Access violation when using OpenSSL's HMAC

0

I'm trying to do an HMAC-SHA512 on some data using OpenSSL. I get an "Exception thrown at 0x... (libcrypto-1_1-x64.dll) in Program.exe: 0xC0000005: Access violation writing location 0x..." error when executing the following code:

int main(int argc, char** argv)
{
  uint8_t* data[] = { 0x14, 0xf7, 0xbd, 0x95, 0x57, 0x9a, 0x7e, 0xa1, 0x5c, 0xf7, 0x27, 0x91, 0x0d, 0x61, 0x58, 0x01, 0xa3, 0x12, 0x17, 0x54, 0x0b, 0x2e, 0xb4, 0xc5, 0xb1, 0xeb, 0xab, 0xe0, 0x43, 0x9b, 0x8e, 0x1f, 0x39, 0x7d, 0x85, 0x1a, 0x3a, 0x4b, 0x9c, 0xf4, 0xbf, 0x31, 0x55, 0x72, 0x41, 0xf5, 0xdb, 0xcb, 0xb3, 0xa6, 0xb5, 0xb8, 0x82, 0xe5, 0xef, 0x18, 0x72, 0xa0, 0x59, 0x08, 0x9b, 0xfa, 0x17, 0xa3 };
  uint8_t* key = "some_rand_pw";
  uint8_t* result = malloc(64);
  memset(result, 0, 64);
  HMAC(EVP_sha512(), key, 12, data, 64, result, (unsigned int)64); //ERROR
}

I would use uint8_t* result = HMAC(EVP_sha512(), key, 12, data, 64, NULL, NULL), but it isn't thread safe, and this will be a multithreaded program. Anyone have any idea what I did wrong here?

I'm using Visual Studio 2017 with 64-bit OpenSSL pre-built for Windows.

c
openssl
hmac
asked on Stack Overflow Sep 19, 2019 by MrPuzzler

1 Answer

0

Your code is wrong. data must be an array of uint8, but you declared it as an array of pointers to uint8.

Furthermore the last parameter of HMAC must be a pointer to unsigned int but you provided an unsigned int, that's the reason for the crash.

Your compiler should have warned you. Compile with -Wall.

Corrected (untested) code:

int main(int argc, char** argv)
{
  uint8_t data[] = { 0x14, 0xf7, 0xbd, 0x95, 0x57, 0x9a, 0x7e, 0xa1, 0x5c, 0xf7, 0x27, 0x91, 0x0d, 0x61, 0x58, 0x01, 0xa3, 0x12, 0x17, 0x54, 0x0b, 0x2e, 0xb4, 0xc5, 0xb1, 0xeb, 0xab, 0xe0, 0x43, 0x9b, 0x8e, 0x1f, 0x39, 0x7d, 0x85, 0x1a, 0x3a, 0x4b, 0x9c, 0xf4, 0xbf, 0x31, 0x55, 0x72, 0x41, 0xf5, 0xdb, 0xcb, 0xb3, 0xa6, 0xb5, 0xb8, 0x82, 0xe5, 0xef, 0x18, 0x72, 0xa0, 0x59, 0x08, 0x9b, 0xfa, 0x17, 0xa3 };
  uint8_t* key = "some_rand_pw";
  uint8_t* result = malloc(64);
  unsigned int len;
  memset(result, 0, 64);
  HMAC(EVP_sha512(), key, 12, data, 64, result, &len);
}

There is still room for improvement though.

answered on Stack Overflow Sep 19, 2019 by Jabberwocky • edited Sep 19, 2019 by Jabberwocky

User contributions licensed under CC BY-SA 3.0