[openssl-users] FIPS_incore_fingerprint inconsistent text section results on iOS

etksubs at gmail.com etksubs at gmail.com
Mon Aug 22 20:46:54 UTC 2016

I am having a problem where FIPS_incore_fingerprint is failing to generate the same signature as our build script.

If I set a breakpoint in FIPS_incore_fingerprint it appears that p1-p4 are all being set correctly.  If I dump memory for each section (p1-p2 and p3-p4) and concatenate the binary data and run openssl sha1 -hmac etaonrishdlcupfm concatenateddata.bin I get the same result as we are storing into FIPS_signature.  However, after the HMAC_Final call in FIPS_incore_fingerprint the resulting signature is not the same.

I set breakpoints and skipped the second HMAC_Update (so as to just hash the text section) and I do not get the same result as expected for just that section.

If I skip the first HMAC_Update to just hash the data section, then that does return the expected result for that section every time.

I have dumped the text section (p1-p2) before and after the first HMAC_Update and there is no difference in the memory contents, and I get the same contents for every run, yet the resulting hash for that chunk is different every time.

Any idea what might be going on here?

  Erik Tkal

More information about the openssl-users mailing list