On Tue, Feb 04, 2014, TheMoud wrote:
> Hi,
>
> I'm trying to use an engine to compute the private and public key for RSA.
> However the finish method of my implemented structure is never called. I use
> SSL_connect() function with ssl_v3
>
> static RSA_METHOD raw_rsa = {
> "RAW RSA method",
> pub_enc,
> pub_dec,
> priv_enc,
> priv_dec,
> NULL,
> NULL,
> NULL,NULL,
> rsa_init, /*init*/
> rsa_finish, /*finish*/
> 0,
> NULL,
> NULL,
> NULL,
> NULL
> };
>
> I suspected the ssl_cert_dup() function which add a lock for private key:
> if (cert->pkeys[i].privatekey != NULL)
> {
> ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
> CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
> CRYPTO_LOCK_EVP_PKEY);
> Indeed, by commenting the last line, I can access to the finish method when
> I close my connection. But the saved (using RSA_set_ex_data) are removed
> before(RSA_get_ex_data returns NULL).
>
> I'm using openssl_1.0.1e. The same behavior was seen with 1.0.1c
> Any suggestions or hint?
>
What do you want to use the finish method for? It's primary use is to allow an
implementation to clean up any additional data it associates with a
key before it is freed (for example closing a key handle of some kind). It
isn't used during normal cryptographic operations.
The above line increased the reference count on a key when it is being used by
another structure (typically an SSL structure). It isn't safe to free up the
key until all associated SSL and SSL_CTX structures containg it are also
freed.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
