• Registered: 2016-08-31
  • Posts: 1

Topic: WolfSSL sha384 vs OpenSSL sha384

I'm using a simple sha digest to get my feet wet w/ WolfSSL API.  I've created a program to exercise the OpenSSL compatibility layer.  I can create a sha384 digest w/ OpenSSL, but not w/ Wolf.  Simply changing the TARGET_DIGEST to SHA1/NID_sha1 and both libraries generate the same sha. 

Here's the setup
WolfSSL 3.9.8
OpenSSL 1.0.1f

Wolf Configure:
./configure  --enable-rsa --enable-aes  --enable-pkcs7 --enable-examples --enable-ocsp --enable-ocspstapling \
            --enable-ocspstapling2 --enable-openssh --enable-opensslextra --enable-keygen --prefix=/home/username/workspace/wolf/x86/install && make all install

#include <stdio.h>
#ifdef OPENSSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/hmac.h>
#else
#include "wolfssl/ssl.h"
#include "wolfssl/openssl/hmac.h"
#endif


/*
 g++ -fpermissive -DOPENSSL ssl_client.c -lssl -lcrypto -o ssl && ./ssl 

 g++ -fpermissive ggdb -I../x86/install/include/ -L../x86/install/lib ssl_client.c -lwolfssl -o wolfssl && LD_LIBRARY_PATH=../x86/install/lib ./wolfssl
 
*/

void hmac_test()
{
   //const EVP_MD *md = EVP_get_digestbyname("SHA256");
#ifdef OPENSSL
#define TARGET_DIGEST "SHA384"
   const EVP_MD *md = EVP_get_digestbyname(TARGET_DIGEST);
#else
#define TARGET_DIGEST NID_sha384
   const WOLFSSL_EVP_MD *md = wolfSSL_EVP_get_digestbynid(TARGET_DIGEST);
#endif
   //const char *key="this_is_the_key";
   //const char *msg="This is a test string to hash.  We make things.";
   const char *key="";
   const char *msg="";
   int keyLen = strlen(key);
   int resultLen = 0;
   unsigned char result[512+1];
   char r2[512];
   char *p2 = r2;
   int offset = 0;
   HMAC(md, key, keyLen, msg, strlen(msg), &result[0], &resultLen);
    
   for ( int z = 0; z < resultLen; z++ )
   {
    p2 += sprintf(p2, "%x", result[z]);
   }
   *p2++ = 0;
   printf("Result: %d: %s\n", resultLen, r2);

}

int main(int argc, const char **argv)
{ 
#ifdef OPENSSL
    SSL_library_init(); /* load encryption & hash algorithms for SSL */         
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    ERR_load_crypto_strings();
#else
    wolfSSL_Init();
#endif

    hmac_test();
}

Segfault from WolfSSL:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bacb41 in wolfSSL_HMAC () from ../x86/install/lib/libwolfssl.so.3
(gdb) bt
#0  0x00007ffff7bacb41 in wolfSSL_HMAC () from ../x86/install/lib/libwolfssl.so.3
#1  0x000000000040094c in hmac_test () at ssl_client.c:78
#2  0x0000000000400a04 in main (argc=1, argv=0x7fffffffdd28) at ssl_client.c:100
(gdb) quit
A debugging session is active.


It seems reasonable this should work.  I have not tried to create a sha384 using native WolfAPI, but some of our assumptions <ahem> are that a lot of the effort to port over to Wolf will be simplified w/ the OpenSSL API layer.  What am I missing?

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: WolfSSL sha384 vs OpenSSL sha384

The issue here is that wolfSSL_EVP_get_digestbynid() doesn't currently support the SHA384 nid. 

wolfSSL_EVP_get_digestbynid() currently only handles MD5 and SHA1 nid types.  This is causing the WOLFSSL_EVP_MD* to be NULL, and since it is not being checked before the HMAC() function where the seg fault happens.

wolfSSL/wolfCrypt supports SHA-384 through our native API in either:

<wolfssl/wolfcrypt/sha512.h>

int wc_InitSha384(Sha384*);
int wc_Sha384Update(Sha384*, const byte*, word32);
int wc_Sha384Final(Sha384*, byte*);

or through our hash API in:

<wolfssl/wolfcrypt/hash.h>

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share