On 11/04/11 13:56, Dr. Stephen Henson wrote:
On Fri, Nov 04, 2011, Huie-Ying Lee wrote:
On 10/31/11 13:43, Huie-Ying Lee wrote:
Hi,
I have a couple of questions regarding the EVP_MD_CTX_copy_ex()
function in crypto/evp/digest.c and I would appreciate if you can
shed some light upon it.
Q1: If a digest copy function is provided by an engine, is the
EVP_MD_CTX_copy_ex() function the only function in OpenSSL that
will call that digest copy function ?
Q2: If an engine uses the digest context passed from the OpenSSL's
EVP_* functions directly, then the direct memcpy() in the
EVP_MD_CTX_copy_ex() function does the copy, and therefore, the
engine shouldn't need to do this copy again. Because the direct
memcpy() is sufficient for the copy, it appears to be unnecessary
for the engine to provide a copy function. Is this the case ?
Regarding the previous two questions that I asked on this alias, I
have determined that:
1) If a digest copy fucntion is provided by an engine, then the
EVP_MD_CTX_copy_ex() function is the only function in OpenSSL that
will call that digest copy function.
2) It is not necessary for an engine to provide a digest copy
function, if this engine uses the context passed from upper EVP
functions directly.
Moreover, I found an existing engine example that doesn't provide a
digest copy function in its sha1 support. This existing engine is
the Intel Accelerator OpenSSL Engine (intel-accel-1.4.tar.gz) and it
can be found in the OpenSSL Contribution list
(http://www.openssl.org/contrib).
If anybody has different understanding of these issues, could you
please let me know ?
The reason for the copy function is to allow an ENGINE to duplicate its state
in a custom way if it needs to.
In the case of software ENGINEs the complete state is contained in the digest
context structure itself and copying the buffer is appropriate.
From your response, I assum that my 2nd assumption is correct:
2) It is not required for an engine to provide a digest copy function,
if this engine uses the context passed from upper EVP functions directly.
However, I'm still unclear whether my first assumption is correct:
1) If a digest copy fucntion is provided by an engine, then the
EVP_MD_CTX_copy_ex() function is the only function in OpenSSL that will
call that digest copy function.
Could you please confirm whether assumption 1 is correct ?
In other cases the state might contain a "handle" to state on an external
cryptographic device or library. In that case if you copy the buffer the two
contexts will still be linked so a custom copy operation is needed to
duplicate the handle and use that in the copy.
The engine that I'm discussing in this email doesn't have a "handle" and
it doesn't use an external cryptographic device or library.
Thanks,
Huie-Ying
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
