engine: test_grasshopper OMAC fails on openssl/master

Not sure if it’s similar to #151. MacOS Mojave 10.14.6, Xcode-10.3, current OpenSSL master, current GOST engine master.

I’m not getting any error messages besides this:

$ build/bin/test_grasshopper
. . . . .
# Tests for omac
OMAC test from GOST R 34.13-2015
Resize result size from 16 to 8
  MAC[16] =  336f4d296059fbe34ddeb35b37749c67
Test FAILED
. . . . .

All the other tests pass.

Update

Somehow, the mac does not get resized, as you can see if you add debugging output to test_mac() around lines 357 etc.:

    EVP_MD_CTX_free(ctx);
    printf("  MAC[%2u] = ", md_len);
    hexdump(md_value, md_len);
    printf("  exp[%2lu] = ", mac_size);
    hexdump(mac, mac_size);

and then observe

$ bin/test_grasshopper
. . . . .
# Tests for omac
OMAC test from GOST R 34.13-2015
Resize result size from 16 to 8
  MAC[16] =  336f4d296059fbe34ddeb35b37749c67
  exp[ 8] =  336f4d296059fbe3
Test FAILED
. . . . .

With OpenSSL-1.1.1c everything works fine.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 80 (80 by maintainers)

Most upvoted comments

This has me wonder what the hell the engine is doing. I’m not in a position to check that out today, though… or maybe tonight

@levitte Big thanks for your help!

. . . frankly don’t want to dive into that for the moment. I have enough on my plate as it is . . .

😃 Understood. It works now, which is what matters.

@beldmit let’s merge #169 before the code gets stale! 😉

#169 adds XOF support to the Grasshopper MDs, and cleans up test_grasshopper.c. Perhaps @mouse07410 will have fewer problems then?

Oh boy… what a pile of confusion.

  1. Do not use EVP_MD_meth_, EVP_CIPHER_meth_ or any other _meth_ function unless you’re constructing a new method structure (basically, if you do, you’re screwing up things, quite badly… think threaded applications)
  2. There is EVP_MD_size(), which always only returns the preset constant size from the method. This value is (at least in theory) not possible to modify by anyone but the method creator.
  3. There is EVP_MD_CTX_size(), which I now discover just does EVP_MD_size(EVP_MD_CTX_md(ctx)) even in OpenSSL 3.0, which was perfectly OK as long as we only dealt with constant size MDs.
  4. There is EVP_DigestFinalXOF(), which is currently the only supported way to get a digest result other than what is given by the size stored in the EVP_MD structure (it uses internal ctrl() / set_ctx_params() functionality to set the size for that specific context).