On Tue, Jun 16, 2009, carlyo...@keycomm.co.uk wrote: > Hi, > > I'm getting failures decrypting a CMS (KEK or KTRI) when using an engine > (RSA bsafe). > > It appears that when the IV ( from EVP_cipher_asn1_to_param) is set into the > context, the engine is not handling this somehow. > > The second call to EVP_cipher_init_ex has a NULL IV pointer in > CMS_EncryptedContent_init_bio(), and if I change this to pass in ctx->oiv > temporarily then the decryption succeeds OK. So - I am guessing that the IV > is not being passed to the engine somehow. > > Is this an OpenSSL issue or an issue with the engine? > > ctx->cipher->flags is set to 2 (EVP_CIPH_CBC_MODE). Should it have > EVP_CIPH_CUSTOM_IV set somehow? > > Thanks for any guidance/advice. >
ENGINE issue, looks like it isn't handling the possible multiple calls to EVP_CipherInit_ex() correctly. The default OpenSSL ciphers have no problems with this. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
