[openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How tofree?

Michael Wojcik Michael.Wojcik at microfocus.com
Fri Apr 28 22:58:40 UTC 2017

Actually, I think Ryan Murray's email account may be compromised. We've seen a number of odd messages from it over the past couple of days.

Or he's running a DNN which has become self-aware and is spamming the list with its incoherent thoughts. Soon it will enlist the OpenSSL mail reflector in its uncompromising war on organic intelligence. We knew this would happen eventually.

(Of course it's only a mailing list, so really all it can do is wage psychological warfare, sending us depressing messages to break our spirit. Fortunately, as TLS users, we have built up a tremendous tolerance for depressing messages.)

Michael Wojcik
Distinguished Engineer, Micro Focus

From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Blumenthal, Uri - 0553 - MITLL
Sent: Friday, April 28, 2017 16:46
To: openssl-users at openssl.org
Subject: Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How tofree?

I see. I appreciate your willingness to help, but it would've been far better if you answered those very specific and unambiguous questions that I explicitly asked, instead of trying to guess/conjecture what the high level purpose of that whole exercise was.

As it happens, I've no interest and no need for (other) remote login or virtualization solutions (which have nothing to do with the problem I'm addressing), so I am unable to make use of your answer.


Sent from my iPhone

On Apr 28, 2017, at 18:37, Ryan Murray <rjkmurray40 at gmail.com<mailto:rjkmurray40 at gmail.com>> wrote:

A client/server model can create a mechanism that allows a user to establish a session  on the remote machine and then run its applications. This application is known as  remote login. This can be done by a client/server application program for the desired  service. Two remote login protocols are TELNET and SSH.  TELNET Protocol  TELNET (terminal network) is a TCP/IP standard for establishing a connection to a  remote system. TELNET allows a user to log in to a remote machine across the  Internet by first making a TCP connection and then pass the detail of the application
 from the user to the remote machine.. You do this to many

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

From: Blumenthal, Uri - 0553 - MITLL<mailto:uri at ll.mit.edu>
Sent: Friday, April 28, 2017 4:33 PM
To: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How tofree?

I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I tried the OpenSSL manual pages, but still coming short of complete understanding. :-)

This is how I initialize the contexts (error handlers removed for brevity):

      ctx = EVP_PKEY_CTX_new(privkey, NULL);

      md_ctx = EVP_MD_CTX_create();

      const EVP_MD *md = EVP_sha256();

      rv = EVP_DigestInit_ex(md_ctx, md, NULL);

      rv = EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey);

First question: do I need EVP_DigestInit_ex() there?

Second question: do I have to specify hash-function (EVP_MD*) twice? First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()?

At the end I need to dispose of both ctx and md_ctx. That leads to my third question/problem. The code I tried (based on what the man page says: to avoid memory leak, I need to do EVP_MD_CTX_destroy(md_ctx) crashes with SIGV:

      EVP_MD_CTX_destroy(md_ctx); // this succeeds
      EVP_PKEY_CTX_free(ctx);  // but here the code crashes

Same happens when I reverse the above order:

      EVP_PKEY_CTX_free(ctx); // this succeeds
      EVP_MD_CTX_destroy(md_ctx); // but then this one causes crash

So what’s the correct way of freeing both of them? Or is it that because they’re sort of “bound together” by EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey); freeing one frees the other?


openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170428/012ce775/attachment.html>

More information about the openssl-users mailing list