I have developed an openssl engine which replaces the AES implementation. Currently, I am trying to replace the HMAC-SHA1 implementation. I would like some advice whether my implementation is correct. Below is my sample code:
/////////////////////////////////////////////////////////// static int engine_digest_nids [] = { NID_sha1 }; static int engine_digest_nids_num = 1; #define MYENGINE_ID "myengine" #define MYENGINE_NAME "my custom engine" const EVP_MD myengine_sha1 = { NID_sha1, NID_undef, SHA_DIGEST_LENGTH, 0, myengine_digest_init, myengine_digest_update, myengine_digest_final, NULL, myengine_digest_cleanup, EVP_PKEY_NULL_method, SHA_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA_CTX), } void ENGINE_load_myengine(void) { ENGINE *eng = ENGINE_myengine(); if(!eng) return; ENGINE_add(eng); ENGINE_free(eng); ERR_clear_error(); } static int myengine_finish(ENGINE *e) { return 1; } static int myengine_init(ENGINE *e) { return 1; } static int myengine_bind_helper(ENGINE *e) { if(!ENGINE_set_id(e, MYENGINE_ID) || !ENGINE_set_name(e, MYENGINE_NAME) || !ENGINE_set_init_function(e, myengine_init) || !ENGINE_set_finish(e, myengine_finish) || !ENGINE_set_ciphers(e, myengine_ciphers) || !ENGINE_set_digests(e, myengine_engine_digests)) { return 0; } return 1; } static ENGINE *ENGINE_myengine(void) { ENGINE *eng = ENGINE_new(); if(!eng) { return NULL; } if(!myengine_bind_helper(eng)) { ENGINE_free(eng); return NULL; } return eng; } static int myengine_digest_init(EVP_MD_CTX *ctx) { memset(ctx->md_data, 0, ctx->digest->md_size); return 1; } static int myengine_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) { ctx->md_data = OPENSSL_malloc(ctx->digest->md_size); myengine_hmac_sha1(data, count, ctx->md_data); return 1; } static int myengine_digest_final(EVP_MD_CTX *ctx, unsigned char *md) { memcpy(md, ctx->md_data, ctx->digest->md_size); return 1; } static int myengine_digest_cleanup(EVP_MD_CTX *ctx) { OPENSSL_free(ctx->md_data); ctx->md_data = NULL; return 1; } static int myengine_engine_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) { if(!digest) { *nids = engine_digest_nids; return engine_digest_nids_num; } switch(nid) { case NID_sha1: *digest = &myengine_sha1; break; default: *digest = NULL; break; } return (*digest != NULL); } -- View this message in context: http://openssl.6102.n7.nabble.com/Need-guidance-to-replace-HMAC-SHA1-implementation-via-engine-tp46365.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org