[openssl-users] Engine NID_sha512

Christian Johansson Christian.Johansson at nixu.com
Mon Nov 19 11:40:57 UTC 2018

I’m trying to write an engine that implements message digest functions – specifically: sha256, sha384 and sha512. The first two work as expected, I can intercept calls to update() and final() but for sha512 it doesn’t work. From the below program output you can see that my digest_meths method is invoked as expected for sha256 and sha384 (invoked with nid 672 and 673) but nothing for sha512 even though I supply NID_sha512 in my supported_nids array. I’ve unsuccessfully tried to search for a solution to this – so any input would be greatly appreciated.  How can I hook sha512 from my engine?
Relevant Openssl version:  OpenSSL 1.0.2o  27 Mar 2018,
Kind Regards

My digest_meths function:

static int engine_digest_meths(ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
                             // Avoid compiler warning

                             if (!digest)
                                                          static int supported_nids[] = {NID_sha256, NID_sha384, NID_sha512, 0};
                                                          *nids = supported_nids;
                                                          return 2;

                             static EVP_MD newEVP_MDmethods;
                             if (nid == NID_sha256 || nid == NID_sha384 || nid == NID_sha512)
                                                          debug_print("SSLEngine: engine_digest_meths called, nid: %i \n", nid);

                                                          if (nid == NID_sha256)
                                                                                       originalSHA256Methods = EVP_sha256();
                                                                                       memcpy(&newEVP_MDmethods, originalSHA256Methods, sizeof(EVP_MD));
                                                                                       newEVP_MDmethods.update = engine_sha256_update;
                                                                                       newEVP_MDmethods.final = engine_sha256_final;
                                                          else if (nid == NID_sha384)
                                                                                       originalSHA384Methods = EVP_sha384();
                                                                                       memcpy(&newEVP_MDmethods, originalSHA384Methods, sizeof(EVP_MD));
                                                                                       newEVP_MDmethods.update = engine_sha384_update;
                                                                                       newEVP_MDmethods.final = engine_sha384_final;
                                                          else if (nid == NID_sha512)
                                                                                       originalSHA512Methods = EVP_sha512();
                                                                                       memcpy(&newEVP_MDmethods, originalSHA512Methods, sizeof(EVP_MD));
                                                                                       newEVP_MDmethods.update = engine_sha512_update;
                                                                                       newEVP_MDmethods.final = engine_sha512_final;
                                                          *digest = &newEVP_MDmethods;
                                                          *digest = NULL;
                                                          return 0;
                             return 1;

Example test run:

test at test:/tmp# ./engine-test
Testing SHA256...
SSLEngine: engine_digest_meths called, nid: 672
SSLEngine: engine_sha256_update called with 8 bytes
SSLEngine: engine_sha256_final called, ret = 1, digest = 2413fb3709b05939f04cf2e92f7d0897fc2596f9ad0b8a9ea855c7bfebaae892
Openssl output = 2413fb3709b05939f04cf2e92f7d0897fc2596f9ad0b8a9ea855c7bfebaae892
Testing SHA384...
SSLEngine: engine_digest_meths called, nid: 673
SSLEngine: engine_sha384_update called with 8 bytes
SSLEngine: engine_sha384_final called, ret = 1, digest = 26014c5c5fbfa7ea9865f08c320abab5323a1b522c178fb513cbf5cafdf124e3d6748a549f57456ef0f1d67bb8916cc2
Openssl output = 26014c5c5fbfa7ea9865f08c320abab5323a1b522c178fb513cbf5cafdf124e3d6748a549f57456ef0f1d67bb8916cc2
Testing SHA512...
Openssl output = ce57d8bc990447c7ec35557040756db2a9ff7cdab53911f3c7995bc6bf3572cda8c94fa53789e523a680de9921c067f6717e79426df467185fc7a6dbec4b2d57

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181119/c06119f4/attachment-0001.html>

More information about the openssl-users mailing list