This is a discussion on Re: Copying an EVP_CIPHER_CTX - Openssl ; On Mon, Jan 28, 2008, Sam Elstob wrote: > Hello > > We recently upgraded the version of OpenSSL used in our application from > 0.9.6c to 0.9.8e. Everything is fine except I have found that some of our > ...
On Mon, Jan 28, 2008, Sam Elstob wrote:
> We recently upgraded the version of OpenSSL used in our application from
> 0.9.6c to 0.9.8e. Everything is fine except I have found that some of our
> code was using memcpy() to 'save' and 'restore' EVP_CIPHER_CTX structures.
> I understand now from looking at the OpenSSL code that this use was invalid
> since we should not assume that an EVP_CIPHER_CTX can be correctly copied
> via a simple memcpy().
> My question: Is there a valid way to copy an EVP_CIPHER_CTX structure? I
> have created a function which does this as a hack to get us up and running:
> int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
> int retval = EVP_CipherInit_ex(out, EVP_CIPHER_CTX_cipher(in),
> NULL, /* key */
> NULL, /* iv */
> if (retval == 1)
> memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
> return retval;
> Our goal is really to save and restore the cipher state of an RC4 cipher
> context. It does not seem to be possible to ask an EVP_CIPHER_CTX to save
> and restore it's internal state. Any ideas would be welcomed?
This is really an omission in the library and there should be a way to copy an
EVP_CIPHER_CTX. In the case of an ENGINE the data might be (for example) a
reference to a handle which, if copied, will result in two linked versions of
the same ctx instead of independent versions.
So something similar to the EVP_MD_CTX_copy() functionality is needed
but for ciphers so an ENGINE can do whatever it needs to to copy a context.
If we add this no existing ENGINE will support it of course.
If you just want something that works for internal RC4 ciphers then a "hack"
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
OpenSSL Project http://www.openssl.org
User Support Mailing List email@example.com
Automated List Manager firstname.lastname@example.org