EC Oddity
I have been doing some EC test code with the Sept. 5 snapshot and have
observed something that I find a little odd. So I thought I would
mention it so someone could take a look to see if it is a bug or what is
supposed to occur.
I have a PEM file with an EC private key.
I want to create an ephemeral private key for the same group.
So my code fragments are as follows:
EC_KEY *ecc_A=NULL;
EC_KEY *ecc_E=NULL;
const EC_GROUP *group=NULL;
ecc_A = PEM_read_bio_ECPrivateKey( bio_in, NULL, NULL, NULL );
group = EC_KEY_get0_group(ecc_A);
ecc_E = EC_KEY_new();
EC_KEY_set_group( ecc_E, group );
EC_KEY_generate_key( ecc_E );
Now the oddity occurs when I free the objects. If I have:
if( ecc_E != NULL ) {EC_KEY_free( ecc_E ); printf(ecc_E
freed\n);}
if( ecc_A != NULL ) {EC_KEY_free( ecc_A ); printf(ecc_A
freed\n);}
if( group != NULL ) {EC_GROUP_free( (EC_GROUP*)group );
printf(group freed\n);}
I see the messages:
ecc_E freed
ecc_A freed
Killed
If I reverse the order of the last two:
if( ecc_E != NULL ) {EC_KEY_free( ecc_E ); printf(ecc_E
freed\n);}
if( group != NULL ) {EC_GROUP_free( (EC_GROUP*)group);
printf(group freed\n);}
if( ecc_A != NULL ) {EC_KEY_free( ecc_A ); printf(ecc_A
freed\n);}
I see the messages:
ecc_E freed
group freed
Killed
It is almost as if the group object and the ec key object are combined,
such that freeing one automatically frees the other.
Is this the way it is supposed to be?
Also when doing the group free, I had to add the cast to prevent
compiler warnings. It seems that EC_GROUP is inconsistently defined in
the include files between its various uses. Is this also expected?
Bill
Re: EC Oddity
On Tue, Sep 25, 2007, Bill Colvin wrote:
I have been doing some EC test code with the Sept. 5 snapshot and have
observed something that I find a little odd. So I thought I would
mention it so someone could take a look to see if it is a bug or what is
supposed to occur.
I have a PEM file with an EC private key.
I want to create an ephemeral private key for the same group.
So my code fragments are as follows:
EC_KEY *ecc_A=NULL;
EC_KEY *ecc_E=NULL;
const EC_GROUP *group=NULL;
ecc_A = PEM_read_bio_ECPrivateKey( bio_in, NULL, NULL, NULL );
group = EC_KEY_get0_group(ecc_A);
ecc_E = EC_KEY_new();
EC_KEY_set_group( ecc_E, group );
EC_KEY_generate_key( ecc_E );
Now the oddity occurs when I free the objects. If I have:
if( ecc_E != NULL ) {EC_KEY_free( ecc_E ); printf(ecc_E
freed\n);}
if( ecc_A != NULL ) {EC_KEY_free( ecc_A ); printf(ecc_A
freed\n);}
if( group != NULL ) {EC_GROUP_free( (EC_GROUP*)group );
printf(group freed\n);}
Some of the newer functions in OpenSSL follow a naming convention. If they
have a '0' such as *get0*() then the pointer retrieved is internal to the
parent structure and should *NOT* be freed up after use because it will be
freed when the parent structure is. If you free both up you get double frees
and undefined results.
If there is a '1' then a copy is retrieved and it *should* be freed up as well
as the parent structure.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
RE: EC Oddity
Thanks for the explanation as to why this is occurring. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: September 25, 2007 11:49 AM To: openssl-users@openssl.org Subject: Re: EC Oddity Some of the newer functions in OpenSSL follow a naming convention. If they have a '0' such as *get0*() then the pointer retrieved is internal to the parent structure and should *NOT* be freed up after use because it will be freed when the parent structure is. If you free both up you get double frees and undefined results. If there is a '1' then a copy is retrieved and it *should* be freed up as well as the parent structure. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
