« Return to Thread: How encrypt long string RSA
RE: ENGINE reference leak using EVP_Digest*
by Erik Tkal
::
Rate this Message:
Some parts of this message have been removed.
Learn more about Nabble's security policy.
BTW, this is with OpenSSL 1.0.1; I did not try an older version.
Sent: Tuesday, March 27, 2012 10:20 AM
To: openssl-dev@...
Subject: ENGINE reference leak using EVP_Digest*
I have some code that uses the following sequence of calls (e.g.):
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
EVP_DigestUpdate(&ctx, pData, nSize);
EVP_DigestFinal_ex(&ctx, pOut, NULL);
EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
EVP_DigestUpdate(&ctx, pData, nSize);
EVP_DigestFinal_ex(&ctx, pOut, NULL);
EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
EVP_DigestUpdate(&ctx, pData, nSize);
EVP_DigestFinal_ex(&ctx, pOut, NULL);
EVP_MD_CTX_cleanup(&ctx);
The docs say that “After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex() can be called to initialize a new digest operation.”
In my case, there is an ENGINE registered to perform the SHA1 operations.
What happens, though is that EVP_DigestInit_ex() increments the ENGINE reference, but EVP_DigestFinal_ex() does not decrement it. Only the EVP_MD_CTX_cleanup() call is decrementing the reference count, and thus my ENGINE never ends up being actually freed on the ENGINE_finish() call.
Is this a known issue? Do I really need to cleanup/reinit my CTX around each hash sequence?
....................................
Erik Tkal
Juniper OAC/UAC/Pulse Development
« Return to Thread: How encrypt long string RSA
| Free embeddable forum powered by Nabble | Forum Help |
