I have some code that uses the following sequence of calls (e.g.):
EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); EVP_DigestInit_ex(&ctx, EVP_sha1, NULL); EVP_DigestUpdate(&ctx, pData, nSize); EVP_DigestFinal_ex(&ctx, pOut, NULL); EVP_DigestInit_ex(&ctx, EVP_sha1, NULL); EVP_DigestUpdate(&ctx, pData, nSize); EVP_DigestFinal_ex(&ctx, pOut, NULL); EVP_DigestInit_ex(&ctx, EVP_sha1, NULL); EVP_DigestUpdate(&ctx, pData, nSize); EVP_DigestFinal_ex(&ctx, pOut, NULL); EVP_MD_CTX_cleanup(&ctx); The docs say that "After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex() can be called to initialize a new digest operation." In my case, there is an ENGINE registered to perform the SHA1 operations. What happens, though is that EVP_DigestInit_ex() increments the ENGINE reference, but EVP_DigestFinal_ex() does not decrement it. Only the EVP_MD_CTX_cleanup() call is decrementing the reference count, and thus my ENGINE never ends up being actually freed on the ENGINE_finish() call. Is this a known issue? Do I really need to cleanup/reinit my CTX around each hash sequence? .................................... Erik Tkal Juniper OAC/UAC/Pulse Development
