Markus Friedl wrote:
>
> This patch is needed for EVP+AES
>
> --- crypto/evp/e_aes.c Sat Feb 16 13:39:53 2002
> +++ crypto/evp/e_aes.c Sun Feb 24 16:54:59 2002
> @@ -88,6 +88,8 @@
> static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
> const unsigned char *iv, int enc) {
>
> + if (enc == -1)
> + enc = ctx->encrypt;
> if (enc)
> AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
> else
>
> otherwise code similar to this will break:
>
> EVP_CIPHER_CTX c;
>
> EVP_CIPHER_CTX_init(&c);
> EVP_CipherInit(&c, cipher, NULL, iv, enc);
> /* adjust keylength */
> EVP_CIPHER_CTX_set_key_length(&c, keylen)
> EVP_CipherInit(&c, NULL, key, NULL, -1);
>
> There could be problems in other ciphers, too.
You can't do that with AES anyway because its treated as a fixed key
length cipher with the key length determined by the EVP_CIPHER
structure. It has to be handled that way because unlike other cases
(e.g. RC2) the ASN1 OIDs are different for each key length.
I don't think any other ciphers are currently affected but it would be
an idea to have equivalent functionality in the EVP_CipherInit_ex()
function.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
