Sorry, it was a false alarm. >======================================== >BUG REPORT: by [EMAIL PROTECTED] >---------------------------------------- > >I found that ssh-1 function in the openssl-0.9.6[ac] distribution may >not be correct. It may produce incorrect result for certain input >example data, which is found at the NIST web site. >(see the references below). > >The testing done by the installed test program withi OpenSSL >is insufficient.
Well, this turned out to be bogus. >======================================== >TESTING psedo code: >---------------------------------------- > >step 1. Read the compact representation of NIST input vector. >step 2. expand the input into a real binary array into > a dynamically allocated array pointed at by lp. > >step.3 > - produce sha-1 hash sum using Reid sha-1. > This is done by calling > > reid_sha_memory(lp, len / 8, reid_digest); > > (reid_sha_memory code is attached in the end.*/ > > - produce sha-1 hash sum using OpenSSL sha-1 > This is done by simpling calling > SHA1(lp, len/8 , digest); > Note that the second argument is byte length (not the > bit length). > >step.4 > compare the digest produced by the two implementations > as well as the expected value offered by NIST. > >Repeat the above steps for NIST sampel data files. >(Except for the TYPE-3 input data. I found handling type-3 >more work to do, and just decided to >report the current finding so far.) The order of testing the two implementation above was crucial. It turns out that Reid sha-1 implementation will modify the input buffer unless a compile time macro, SHA1HANDSOFF, is defined. I didn't define this while testing the routines. Today, I defined the macro since I figured that the original Reid sha-1 may cause alignment problems on certain CPU architecture unless SHA1HANDSOFF copy the data (possibly a large slowdown, though.). After I defined this macro and re-run the tests, and compared the outut to NIST expected values, all the results for 209 cases in type-1, and type-2 test examples match beautifully! So I retract the claim that there was a bug. It was a mistake in the testing procedure and the lack of the understanding of the behavior of the Reid sha-1 implemenation when SHA1HANDSOFF is not defined. On the other hand, if someone was willing to enhance the tests under crypt/sha by incorporating the NIST example vectors, let me know. I can create the input vector(s) in the form of C initializer statements during a test run so that someone interested can cut and paste and massage it into the test program under crypto/sha. Sorry for the unwanted noise. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
