Re: CMS/PKCS#7 encryption parameters
On Wed, Aug 28, 2013, Dmitry Belyavsky wrote: Greetings! The cipher algorithm GOST has a set of substitution blocks as parameters of encryption/decryption. When we use the gost engine, we can specify the preferred paramset via environment variable or using the default from config file section. In 2013 Russian official body has changed the default value of the blocks. So we need to use old default value for the old systems and new - for new ones. But the functions CMS_encrypt/PKCS7_encrypt now do not allow to configure the used cipher. Using the environment variable for the parameters management makes more difficult the writing and using multi-threading applications. Is it possible to modify the code of the OpenSSL for support of different parameters? For example, to provide functions like CMS_encrypt_ex/PKCS7_encrypt_ex with extra arguments. Or may be there is a more simple way to get the result necessary for our purposes. There is a mechanism which exists for parameter setting and public key algorithms (only in master branch at present). The idea is that the appropriate context can be extracted from the structure and parameters set. This might need a new flag and a new function something like: CMS_EnvelopedData_get0_cipher_ctx(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: CMS/PKCS#7 encryption parameters
Greetings! On Sun, Sep 8, 2013 at 9:53 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Wed, Aug 28, 2013, Dmitry Belyavsky wrote: Greetings! The cipher algorithm GOST has a set of substitution blocks as parameters of encryption/decryption. When we use the gost engine, we can specify the preferred paramset via environment variable or using the default from config file section. In 2013 Russian official body has changed the default value of the blocks. So we need to use old default value for the old systems and new - for new ones. But the functions CMS_encrypt/PKCS7_encrypt now do not allow to configure the used cipher. Using the environment variable for the parameters management makes more difficult the writing and using multi-threading applications. Is it possible to modify the code of the OpenSSL for support of different parameters? For example, to provide functions like CMS_encrypt_ex/PKCS7_encrypt_ex with extra arguments. Or may be there is a more simple way to get the result necessary for our purposes. There is a mechanism which exists for parameter setting and public key algorithms (only in master branch at present). Could you please show me the appropriate code in the master branch? The idea is that the appropriate context can be extracted from the structure and parameters set. This might need a new flag and a new function something like: CMS_EnvelopedData_get0_cipher_ctx(). Yes, the CMS structure contains all the necessary data. Do you mean the extra flag in the ctrl-function of an EVP_PKEY_METHOD struct? Thank you! -- SY, Dmitry Belyavsky
