On Mon, Jan 28, 2008, Sam Elstob wrote:

> Hello
>
> We recently upgraded the version of OpenSSL used in our application from
> 0.9.6c to 0.9.8e. Everything is fine except I have found that some of our
> code was using memcpy() to 'save' and 'restore' EVP_CIPHER_CTX structures.
> I understand now from looking at the OpenSSL code that this use was invalid
> since we should not assume that an EVP_CIPHER_CTX can be correctly copied
> via a simple memcpy().
>
> My question: Is there a valid way to copy an EVP_CIPHER_CTX structure? I
> have created a function which does this as a hack to get us up and running:
>
> int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
> {
> int retval = EVP_CipherInit_ex(out, EVP_CIPHER_CTX_cipher(in),
> in->engine,
> NULL, /* key */
> NULL, /* iv */
> in->encrypt);
> if (retval == 1)
> {
> memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
> }
> return retval;
> }
>
>
>
> Our goal is really to save and restore the cipher state of an RC4 cipher
> context. It does not seem to be possible to ask an EVP_CIPHER_CTX to save
> and restore it's internal state. Any ideas would be welcomed?
>


This is really an omission in the library and there should be a way to copy an
EVP_CIPHER_CTX. In the case of an ENGINE the data might be (for example) a
reference to a handle which, if copied, will result in two linked versions of
the same ctx instead of independent versions.

So something similar to the EVP_MD_CTX_copy() functionality is needed
but for ciphers so an ENGINE can do whatever it needs to to copy a context.
If we add this no existing ENGINE will support it of course.

If you just want something that works for internal RC4 ciphers then a "hack"
will do.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org