Re: Calling EVP_DigestFinal_ex multiple times
On Mon, Jun 17, 2019 at 2:07 AM Matt Caswell wrote: > On 15/06/2019 15:08, Tobias Nießen wrote: > > I am wondering whether it is permitted to call EVP_DigestFinal_ex multiple > > times on the same context in order to retrieve the same digest twice. I > > expected OpenSSL to fail with an error code, but SHA256 seems to permit it > > whereas SHA3 seems to cause a segmentation fault. The documentation does not > > explicitely forbid or allow it, so I am wondering where this should be > > addressed: In the implementation of EVP_*, in SHA2, in SHA3, in the > > documentation, or not at all? > > I believe this should not be allowed. Probably this is a documentation issue. Just a doc issue? Shouldn't the SHAs behave more uniformly? Also, is segfaulting a reasonable result of this kind of API use, calling an API twice? Segving on bad memory is unavoidable, but calling an API twice sounds detectable. Cheers, Sam
Re: Calling EVP_DigestFinal_ex multiple times
On 15/06/2019 15:08, Tobias Nießen wrote: > Hello, > > I am wondering whether it is permitted to call EVP_DigestFinal_ex multiple > times on the same context in order to retrieve the same digest twice. I > expected OpenSSL to fail with an error code, but SHA256 seems to permit it > whereas SHA3 seems to cause a segmentation fault. The documentation does not > explicitely forbid or allow it, so I am wondering where this should be > addressed: In the implementation of EVP_*, in SHA2, in SHA3, in the > documentation, or not at all? I believe this should not be allowed. Probably this is a documentation issue. Matt
Calling EVP_DigestFinal_ex multiple times
Hello, I am wondering whether it is permitted to call EVP_DigestFinal_ex multiple times on the same context in order to retrieve the same digest twice. I expected OpenSSL to fail with an error code, but SHA256 seems to permit it whereas SHA3 seems to cause a segmentation fault. The documentation does not explicitely forbid or allow it, so I am wondering where this should be addressed: In the implementation of EVP_*, in SHA2, in SHA3, in the documentation, or not at all? Thank you in advance! Tobias
