On Wed, Aug 28, 2013, Dmitry Belyavsky wrote: > Greetings! > > The cipher algorithm GOST has a set of substitution blocks as parameters of > encryption/decryption. When we use the gost engine, we can specify the > preferred paramset via environment variable or using the default from > config file section. > > In 2013 Russian official body has changed the default value of the blocks. > So we need to use old default value for the old systems and new - for new > ones. But the functions CMS_encrypt/PKCS7_encrypt now do not allow to > configure the used cipher. Using the environment variable for the > parameters management makes more difficult the writing and using > multi-threading applications. > > Is it possible to modify the code of the OpenSSL for support of different > parameters? For example, to provide functions like > CMS_encrypt_ex/PKCS7_encrypt_ex with extra arguments. Or may be there is a > more simple way to get the result necessary for our purposes. >
There is a mechanism which exists for parameter setting and public key algorithms (only in master branch at present). The idea is that the appropriate context can be extracted from the structure and parameters set. This might need a new flag and a new function something like: CMS_EnvelopedData_get0_cipher_ctx(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
