Hello
I’m trying to write an engine that implements message digest functions –
specifically: sha256, sha384 and sha512. The first two work as expected, I can
intercept calls to update() and final() but for sha512 it doesn’t work. From
the below program output you can see that my digest_meths method is invoked as
expected for sha256 and sha384 (invoked with nid 672 and 673) but nothing for
sha512 even though I supply NID_sha512 in my supported_nids array. I’ve
unsuccessfully tried to search for a solution to this – so any input would be
greatly appreciated. How can I hook sha512 from my engine?
Relevant Openssl version: OpenSSL 1.0.2o 27 Mar 2018,
Kind Regards
Christian
My digest_meths function:
static int engine_digest_meths(ENGINE *e, const EVP_MD **digest, const int
**nids, int nid)
{
// Avoid compiler warning
(void)(e);
if (!digest)
{
static int
supported_nids[] = {NID_sha256, NID_sha384, NID_sha512, 0};
*nids =
supported_nids;
return 2;
}
static EVP_MD newEVP_MDmethods;
if (nid == NID_sha256 || nid == NID_sha384 || nid
== NID_sha512)
{
debug_print("SSLEngine: engine_digest_meths called, nid: %i \n", nid);
if (nid == NID_sha256)
{
originalSHA256Methods = EVP_sha256();
memcpy(&newEVP_MDmethods, originalSHA256Methods, sizeof(EVP_MD));
newEVP_MDmethods.update = engine_sha256_update;
newEVP_MDmethods.final = engine_sha256_final;
}
else if (nid ==
NID_sha384)
{
originalSHA384Methods = EVP_sha384();
memcpy(&newEVP_MDmethods, originalSHA384Methods, sizeof(EVP_MD));
newEVP_MDmethods.update = engine_sha384_update;
newEVP_MDmethods.final = engine_sha384_final;
}
else if (nid ==
NID_sha512)
{
originalSHA512Methods = EVP_sha512();
memcpy(&newEVP_MDmethods, originalSHA512Methods, sizeof(EVP_MD));
newEVP_MDmethods.update = engine_sha512_update;
newEVP_MDmethods.final = engine_sha512_final;
}
*digest =
&newEVP_MDmethods;
}
else
{
*digest = NULL;
return 0;
}
return 1;
}
Example test run:
test@test:/tmp# ./engine-test
Testing SHA256...
SSLEngine: engine_digest_meths called, nid: 672
SSLEngine: engine_sha256_update called with 8 bytes
SSLEngine: engine_sha256_final called, ret = 1, digest =
2413fb3709b05939f04cf2e92f7d0897fc2596f9ad0b8a9ea855c7bfebaae892
Openssl output =
2413fb3709b05939f04cf2e92f7d0897fc2596f9ad0b8a9ea855c7bfebaae892
Testing SHA384...
SSLEngine: engine_digest_meths called, nid: 673
SSLEngine: engine_sha384_update called with 8 bytes
SSLEngine: engine_sha384_final called, ret = 1, digest =
26014c5c5fbfa7ea9865f08c320abab5323a1b522c178fb513cbf5cafdf124e3d6748a549f57456ef0f1d67bb8916cc2
Openssl output =
26014c5c5fbfa7ea9865f08c320abab5323a1b522c178fb513cbf5cafdf124e3d6748a549f57456ef0f1d67bb8916cc2
Testing SHA512...
Openssl output =
ce57d8bc990447c7ec35557040756db2a9ff7cdab53911f3c7995bc6bf3572cda8c94fa53789e523a680de9921c067f6717e79426df467185fc7a6dbec4b2d57
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
