest 0.9.8) the relevant MD algos and turn them into a project of your own and manage them as part of your application lifecycle.
This is really an omission in the library and there should be a way to copy an EVP_CIPHER_CTX. In the case of an ENGINE the data might be (for example) a reference to a handle which, if copied, will result in two linked versions of the same ctx instead of independent versions. So something similar to the EVP_MD_CTX_copy() functionality is needed but for ciphers so an ENGINE can do whatever it needs to to copy a context. If we add this no existing ENGINE will support it of course.
Gee it would be really nice to re-instate the simple memory based MD APIs from 0.9.6/0.9.7 era and augment a new set of APIs which allow the use of MD based ENGINEs.
But during 0.9.7/0.9.8 era we were all forced to complicate simple MD usage with ENGINE related junk.
The old API was perfect for most users uses, whom do not have an ENGINE resource anyway.
What I mean by "memory based MD API" is that a memory buffer was the only resource used for MD computation. This allowed simple partial digests and memcpy() to be used to optimize your MD usage.
What I mean by "ENGINE based MD API" is that it also uses a memory buffer but may _optionally_ also have a handle to the ENGINE resource that also needs to be managed.
Darryl ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
