[openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Sun Apr 30 02:44:49 UTC 2017
Matt,
*Thank you!* Crystal clear now.
Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I tried that (without using DigestSign of course), signing succeeded but verification always failed. Was that expected? Are there some special settings one needs to apply besides just setting the padding type?
Thanks!
Regards,
Uri
Sent from my iPhone
> On Apr 29, 2017, at 19:34, Matt Caswell <matt at openssl.org> wrote:
>
>
>
>> On 28/04/17 20:29, Blumenthal, Uri - 0553 - MITLL wrote:
>> I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I
>> tried the OpenSSL manual pages, but still coming short of complete
>> understanding. :-)
>>
>>
>>
>> This is how I initialize the contexts (error handlers removed for brevity):
>>
>>
>>
>> ctx = EVP_PKEY_CTX_new(privkey, NULL);
>
> Don't do this. Just set ctx to NULL.
>
>>
>> md_ctx = EVP_MD_CTX_create();
>>
>> const EVP_MD *md = EVP_sha256();
>>
>> rv = EVP_DigestInit_ex(md_ctx, md, NULL);
>>
>> rv = EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey);
>
> ctx gets "filled in" by the EVP_DigestSignInit call.
>
>>
>>
>>
>> First question: do I need EVP_DigestInit_ex() there?
>
> No. It unnecessary.
>
>>
>>
>>
>> Second question: do I have to specify hash-function (EVP_MD*) twice?
>> First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()?
>>
>
> No...don't call EVP_DigestInit_ex() at all.
>
>>
>>
>> At the end I need to dispose of both ctx and md_ctx.
>
> "ctx" is "owned" by md_ctx. Just free md_ctx and ctx also gets freed.
>
>
> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4223 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170430/b564565d/attachment-0001.bin>
More information about the openssl-users
mailing list