Engine NID_sha512

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Engine NID_sha512

Christian Johansson

Hello

I’m trying to write an engine that implements message digest functions – specifically: sha256, sha384 and sha512. The first two work as expected, I can intercept calls to update() and final() but for sha512 it doesn’t work. From the below program output you can see that my digest_meths method is invoked as expected for sha256 and sha384 (invoked with nid 672 and 673) but nothing for sha512 even though I supply NID_sha512 in my supported_nids array. I’ve unsuccessfully tried to search for a solution to this – so any input would be greatly appreciated.  How can I hook sha512 from my engine?

Relevant Openssl version:  OpenSSL 1.0.2o  27 Mar 2018,

Kind Regards

Christian

 

 

 

My digest_meths function:

 

static int engine_digest_meths(ENGINE *e, const EVP_MD **digest, const int **nids, int nid)

{

                             // Avoid compiler warning

                             (void)(e);

                            

                             if (!digest)

                             {

                                                          static int supported_nids[] = {NID_sha256, NID_sha384, NID_sha512, 0};

                                                          *nids = supported_nids;

                                                          return 2;

                             }

 

                             static EVP_MD newEVP_MDmethods;

                             if (nid == NID_sha256 || nid == NID_sha384 || nid == NID_sha512)

                             {

                                                          debug_print("SSLEngine: engine_digest_meths called, nid: %i \n", nid);

 

                                                          if (nid == NID_sha256)

                                                          {

                                                                                       originalSHA256Methods = EVP_sha256();

                                                                                       memcpy(&newEVP_MDmethods, originalSHA256Methods, sizeof(EVP_MD));

                                                                                       newEVP_MDmethods.update = engine_sha256_update;

                                                                                       newEVP_MDmethods.final = engine_sha256_final;

                                                          }

                                                          else if (nid == NID_sha384)

                                                          {

                                                                                       originalSHA384Methods = EVP_sha384();

                                                                                       memcpy(&newEVP_MDmethods, originalSHA384Methods, sizeof(EVP_MD));

                                                                                       newEVP_MDmethods.update = engine_sha384_update;

                                                                                       newEVP_MDmethods.final = engine_sha384_final;

                                                          }

                                                          else if (nid == NID_sha512)

                                                          {

                                                                                       originalSHA512Methods = EVP_sha512();

                                                                                       memcpy(&newEVP_MDmethods, originalSHA512Methods, sizeof(EVP_MD));

                                                                                       newEVP_MDmethods.update = engine_sha512_update;

                                                                                       newEVP_MDmethods.final = engine_sha512_final;

                                                          }

                                                          *digest = &newEVP_MDmethods;

                             }

                             else

                             {

                                                          *digest = NULL;

                                                          return 0;

                             }

                             return 1;

}

 

Example test run:

 

test@test:/tmp# ./engine-test

Testing SHA256...

SSLEngine: engine_digest_meths called, nid: 672

SSLEngine: engine_sha256_update called with 8 bytes

SSLEngine: engine_sha256_final called, ret = 1, digest = 2413fb3709b05939f04cf2e92f7d0897fc2596f9ad0b8a9ea855c7bfebaae892

Openssl output = 2413fb3709b05939f04cf2e92f7d0897fc2596f9ad0b8a9ea855c7bfebaae892

Testing SHA384...

SSLEngine: engine_digest_meths called, nid: 673

SSLEngine: engine_sha384_update called with 8 bytes

SSLEngine: engine_sha384_final called, ret = 1, digest = 26014c5c5fbfa7ea9865f08c320abab5323a1b522c178fb513cbf5cafdf124e3d6748a549f57456ef0f1d67bb8916cc2

Openssl output = 26014c5c5fbfa7ea9865f08c320abab5323a1b522c178fb513cbf5cafdf124e3d6748a549f57456ef0f1d67bb8916cc2

Testing SHA512...

Openssl output = ce57d8bc990447c7ec35557040756db2a9ff7cdab53911f3c7995bc6bf3572cda8c94fa53789e523a680de9921c067f6717e79426df467185fc7a6dbec4b2d57

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engine NID_sha512

Dave Coombs
Hi,

>                              if (!digest)
>                              {
>                                                           static int supported_nids[] = {NID_sha256, NID_sha384, NID_sha512, 0};
>                                                           *nids = supported_nids;
>                                                           return 2;
>                              }

I think this should be "return 3", to reflect the number of NIDs you're implementing support for.

  -Dave



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (12K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Engine NID_sha512

Christian Johansson
Wow - nothing like starting the day with a facepalm :-/ Huge thanks Dave!!

 

Från: openssl-users <[hidden email]> på uppdrag av Dave Coombs <[hidden email]>
Skickat: måndag, november 19, 2018 3:09 em
Till: [hidden email]
Ämne: Re: [openssl-users] Engine NID_sha512
 
Hi,

> if (!digest)
> {
> static int supported_nids[] = {NID_sha256, NID_sha384, NID_sha512, 0};
> *nids = supported_nids;
> return 2;
> }

I think this should be "return 3", to reflect the number of NIDs you're implementing support for.

-Dave



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users