[openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How tofree?

Ryan Murray rjkmurray40 at gmail.com
Fri Apr 28 22:33:28 UTC 2017

A client/server model can create a mechanism that allows a user to establish a session  on the remote machine and then run its applications. This application is known as  remote login. This can be done by a client/server application program for the desired  service. Two remote login protocols are TELNET and SSH.  TELNET Protocol  TELNET (terminal network) is a TCP/IP standard for establishing a connection to a  remote system. TELNET allows a user to log in to a remote machine across the  Internet by first making a TCP connection and then pass the detail of the application  
 from the user to the remote machine.. You do this to many

Sent from Mail for Windows 10

From: Blumenthal, Uri - 0553 - MITLL
Sent: Friday, April 28, 2017 4:33 PM
To: openssl-users at openssl.org
Subject: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How tofree?

I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I tried the OpenSSL manual pages, but still coming short of complete understanding. :-)

This is how I initialize the contexts (error handlers removed for brevity):

      ctx = EVP_PKEY_CTX_new(privkey, NULL);
      md_ctx = EVP_MD_CTX_create();
      const EVP_MD *md = EVP_sha256();
      rv = EVP_DigestInit_ex(md_ctx, md, NULL);
      rv = EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey);

First question: do I need EVP_DigestInit_ex() there?

Second question: do I have to specify hash-function (EVP_MD*) twice? First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()?

At the end I need to dispose of both ctx and md_ctx. That leads to my third question/problem. The code I tried (based on what the man page says: to avoid memory leak, I need to do EVP_MD_CTX_destroy(md_ctx) crashes with SIGV:

      EVP_MD_CTX_destroy(md_ctx); // this succeeds
      EVP_PKEY_CTX_free(ctx);  // but here the code crashes

Same happens when I reverse the above order:

      EVP_PKEY_CTX_free(ctx); // this succeeds
      EVP_MD_CTX_destroy(md_ctx); // but then this one causes crash

So what’s the correct way of freeing both of them? Or is it that because they’re sort of “bound together” by EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey); freeing one frees the other?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170428/c1959631/attachment.html>

More information about the openssl-users mailing list