Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?
Understood. Thanks! Yes, it would be nice if 1_0_2-stable and 1_1 branches returned an error on an attempt to sign or verify with RSA_NO_PADDING. Regards, Uri Sent from my iPhone > On Apr 30, 2017, at 15:19, Dr. Stephen Hensonwrote: > >> On Sun, Apr 30, 2017, Blumenthal, Uri - 0553 - MITLL wrote: >> >> >> Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I >> tried that (without using DigestSign of course), signing succeeded but >> verification always failed. Was that expected? Are there some special >> settings one needs to apply besides just setting the padding type? >> > > With RSA_NO_PADDING it isn't possible to determine the length of the decrypted > data during verify. We should really return an error code if an atttempt is > made to use it for sign/verify. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?
On Sun, Apr 30, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > > Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I > tried that (without using DigestSign of course), signing succeeded but > verification always failed. Was that expected? Are there some special > settings one needs to apply besides just setting the padding type? > With RSA_NO_PADDING it isn't possible to determine the length of the decrypted data during verify. We should really return an error code if an atttempt is made to use it for sign/verify. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?
Matt, *Thank you!* Crystal clear now. Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I tried that (without using DigestSign of course), signing succeeded but verification always failed. Was that expected? Are there some special settings one needs to apply besides just setting the padding type? Thanks! Regards, Uri Sent from my iPhone > On Apr 29, 2017, at 19:34, Matt Caswellwrote: > > > >> On 28/04/17 20:29, Blumenthal, Uri - 0553 - MITLL wrote: >> I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I >> tried the OpenSSL manual pages, but still coming short of complete >> understanding. :-) >> >> >> >> This is how I initialize the contexts (error handlers removed for brevity): >> >> >> >> ctx = EVP_PKEY_CTX_new(privkey, NULL); > > Don't do this. Just set ctx to NULL. > >> >> md_ctx = EVP_MD_CTX_create(); >> >> const EVP_MD *md = EVP_sha256(); >> >> rv = EVP_DigestInit_ex(md_ctx, md, NULL); >> >> rv = EVP_DigestSignInit(md_ctx, , md, NULL, privkey); > > ctx gets "filled in" by the EVP_DigestSignInit call. > >> >> >> >> First question: do I need EVP_DigestInit_ex() there? > > No. It unnecessary. > >> >> >> >> Second question: do I have to specify hash-function (EVP_MD*) twice? >> First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()? >> > > No...don't call EVP_DigestInit_ex() at all. > >> >> >> At the end I need to dispose of both ctx and md_ctx. > > "ctx" is "owned" by md_ctx. Just free md_ctx and ctx also gets freed. > > > Matt > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?
On 28/04/17 20:29, Blumenthal, Uri - 0553 - MITLL wrote: > I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I > tried the OpenSSL manual pages, but still coming short of complete > understanding. :-) > > > > This is how I initialize the contexts (error handlers removed for brevity): > > > > ctx = EVP_PKEY_CTX_new(privkey, NULL); Don't do this. Just set ctx to NULL. > > md_ctx = EVP_MD_CTX_create(); > > const EVP_MD *md = EVP_sha256(); > > rv = EVP_DigestInit_ex(md_ctx, md, NULL); > > rv = EVP_DigestSignInit(md_ctx, , md, NULL, privkey); ctx gets "filled in" by the EVP_DigestSignInit call. > > > > First question: do I need EVP_DigestInit_ex() there? No. It unnecessary. > > > > Second question: do I have to specify hash-function (EVP_MD*) twice? > First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()? > No...don't call EVP_DigestInit_ex() at all. > > > At the end I need to dispose of both ctx and md_ctx. "ctx" is "owned" by md_ctx. Just free md_ctx and ctx also gets freed. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?
I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I tried the OpenSSL manual pages, but still coming short of complete understanding. :-) This is how I initialize the contexts (error handlers removed for brevity): ctx = EVP_PKEY_CTX_new(privkey, NULL); md_ctx = EVP_MD_CTX_create(); const EVP_MD *md = EVP_sha256(); rv = EVP_DigestInit_ex(md_ctx, md, NULL); rv = EVP_DigestSignInit(md_ctx, , md, NULL, privkey); First question: do I need EVP_DigestInit_ex() there? Second question: do I have to specify hash-function (EVP_MD*) twice? First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()? At the end I need to dispose of both ctx and md_ctx. That leads to my third question/problem. The code I tried (based on what the man page says: to avoid memory leak, I need to do EVP_MD_CTX_destroy(md_ctx) crashes with SIGV: EVP_MD_CTX_destroy(md_ctx); // this succeeds EVP_PKEY_CTX_free(ctx); // but here the code crashes Same happens when I reverse the above order: EVP_PKEY_CTX_free(ctx); // this succeeds EVP_MD_CTX_destroy(md_ctx); // but then this one causes crash So what’s the correct way of freeing both of them? Or is it that because they’re sort of “bound together” by EVP_DigestSignInit(md_ctx, , md, NULL, privkey); freeing one frees the other? Thanks! — Regards, Uri smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users