1 Topic by demetrispanos (edited by demetrispanos 2014-09-23 16:21:35)

  • Registered: 2014-09-22
  • Posts: 6

Topic: [SOLVED] Bug and/or Wrong docs for Hmac?

I've attached a minimal (~15 lines of code) program reproducing what seems to be either:

1) a bug in the implementation of HMAC-SHA256 (I know this seems unlikely)
or
2) a very confusing piece of example text in the manual (but I've literally copy/pasted the example code)

In a nutshell, changing the amount of space allocated for a stack-allocated output buffer (BEYOND the minimum size required for the expected output) seems to have strange effects on the results. So either something is wrong or I'm grossly misunderstanding what the manual is asking me to do.

I've pasted the correct output, erroneous output, and what I believe to be the relevant manual snippet in a  comment inside the test file.

I'm configuring with the following options:

--enable-sha512 --enable-aesgcm --enable-static --enable-dh --enable-opensslextra

I've tried playing with the options and I haven't seen any change in behavior.

I get the same behavior on 2.9 as on 3.2 but I haven't tested any other versions.

Can anyone reproduce this? Or point out what I'm misunderstanding about the example code?

Thanks,
Demetri

Post's attachments

cya_hmac_bug_testcase.c 1.64 kb, 2 downloads since 2014-09-22 

You don't have the permssions to download the attachments of this post.

Share

  • Registered: 2014-09-22
  • Posts: 6

Re: [SOLVED] Bug and/or Wrong docs for Hmac?

In the unlikely case this affects anything: I am also building with -DMAX_FP_BITS=8192 (for 4096 bit RSA). I've tried disabling that and using the default bit width with no observable difference in the HMAC behavior from the original post.

(I understand that the HMAC shouldn't involve any big-integer arithmetic; I just want to make sure all my build options are available for review).

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: [SOLVED] Bug and/or Wrong docs for Hmac?

Hi Demetri,

It looks like your test program may be compiled with mismatched configure options (compared to how wolfSSL was compiled).  Can you try adding an include for <wolfssl/options.h> before the other wolfSSL includes in your test file?  This solves your problem when tested on our side here.

Do you mind if I ask what you're working on?

Thanks,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • Registered: 2014-09-22
  • Posts: 6

Re: [SOLVED] Bug and/or Wrong docs for Hmac?

Chris, thanks for your help! That solved the problem. Should I generally include options.h in all the projects I link with wolfSSL? If so that's easy, I just didn't realize that was necessary.

As for what we're doing, I'm happy to share. We're building a distributed computing client (which will be released as GPL/AGPL) with strong identity management and network security. wolfSSL has been very pleasant to work with smile

Thanks,
Demetri

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: [SOLVED] Bug and/or Wrong docs for Hmac?

Hi Demetri,

Yes, including the options.h header should be common practice in applications using wolfSSL embedded SSL.  I'll take a look at our docs and see where we can make this more clear to end users.

Sounds like an interesting project!  When you put out a release, do you mind sending us a link?  Not only would it be interesting to look over, but we'd be willing to add your project to our Community page as well (http://wolfssl.com/yaSSL/Community.html).  If so, an email to info@wolfssl.com would be best!

Thanks,
Chris

https://www.wolfssl.com

chrisc's Website

Share