On Fri, Nov 04, 2011, Huie-Ying Lee wrote: > On 10/31/11 13:43, Huie-Ying Lee wrote: > >Hi, > > > >I have a couple of questions regarding the EVP_MD_CTX_copy_ex() > >function in crypto/evp/digest.c and I would appreciate if you can > >shed some light upon it. > > > >Q1: If a digest copy function is provided by an engine, is the > >EVP_MD_CTX_copy_ex() function the only function in OpenSSL that > >will call that digest copy function ? > > > >Q2: If an engine uses the digest context passed from the OpenSSL's > >EVP_* functions directly, then the direct memcpy() in the > >EVP_MD_CTX_copy_ex() function does the copy, and therefore, the > >engine shouldn't need to do this copy again. Because the direct > >memcpy() is sufficient for the copy, it appears to be unnecessary > >for the engine to provide a copy function. Is this the case ? > > > > > > Regarding the previous two questions that I asked on this alias, I > have determined that: > > 1) If a digest copy fucntion is provided by an engine, then the > EVP_MD_CTX_copy_ex() function is the only function in OpenSSL that > will call that digest copy function. > > 2) It is not necessary for an engine to provide a digest copy > function, if this engine uses the context passed from upper EVP > functions directly. > > > Moreover, I found an existing engine example that doesn't provide a > digest copy function in its sha1 support. This existing engine is > the Intel Accelerator OpenSSL Engine (intel-accel-1.4.tar.gz) and it > can be found in the OpenSSL Contribution list > (http://www.openssl.org/contrib). > > If anybody has different understanding of these issues, could you > please let me know ? >
The reason for the copy function is to allow an ENGINE to duplicate its state in a custom way if it needs to. In the case of software ENGINEs the complete state is contained in the digest context structure itself and copying the buffer is appropriate. In other cases the state might contain a "handle" to state on an external cryptographic device or library. In that case if you copy the buffer the two contexts will still be linked so a custom copy operation is needed to duplicate the handle and use that in the copy. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
