Re: EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Matt, 

*Thank you!* Crystal clear now. 

Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I tried that (without using DigestSign of course), signing succeeded but verification always failed. Was that expected? Are there some special settings one needs to apply besides just setting the padding type?

Thanks!

Regards,
Uri

Sent from my iPhone

> On Apr 29, 2017, at 19:34, Matt Caswell <matt@xxxxxxxxxxx> wrote:
> 
> 
> 
>> On 28/04/17 20:29, Blumenthal, Uri - 0553 - MITLL wrote:
>> I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I
>> tried the OpenSSL manual pages, but still coming short of complete
>> understanding. :-)
>> 
>> 
>> 
>> This is how I initialize the contexts (error handlers removed for brevity):
>> 
>> 
>> 
>>      ctx = EVP_PKEY_CTX_new(privkey, NULL);
> 
> Don't do this. Just set ctx to NULL.
> 
>> 
>>      md_ctx = EVP_MD_CTX_create();
>> 
>>      const EVP_MD *md = EVP_sha256();
>> 
>>      rv = EVP_DigestInit_ex(md_ctx, md, NULL);
>> 
>>      rv = EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey);
> 
> ctx gets "filled in" by the EVP_DigestSignInit call.
> 
>> 
>> 
>> 
>> First question: do I need EVP_DigestInit_ex() there?
> 
> No. It unnecessary.
> 
>> 
>> 
>> 
>> Second question: do I have to specify hash-function (EVP_MD*) twice?
>> First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()?
>> 
> 
> No...don't call EVP_DigestInit_ex() at all.
> 
>> 
>> 
>> At the end I need to dispose of both ctx and md_ctx.
> 
> "ctx" is "owned" by md_ctx. Just free md_ctx and ctx also gets freed.
> 
> 
> Matt
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux