On Thu, Oct 24, 2024 at 09:24:19PM +0000, 'Sands, Daniel N.' via openssl-users wrote:
> We have an application that performs hashing across multiple hosts in
> a kind of round-robin form. In the past, we could reach into whatever
> hash we were using and pull its state, and write it into the hash
> state on the next host to continue processing. With the new opaque
> hash structures, that ability seems to be lost. Is that the case, or
> is it still somehow possible?
If you're using, e.g., SHA256, and willing to bypass the EVP layer
abstractions, then the (deprecated, but still available in OpenSSL 3.x)
functions that take a concrete SHA256_CTX admit serialising the context,
because that structure is not opaque.
<openssl/sha.h>
typedef struct SHA256state_st {
SHA_LONG h[8];
SHA_LONG Nl, Nh;
SHA_LONG data[SHA_LBLOCK];
unsigned int num, md_len;
} SHA256_CTX;
OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c,
OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
If you want "algorithm agility", then unless I'm mistaken, I'm afraid
that indeed the abstract interface currently lacks a way to serialise
and deserialise the internal state, to allow to move "out of process".
If some day implemented, This would surely require new "provider"
mechanisms, and would be available only for provider/algorithm
combinations that support such serialisation. Right now that set of
provider/algorithm combinations is empty.
--
Viktor.
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/ZxsDSoZkGEXVol4j%40chardros.imrryr.org.
