[openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Fri Apr 28 19:29:52 UTC 2017
I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I tried the OpenSSL manual pages, but still coming short of complete understanding. :-)
This is how I initialize the contexts (error handlers removed for brevity):
ctx = EVP_PKEY_CTX_new(privkey, NULL);
md_ctx = EVP_MD_CTX_create();
const EVP_MD *md = EVP_sha256();
rv = EVP_DigestInit_ex(md_ctx, md, NULL);
rv = EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey);
First question: do I need EVP_DigestInit_ex() there?
Second question: do I have to specify hash-function (EVP_MD*) twice? First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()?
At the end I need to dispose of both ctx and md_ctx. That leads to my third question/problem. The code I tried (based on what the man page says: to avoid memory leak, I need to do EVP_MD_CTX_destroy(md_ctx) crashes with SIGV:
EVP_MD_CTX_destroy(md_ctx); // this succeeds
EVP_PKEY_CTX_free(ctx); // but here the code crashes
Same happens when I reverse the above order:
EVP_PKEY_CTX_free(ctx); // this succeeds
EVP_MD_CTX_destroy(md_ctx); // but then this one causes crash
So what’s the correct way of freeing both of them? Or is it that because they’re sort of “bound together” by EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey); freeing one frees the other?
Thanks!
—
Regards,
Uri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170428/27a28a69/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170428/27a28a69/attachment-0001.bin>
More information about the openssl-users
mailing list