[openssl-users] SHA256() to EVP_* ?

Dave Thompson dthompson at prinpay.com
Fri May 1 04:59:02 UTC 2015 

> From: openssl-users On Behalf Of jonetsu
> Sent: Wednesday, April 29, 2015 10:07
<snip>
> The man page (the one online from OpenSSL project - SHA256.html)
> gives a description using SHA1() which computes a message digest.

Note this is the same page for
SHA{1,224,256,384,512}{,_Init,_Update,_Final}.html 
and is the same content that is provided as 'man' pages on a Unix install of
OpenSSL.
On Unix systems a man page for several related routines (or types/structures
etc) 
can actually be one file with multiple links to it, but the website doesn't
bother.

> Being generally new to OpenSSL at that level, what is then the
> difference between using, say, SHA1() vs. using SHA1_Init,
> SHA1_Update and SHA1_Final ?  Is it only that the latter allows
> for continuously add data until _Final is called ?
> 
Very nearly. The 'all-in-one' routine SHA1() consists of:
- declare (thus implicitly allocate) CTX 
- provide a static buffer by default (for legacy but this is a bad idea,
it is unsafe for threads or recursion, and should not be used today)
- do SHA1_Init and test for error (error won't actually occur but this 
preserves a consistent structure with other algorithms that might)
- do EXACTLY ONE SHA1_Update
- do SHA1_Final
- "cleanse" the CTX to prevent leakage of data that might be sensitive
(whether it actually is sensitive depends on what the data is, but to be 
on safe side always cleanse) and implicitly deallocate 

and similarly for the other algorithms.

So the difference using separate calls is: you can do multiple _Update 
steps/buffers, and you must handle the CTX and output buffer.

And you can do more flexible things like compute both SHA1 and MD5 
for the same data concurrently, without needing to buffer all the data 
(which in some applications might exceed your memory) or reread it 
(which may be impossible in some applications like streaming video).

You may be thinking: this is just a small convenience, it's not hard to 
do the separate routines. You're right, it's not. But if it happens 10 
or 20 or 50 places in your code, saving 10 lines 50 times is 500 lines 
you don't have to write, read, keep in source control, compile every 
build, cover in your test strategy and coverage reports, etc.
Even a small convenience is still a convenience.

More information about the openssl-users mailing list