Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[Blumenthal, Uri - 0553 - MITLL]

I had the same (good) results on El Capitan 10.11.4 (and before than on
10.11.3), Xcode-7.3, and Openssl-1.0.2g (and Openssl-1.0.2h-dev).

With some modifications (changing the calls to the 1.1 standard so it can
compile :) it also produced the expected (correct) results with
OpenSSL-1.1.0-pre5.

Again, Mac OS X 10.10.5 and 10.11.4, Xcode-7.2.1 and Xcode-7.3, OpenSSL
branches 1.0.2g, 1.0.2h-dev, 1.1.0-pre…

$ cat openssl-hmac-tst.c

#include 
#include 

void test_hmac() {

#if OPENSSL_VERSION_NUMBER >= 0x1011L
   HMAC_CTX *ctx;
#else
   HMAC_CTX ctx;
#endif /* OPENSSL-1.1 */

  
   uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46,
0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3,
0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15};

#if OPENSSL_VERSION_NUMBER >= 0x1011L
   ctx = HMAC_CTX_new();
#else
   HMAC_CTX_init();
#endif /* OPENSSL-1.1 */

#if OPENSSL_VERSION_NUMBER >= 0x1011L
   int thor = HMAC_Init_ex(ctx, , 32, EVP_sha256(), NULL);
#else
   int thor = HMAC_Init_ex(, , 32, EVP_sha256(), NULL);
#endif /* OPENSSL-1.1 */
  
   printf("hmac init = %d\n", thor);

#if OPENSSL_VERSION_NUMBER >= 0x1011L
   HMAC_CTX_free(ctx);
#else
   HMAC_CTX_cleanup();
#endif /* OPENSSL-1.1 */
  
}

int main(int argc, char **argv) {
   test_hmac();
}

$ clang -o openssl-hmac-tst-1.1 -I/Users/ur20980/src/openssl-1.1/include
openssl-hmac-tst.c -L /Users/ur20980/src/openssl-1.1/lib -lcrypto
$ clang -o openssl-hmac-tst -I /opt/local/include openssl-hmac-tst.c -L
/opt/local/lib -lcrypto
$ ./openssl-hmac-tst
hmac init = 1
$ ./openssl-hmac-tst-1.1
hmac init = 1
$ otool -L openssl-hmac-tst
openssl-hmac-tst:
/opt/local/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0,
current version 1.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version
1213.0.0)
$ otool -L openssl-hmac-tst-1.1
openssl-hmac-tst-1.1:
/Users/ur20980/src/openssl-1.1/lib/libcrypto.1.1.dylib (compatibility
version 1.1.0, current version 1.1.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version
1213.0.0)
$ 


-- 
Regards,
Uri Blumenthal


From:  Uri Blumenthal <u...@ll.mit.edu>
Date:  Thursday, March 24, 2016 at 15:10
To:  viisakas <mikkrat...@gmail.com>
Subject:  Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug


>Sorry for my laziness/busy-ness – but I don’t experience the problem you
>described (on Yosemite). I will test on El Capitan (Mac OS X 10.11.4,
>Xcode-7.3) later today.
>
>Mac OS X 10.10.5, Xcode-7.2.1:
>
>$ cat openssl-hmac-tst.c
>#include 
>#include 
>
>void test_hmac() {
>HMAC_CTX ctx;
>uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46,
>0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3,
>0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15};
>
>HMAC_CTX_init();
>
>int thor = HMAC_Init_ex(, , 32, EVP_sha256(), NULL);
>
>printf("hmac init = %d\n", thor);
>
>HMAC_CTX_cleanup();
>}
>
>int main(int argc, char **argv) {
>  test_hmac();
>}
>$ clang -I/opt/local/include -o openssl-hmac-tst openssl-hmac-tst.c
>-L/opt/local/lib -lcrypto
>$ ./openssl-hmac-tst
>hmac init = 1
>$ ./openssl-hmac-tst
>hmac init = 1
>$ ./openssl-hmac-tst
>hmac init = 1
>$ ./openssl-hmac-tst
>hmac init = 1
>$ openssl version
>OpenSSL 1.0.2h-dev  xx XXX 
>$
>
>-- 
>Regards,
>Uri Blumenthal
>
>From:  viisakas <mikkrat...@gmail.com>
>Date:  Tuesday, February 23, 2016 at 3:48
>To:  Uri Blumenthal <u...@ll.mit.edu>
>Subject:  Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug
>
>>Hey,
>>
>>sorry for the laziness.
>>This is with 1.0.2f, on OS X 10.11.3.
>>
>>void test_hmac() {
>>HMAC_CTX ctx;
>>uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46,
>>0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3,
>>0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15};
>>
>>HMAC_CTX_init();
>>
>>int thor = HMAC_Init_ex(, , 32, EVP_sha256(), NULL);
>>
>>printf("hmac init = %d\n", thor);
>>
>>HMAC_CTX_cleanup();
>>}
>>
>>Best of wishes,
>>Mikk Rätsep
>>
>>>On 22 veebr 2016, at 18:42, Blumenthal, Uri - 0553 - MITLL
>>><u...@ll.mit.edu> wrote:
>>> 
>>> If somebody (Mikk, Felipe, you hear? :) cares to send me a *simple*
>>>*short*
>>> code that exposes this problem, I’ll be willing to test it on Linux and
>>> Mac OS X, with OpenSSL-1.0.2f, OpenSSL-1.0.2-stable, and
>>>1.1-pre.
>>> -- 
>>> Regards,
>>> Uri Blumenthal


smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[Blumenthal, Uri - 0553 - MITLL]

If somebody (Mik, Felipe, you hear? :) cares to send me a *simple* *short*
code that exposes this problem, I’ll be willing to test it on Linux and
Mac OS X, with OpenSSL-1.0.2f, OpenSSL-1.0.2-stable, and 1.1-pre.
-- 
Regards,
Uri Blumenthal





On 2/20/16, 9:10 , "openssl-dev on behalf of Salz, Rich via RT"
 wrote:

>Still waiting to see from anyone else if it's a non-mac issue.
>
>
>-- 
>Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4290
>Please log in as guest with password guest if prompted
>
>-- 
>openssl-dev mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[Salz, Rich via RT]

Still waiting to see from anyone else if it's a non-mac issue.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4290
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[Felipe Sere via RT]

Was there any movement on this issue?

-- 
Felipe Sere
Sent with Airmail
-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4290
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[Felipe Sere via RT]

Hi,

I am having the exact same problem, just that I use openssl through Rust.
This is the error I am seeing:

cargo run
     Running `target/debug/lantern`
thread '' panicked at 'assertion failed: `(left == right)` (left: 
`-1165085120`, right: `1`)', 
/Users/felipe/.multirust/toolchains/stable/cargo/registry/src/github.com-88ac128001ac3a9a/openssl-0.7.6/src/crypto/hmac.rs:100

Which points to the HMAC_Init_ex function.

I am using OpenSSL 1.0.2f  28 Jan 2016 on OSX 10.11.2

-- 
Felipe Sere
Sent with Airmail
-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4290
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[Salz, Rich via RT]

Is anyone non a non-Mac seeing this?

I'm beginning to think compiler bug.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4290
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[Matt Caswell via RT]

On Wed Feb 03 18:32:20 2016, mikkrat...@gmail.com wrote:
> I built it using cocoapods, the OpenSSL headers show 1.0.2f.
> I’ll try to make some sample program tomorrow.
>
>
> > On 3 veebr 2016, at 18:27, Salz, Rich via RT  wrote:
> >
> >> I’m running OS X 10.11.3 and OpenSSL 1.0.206
> >
> > I cannot reproduce this. Did you build from source, or is that a
> > vendor-provided version? The ".206" isn't part of our release
> > naming. Did you mean 1.0.2f? Do you have a sample program to show
> > the error?
> >
> >

Please do as it looks like someone else has a similar problem. It's not quite
the same (different HMAC function) but still in HMAC and very similar symptoms:
https://github.com/openssl/openssl/issues/607

I can't reproduce it though, and the diagnosis in the above github issue
doesn't look right.

One other question: are you using FIPS mode, or standard OpenSSL?

Matt

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[HM via RT]

Hey,

i’m writing to let you know, that the HMAC_Init_ex() function returns a random 
int whenever i use it.
This is in contrast to the documentation, that says “1 for success, 0 for an 
error”.

I’m running OS X 10.11.3 and OpenSSL 1.0.206


Best of wishes,

-- 
Mikk Rätsep
Developer

m...@high-mobility.com  
+372 51 54 052

HIGH MOBILITY  berlin . tallinn . high-mobility.com 

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[Salz, Rich via RT]

> I’m running OS X 10.11.3 and OpenSSL 1.0.206

I cannot reproduce this.  Did you build from source, or is that a 
vendor-provided version?  The ".206" isn't part of our release naming.  Did you 
mean 1.0.2f?  Do you have a sample program to show the error?


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

[HM via RT]

I built it using cocoapods, the OpenSSL headers show 1.0.2f.
I’ll try to make some sample program tomorrow.


> On 3 veebr 2016, at 18:27, Salz, Rich via RT  wrote:
> 
>> I’m running OS X 10.11.3 and OpenSSL 1.0.206
> 
> I cannot reproduce this.  Did you build from source, or is that a 
> vendor-provided version?  The ".206" isn't part of our release naming.  Did 
> you mean 1.0.2f?  Do you have a sample program to show the error?
> 
> 


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev