We have this issue discussing this RFE: https://github.com/openssl/openssl/issues/14222 Tomas Mraz, OpenSSL On Fri, 2024-10-25 at 13:32 +1100, Viktor Dukhovni wrote: > On Thu, Oct 24, 2024 at 09:24:19PM +0000, 'Sands, Daniel N.' via > openssl-users wrote: > > > We have an application that performs hashing across multiple hosts > > in > > a kind of round-robin form. In the past, we could reach into > > whatever > > hash we were using and pull its state, and write it into the hash > > state on the next host to continue processing. With the new opaque > > hash structures, that ability seems to be lost. Is that the case, > > or > > is it still somehow possible? > > If you're using, e.g., SHA256, and willing to bypass the EVP layer > abstractions, then the (deprecated, but still available in OpenSSL > 3.x) > functions that take a concrete SHA256_CTX admit serialising the > context, > because that structure is not opaque. > > <openssl/sha.h> > > typedef struct SHA256state_st { > SHA_LONG h[8]; > SHA_LONG Nl, Nh; > SHA_LONG data[SHA_LBLOCK]; > unsigned int num, md_len; > } SHA256_CTX; > > OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c); > OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c, > OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, > SHA256_CTX *c); > > If you want "algorithm agility", then unless I'm mistaken, I'm afraid > that indeed the abstract interface currently lacks a way to serialise > and deserialise the internal state, to allow to move "out of > process". > If some day implemented, This would surely require new "provider" > mechanisms, and would be available only for provider/algorithm > combinations that support such serialisation. Right now that set of > provider/algorithm combinations is empty. > > -- > Viktor. > -- Tomáš Mráz, OpenSSL -- You received this message because you are subscribed to the Google Groups "openssl-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx. To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/83df8edaa3c2bc4fa028083292abb2df08dc86fb.camel%40openssl.org.
