Jan Pechanec wrote:
The problem is how digests work:
OpenSSL: ctx init, dgst init/update/final, ctx cleanup
PKCS#11: dgst init/update/final
where some memory is allocated in dgst init and freed in ctx cleanup
(not dgst final) in OpenSSL, but allocated in dgst init and freed in dgst
final in PKCS#11 tokens. So, if you don't call xyzFinal() it's fine wrt
memory usage in OpenSSL but it's a problem in PKCS#11 app.
it's usually not a problem because when there is digest init there
is also digest final some time after that. However, not for HMAC
computation.
This sounds almost exactly why I added the SHA1_Drop() function to the
"save/load SHA1 state" patch, discussed on this list a week ago.
(or SHA1_Abandon(), SHA1_Cancel(), whatever name you prefer for the
function)
Even though it's a no-op for the current SHA1 C implementation, it
creates a clean hook to deallocate any memory without having to do an
unnecessary Final() calculation.
The "save/load SHA1 state" patch is in limbo (nobody replied to my last
mails about it, regarding extending it to EVP).
Although coincidentally I emailed Dr. Henson about it earlier today.
Regards,
Nanno
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
