[openssl-dev] [openssl.org #4643] [patch] pass EVP_MD to engines verifyctx_init and signctx_init
Schüller Felix via RT
rt at openssl.org
Tue Aug 9 15:15:54 UTC 2016
On Mon Aug 08 13:52:12 2016, Stephen Henson wrote:
>> for some engine-implementations one needs the possibility to change
>> the EVP_MD used in signctx_init and verifyctx_init.
>> (because different EVP_MD are needed for standalone calculating of the
>> digest and calculating the digest during signature-operations.) This
>> is only possible if a pointer-pointer is passed through the calls. The
>> attached patch (against 1.1.0-pre6) realises this.
>This shouldn't be necessary becasuse the underlying method gets notified through EVP_PKEY_CTX_set_signature_md() which it can then check
>and take appropriate action.
Ok, I didn’t see this way (maybe because my first solution was to use ENGINE_set_digest() which didn’t work in my case) but it works.
Thanks for the quick hint and please ignore the patch.
>If the method wants to change the MD it can set the EVP_PKEY_FLAG_SIGCTX_CUSTOM flag and then use whatever EVP_MD is appropriate
>instead of the passed one.
JFTR: Actually the trick is not to use any EVP_MD later, but use EVP_MD_CTX_set_update().
Kind regards
Felix Schüller
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4643
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list