Re: Correct way to call the EVP_CIPHER_CTX_cleanup()

Tue, 26 Mar 2013 10:23:03 -0700 

On 26 March 2013 16:45, tos iro <motto.mo...@gmail.com> wrote:
> Hello
> I'm sorry when there is an impoliteness.
>
> I want you to tell me a *correct way to* call the EVP_CIPHER_CTX_cleanup().
>
> I'm writing the program for encrypt independent data one by one.
>
> Should I call EVP_CIPHER_CTX_cleanup() at each EVP_EncryptFinal_ex() to
> "Context"?
>    function(){
>        EVP_CIPHER_CTX    ctx;
>
>        while( File exists ) {
>            EVP_CIPHER_CTX_init( &ctx )
>            EVP_CIPHER_CTX_set_padding( &ctx )
>            EVP_EncryptInit_ex( &ctx )
>            EVP_EncryptUpdate( &ctx )
>            EVP_EncryptFinal_ex( &ctx )
>            EVP_CIPHER_CTX_cleanup( &ctx )
>        }
>    }
>
> Or, May I call the encryption processing repeatedly by once
> EVP_CIPHER_CTX_init() and EVP_CIPHER_CTX_cleanup() to "Context"?
>    function(){
>        EVP_CIPHER_CTX    ctx;
>
>        EVP_CIPHER_CTX_init( &ctx )
>        EVP_CIPHER_CTX_set_padding( &ctx )
>        while( File exists ) {
>            EVP_EncryptInit_ex( &ctx )
>            EVP_EncryptUpdate( &ctx )
>            EVP_EncryptFinal_ex( &ctx )
>        }
>        EVP_CIPHER_CTX_cleanup( &ctx )
>    }
>

My understanding is that this second version is fine. In fact the
primary difference between EVP_EncryptInit/EVP_EncryptFinal and
EVP_EncryptInit_ex/EVP_EncryptFinal_ex is that with the former version
the context is automatically initialised for you and then cleaned up
at the end. This prevents the type of construction that you are
attempting which is why the _ex versions are there.


> I confirmed the above-mentioned both operated, too. However, I want to know
> a correct specification,
> but I worry about the meaning of the following sentence of manual.
>    # EVP_CIPHER_CTX_cleanup() clears all information from a
>    # cipher context and free up any allocated memory associate
>    # with it. It should be called after all operations using a
>    # cipher are complete so sensitive information does not remain
>    # in memory.

The way I read that, it just means that you must remember to clean up.
That's fine, because in your code you are.


Matt
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to