The intermdiate status (and finally the result) is stored in the
128Bytes memory array in padlock_do_sha1(). I.e. it's context switch safe.
What happens when you issue the instruction without rep prefix?
That's invalid instruction I believe.
Dare to actually try?
Instead its necessary to accumulate all data from
update()s in some buffer and hash them only in final().
Note that there is EVP_MD_FLAG_ONESHOT, which can/should be used to
avoid fallback to software at least for such cases.
I have found this flag but didn't realise how to use it.
If flag is set, just hash directly in update procedure and do nothing
[but byte swaping?] in final. Instead of doing nothing but copying in
update procedure and do hashing in final.
And IIRC it's
only used in one engine. Afterall I decided it's useless and wrote the
software fallback path for SHA.
Note that I didn't suggest to scrap software fallback [yet?], just to
*complement* with a way to hash larger data chunk if it's readily
available in one stroke. BTW, as for copying. As more than likely
sensitive data gets copied into intermediate buffer, it's more than
appropriate to zero it prior free. I only see memset on padlock
intermediate state. A.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
