Calling EVP_DigestFinal_ex multiple times

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Calling EVP_DigestFinal_ex multiple times

Tobias Nießen
Hello,

I am wondering whether it is permitted to call EVP_DigestFinal_ex multiple times on the same context in order to retrieve the same digest twice. I expected OpenSSL to fail with an error code, but SHA256 seems to permit it whereas SHA3 seems to cause a segmentation fault. The documentation does not explicitely forbid or allow it, so I am wondering where this should be addressed: In the implementation of EVP_*, in SHA2, in SHA3, in the documentation, or not at all?

Thank you in advance!
Tobias
Reply | Threaded
Open this post in threaded view
|

Re: Calling EVP_DigestFinal_ex multiple times

Matt Caswell-2


On 15/06/2019 15:08, Tobias Nießen wrote:
> Hello,
>
> I am wondering whether it is permitted to call EVP_DigestFinal_ex multiple
> times on the same context in order to retrieve the same digest twice. I
> expected OpenSSL to fail with an error code, but SHA256 seems to permit it
> whereas SHA3 seems to cause a segmentation fault. The documentation does not
> explicitely forbid or allow it, so I am wondering where this should be
> addressed: In the implementation of EVP_*, in SHA2, in SHA3, in the
> documentation, or not at all?

I believe this should not be allowed. Probably this is a documentation issue.

Matt

Reply | Threaded
Open this post in threaded view
|

Re: Calling EVP_DigestFinal_ex multiple times

Sam Roberts
On Mon, Jun 17, 2019 at 2:07 AM Matt Caswell <[hidden email]> wrote:

> On 15/06/2019 15:08, Tobias Nießen wrote:
> > I am wondering whether it is permitted to call EVP_DigestFinal_ex multiple
> > times on the same context in order to retrieve the same digest twice. I
> > expected OpenSSL to fail with an error code, but SHA256 seems to permit it
> > whereas SHA3 seems to cause a segmentation fault. The documentation does not
> > explicitely forbid or allow it, so I am wondering where this should be
> > addressed: In the implementation of EVP_*, in SHA2, in SHA3, in the
> > documentation, or not at all?
>
> I believe this should not be allowed. Probably this is a documentation issue.

Just a doc issue? Shouldn't the SHAs behave more uniformly?

Also, is segfaulting a reasonable result of this kind of API use,
calling an API twice? Segving on bad memory is unavoidable, but
calling an API twice sounds detectable.

Cheers,
Sam