On Tue, Jun 08, 2010, Jason Fister wrote: > Stephen, > Thanks for your solution. > > >Well I'd add the BIG disclaimer that will NOT work in future when OpenSSL > >structures are made opaque and almost certainly will fail if you have an > >ENGINE. > > Understood. I am new to openssl and I am reading up about 'ENGINE's in > openssl. When you say it will fail when there is an 'ENGINE', do you mean if > I use EVP_DIGEST functions (from the example on openssl.org), your solution > will not work? If yes, is the solution as simple as using SHA1_Init, > SHA1_Update, SHA1_Final functions instead? >
If you don't know what an ENGINE is you probably aren't using one. They can contain alternative algorithm implementations in either software or hardware. The reason why this may not work with an ENGINE is the data inside may contain anything including pointers to internal contexts in hardware which wont be properly saved or restored. > >What you need to do is copy the md_ctx->data (which will be a flat buffer > for > >the software SHA1 implementation) for md_ctx->digest->md_size bytes. Save > that > >somewhere and after calling init the second time copy it back. Do NOT try > >restoring the context with different versions of OpenSSL or different > >architectures. > > Will this work with plain old SHA also? I will try to find the answers for > some of the questions on my own by writing some code. But any help from your > side will be much appreciated. > It should work with any of the standard OpenSSL software implementations. So that includs SHA, MD5, SHA256 etc. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
