[openssl-users] Engine NID_sha512
Christian Johansson
Christian.Johansson at nixu.com
Mon Nov 19 11:40:57 UTC 2018
Hello
I’m trying to write an engine that implements message digest functions – specifically: sha256, sha384 and sha512. The first two work as expected, I can intercept calls to update() and final() but for sha512 it doesn’t work. From the below program output you can see that my digest_meths method is invoked as expected for sha256 and sha384 (invoked with nid 672 and 673) but nothing for sha512 even though I supply NID_sha512 in my supported_nids array. I’ve unsuccessfully tried to search for a solution to this – so any input would be greatly appreciated. How can I hook sha512 from my engine?
Relevant Openssl version: OpenSSL 1.0.2o 27 Mar 2018,
Kind Regards
Christian
My digest_meths function:
static int engine_digest_meths(ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
{
// Avoid compiler warning
(void)(e);
if (!digest)
{
static int supported_nids[] = {NID_sha256, NID_sha384, NID_sha512, 0};
*nids = supported_nids;
return 2;
}
static EVP_MD newEVP_MDmethods;
if (nid == NID_sha256 || nid == NID_sha384 || nid == NID_sha512)
{
debug_print("SSLEngine: engine_digest_meths called, nid: %i \n", nid);
if (nid == NID_sha256)
{
originalSHA256Methods = EVP_sha256();
memcpy(&newEVP_MDmethods, originalSHA256Methods, sizeof(EVP_MD));
newEVP_MDmethods.update = engine_sha256_update;
newEVP_MDmethods.final = engine_sha256_final;
}
else if (nid == NID_sha384)
{
originalSHA384Methods = EVP_sha384();
memcpy(&newEVP_MDmethods, originalSHA384Methods, sizeof(EVP_MD));
newEVP_MDmethods.update = engine_sha384_update;
newEVP_MDmethods.final = engine_sha384_final;
}
else if (nid == NID_sha512)
{
originalSHA512Methods = EVP_sha512();
memcpy(&newEVP_MDmethods, originalSHA512Methods, sizeof(EVP_MD));
newEVP_MDmethods.update = engine_sha512_update;
newEVP_MDmethods.final = engine_sha512_final;
}
*digest = &newEVP_MDmethods;
}
else
{
*digest = NULL;
return 0;
}
return 1;
}
Example test run:
test at test:/tmp# ./engine-test
Testing SHA256...
SSLEngine: engine_digest_meths called, nid: 672
SSLEngine: engine_sha256_update called with 8 bytes
SSLEngine: engine_sha256_final called, ret = 1, digest = 2413fb3709b05939f04cf2e92f7d0897fc2596f9ad0b8a9ea855c7bfebaae892
Openssl output = 2413fb3709b05939f04cf2e92f7d0897fc2596f9ad0b8a9ea855c7bfebaae892
Testing SHA384...
SSLEngine: engine_digest_meths called, nid: 673
SSLEngine: engine_sha384_update called with 8 bytes
SSLEngine: engine_sha384_final called, ret = 1, digest = 26014c5c5fbfa7ea9865f08c320abab5323a1b522c178fb513cbf5cafdf124e3d6748a549f57456ef0f1d67bb8916cc2
Openssl output = 26014c5c5fbfa7ea9865f08c320abab5323a1b522c178fb513cbf5cafdf124e3d6748a549f57456ef0f1d67bb8916cc2
Testing SHA512...
Openssl output = ce57d8bc990447c7ec35557040756db2a9ff7cdab53911f3c7995bc6bf3572cda8c94fa53789e523a680de9921c067f6717e79426df467185fc7a6dbec4b2d57
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181119/c06119f4/attachment-0001.html>
More information about the openssl-users
mailing list