[openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Tue Apr 5 17:55:26 UTC 2016 

I had the same (good) results on El Capitan 10.11.4 (and before than on
10.11.3), Xcode-7.3, and Openssl-1.0.2g (and Openssl-1.0.2h-dev).

With some modifications (changing the calls to the 1.1 standard so it can
compile :) it also produced the expected (correct) results with
OpenSSL-1.1.0-pre5.

Again, Mac OS X 10.10.5 and 10.11.4, Xcode-7.2.1 and Xcode-7.3, OpenSSL
branches 1.0.2g, 1.0.2h-dev, 1.1.0-pre…

$ cat openssl-hmac-tst.c

#include <stdio.h>
#include <openssl/hmac.h>

void test_hmac() {

#if OPENSSL_VERSION_NUMBER >= 0x10100001L
   HMAC_CTX *ctx;
#else
   HMAC_CTX ctx;
#endif /* OPENSSL-1.1 */

  
   uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46,
0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3,
0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15};

#if OPENSSL_VERSION_NUMBER >= 0x10100001L
   ctx = HMAC_CTX_new();
#else
   HMAC_CTX_init(&ctx);
#endif /* OPENSSL-1.1 */

#if OPENSSL_VERSION_NUMBER >= 0x10100001L
   int thor = HMAC_Init_ex(ctx, &key, 32, EVP_sha256(), NULL);
#else
   int thor = HMAC_Init_ex(&ctx, &key, 32, EVP_sha256(), NULL);
#endif /* OPENSSL-1.1 */
  
   printf("hmac init = %d\n", thor);

#if OPENSSL_VERSION_NUMBER >= 0x10100001L
   HMAC_CTX_free(ctx);
#else
   HMAC_CTX_cleanup(&ctx);
#endif /* OPENSSL-1.1 */
  
}

int main(int argc, char **argv) {
   test_hmac();
}

$ clang -o openssl-hmac-tst-1.1 -I/Users/ur20980/src/openssl-1.1/include
openssl-hmac-tst.c -L /Users/ur20980/src/openssl-1.1/lib -lcrypto
$ clang -o openssl-hmac-tst -I /opt/local/include openssl-hmac-tst.c -L
/opt/local/lib -lcrypto
$ ./openssl-hmac-tst
hmac init = 1
$ ./openssl-hmac-tst-1.1
hmac init = 1
$ otool -L openssl-hmac-tst
openssl-hmac-tst:
	/opt/local/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0,
current version 1.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version
1213.0.0)
$ otool -L openssl-hmac-tst-1.1
openssl-hmac-tst-1.1:
	/Users/ur20980/src/openssl-1.1/lib/libcrypto.1.1.dylib (compatibility
version 1.1.0, current version 1.1.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version
1213.0.0)
$ 


-- 
Regards,
Uri Blumenthal


From:  Uri Blumenthal <uri at ll.mit.edu>
Date:  Thursday, March 24, 2016 at 15:10
To:  viisakas <mikkratsep at gmail.com>
Subject:  Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug


>Sorry for my laziness/busy-ness – but I don’t experience the problem you
>described (on Yosemite). I will test on El Capitan (Mac OS X 10.11.4,
>Xcode-7.3) later today.
>
>Mac OS X 10.10.5, Xcode-7.2.1:
>
>$ cat openssl-hmac-tst.c
>#include <stdio.h>
>#include <openssl/hmac.h>
>
>void test_hmac() {
>    HMAC_CTX ctx;
>    uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46,
>0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3,
>0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15};
>
>    HMAC_CTX_init(&ctx);
>
>    int thor = HMAC_Init_ex(&ctx, &key, 32, EVP_sha256(), NULL);
>
>    printf("hmac init = %d\n", thor);
>
>    HMAC_CTX_cleanup(&ctx);
>}
>
>int main(int argc, char **argv) {
>  test_hmac();
>}
>$ clang -I/opt/local/include -o openssl-hmac-tst openssl-hmac-tst.c
>-L/opt/local/lib -lcrypto
>$ ./openssl-hmac-tst
>hmac init = 1
>$ ./openssl-hmac-tst
>hmac init = 1
>$ ./openssl-hmac-tst
>hmac init = 1
>$ ./openssl-hmac-tst
>hmac init = 1
>$ openssl version
>OpenSSL 1.0.2h-dev  xx XXX xxxx
>$
>
>-- 
>Regards,
>Uri Blumenthal
>
>From:  viisakas <mikkratsep at gmail.com>
>Date:  Tuesday, February 23, 2016 at 3:48
>To:  Uri Blumenthal <uri at ll.mit.edu>
>Subject:  Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug
>
>>Hey,
>>
>>sorry for the laziness.
>>This is with 1.0.2f, on OS X 10.11.3.
>>
>>void test_hmac() {
>>    HMAC_CTX ctx;
>>    uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46,
>>0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3,
>>0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15};
>>
>>    HMAC_CTX_init(&ctx);
>>
>>    int thor = HMAC_Init_ex(&ctx, &key, 32, EVP_sha256(), NULL);
>>
>>    printf("hmac init = %d\n", thor);
>>
>>    HMAC_CTX_cleanup(&ctx);
>>}
>>
>>Best of wishes,
>>Mikk Rätsep
>>
>>>On 22 veebr 2016, at 18:42, Blumenthal, Uri - 0553 - MITLL
>>><uri at ll.mit.edu> wrote:
>>> 
>>> If somebody (Mikk, Felipe, you hear? :) cares to send me a *simple*
>>>*short*
>>> code that exposes this problem, I’ll be willing to test it on Linux and
>>> Mac OS X, with OpenSSL-1.0.2f, OpenSSL-1.0.2-stable, and
>>>1.1-pre<whatever>.
>>> -- 
>>> Regards,
>>> Uri Blumenthal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160405/7072c145/attachment.bin>

More information about the openssl-dev mailing list