[EMAIL PROTECTED] - Tue Apr 1 12:04:10 2003]: > On Tue, Apr 01, 2003 at 09:32:33AM +0200, Christoph Martin wrote: > > > So I can safely call EVP_*Init() on the same ctx without freeing > inbetween? Why are there *_ex() functions which don't free stuff > when the *() functions now don't free stuff either? > > Whatever you want the functions to do, please make sure the manpages > contain correct information.
No you can't completely reuse the same ctx. You can *only* reuse exactly the same key and IV the last context used by calling EVP_*Init() with all parameters NULL apart from the ctx. This is a little known feature of the EVP_*Init() functions but some code makes use of it so we have to retain compatibility. However this feature means that we can't free up the ctx automatically in EVP_*Final(). The problem with the old EVP_*Init() functions is that they were typically called like this: EVP_CIPHER_CTX ctx; EVP_CipherInit(ctx, ...); This means that EVP_CipherInit() cannot make *any* assumptions about the state of 'ctx' because it is completely uninitialized. So it has to complelely initialize the ctx. There is one exception to this rule: it is assumed that if EVP_*Init() is called with all parameters NULL apart from ctx that ctx *is* valid. The only difference between this behaviour and versions before 0.9.7 is that you now have to call EVP_CIPHER_CTX_cleanup() when you've finished with a ctx or it will leak memory. In 0.9.6 and earlier you didn't have to call EVP_CIPHER_CTX_cleanup() but this would leave a sensitive security context in memory which is a bad idea anyway. The _ex() functions serve two separate purposes. Firstly they have an extra 'engine' parameter which allows the use of none default ciphers in other ENGINEs. Secondly they remove this uncertaintly about the state of ctx. When an EVP_*Init_ex() function is called the ctx *must* be valid. As a result these functions can fully reuse an existing ctx without having to allocate and free up memory all the time. The new functions can be called like this: EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_CipherInit_ex(&ctx, ...); /* Update and final calls */ EVP_CipherInit_ex(&ctx, ...); /* Other Update and final calls */ /* Possibly more EVP_*Init_ex() calls ... */ EVP_CipherFinal(&ctx, ...); /* No more calls ... */ EVP_CIPHER_CTX_cleanup(&ctx); Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
