Hi, I'm getting failures decrypting a CMS (KEK or KTRI) when using an engine (RSA bsafe).
It appears that when the IV ( from EVP_cipher_asn1_to_param) is set into the context, the engine is not handling this somehow. The second call to EVP_cipher_init_ex has a NULL IV pointer in CMS_EncryptedContent_init_bio(), and if I change this to pass in ctx->oiv temporarily then the decryption succeeds OK. So - I am guessing that the IV is not being passed to the engine somehow. Is this an OpenSSL issue or an issue with the engine? ctx->cipher->flags is set to 2 (EVP_CIPH_CBC_MODE). Should it have EVP_CIPH_CUSTOM_IV set somehow? Thanks for any guidance/advice. Carl ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
