> The patch works but I'm not sure we should permit this. If you copy an AES GCM > context you end up reusing the key and IV which has security implications.
Well, I believe that security implications due to key/IV reuse happen with all ciphers not just AES in gcm mode, right? There must have been some very good reasons to introduce EVP_CIPHER_CTX_copy in the first place. Concerning my own use case, I was using EVP_CIPHER_CTX handle as a "cipher template" - i.e. select a cipher and set a key; foreach data block clone the context, set IV and decrypt. Maybe I was doing it wrong anyway :)______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
