Re : [openssl.org #2329] Bug in SHA1 functions with special file ?

Wed, 01 Sep 2010 09:20:55 -0700 

Hello,
You right !
It's strange: for the first time I thought that the problem was maybe \0 (and I 
do not why I never tested this "problem" ...)

After SHA1_Final, I use BIO_* and specially this:

BIO_write(b64, message_digest, strlen((char*)message_digest));

strlen isn't a good idea  :)
better is:

BIO_write(b64, message_digest, SHA_DIGEST_LENGTH);


Thanks a lot for your helps, Timo

Have a good day

Bye



----- Message d'origine ----
> De : Timo Teräs via RT <[email protected]>
> À : [email protected]
> Cc : [email protected]
> Envoyé le : Mer 1 septembre 2010, 11h 58min 52s
> Objet : Re: [openssl.org #2329] Bug in SHA1 functions with special file ?
> 
> On 09/01/2010 11:38 AM, Benjamin GIGON via RT wrote:
> > Hello,
> > I  used SHA1 functions to create HMAC fingerprint
> > It is a very simple  prog:
> >[snip]
> >         while( !feof(fh) )  {
> >                 retval =  fread((char*)content, 1, 4096, fh);
> >                  printf("Read:%d\n", retval);
> >                  SHA1_Update(&ctx, content,  retval);
> >         }
> > 
> >          SHA1_Final(message_digest, &ctx);
> >          puts((char *)message_digest);
> 
> This is the problem. puts prints  zero terminated string of ASCII.
> SHA1_Final returns a unsigned char buffer of  non-ASCII data.
> 
> Use fwrite(message_digest, SHA_DIGEST_LENGTH, 1, stdout)  to write
> the binary data, or something like:
>   for (i = 0; i <  SHA_DIGEST_LENGTH; i++)
>     printf("%02x",  message_digest[i]);
>   printf("\n");
> 
> To print the hex dump of the  hash (which is likely what you wanted).
> 
> > I read file and I create a  message digest with SHA1_Final;
> > For 99,99% of files, I have a good  message digest
> 
> I'm pretty sure you get other weird results too. Likely  the number
> of bytes the fputs prints can vary depending if the hash a zero  byte
> in it. It can also print random characters under  certain
> non-deterministic circumstances.
> 
> > But, recently I tried to  create a message digest for a file and my 
> > software 

> > doesn't  work.
> > I've tried to understand and I've seen that SHA1_Final gives an  empty 
> > message_digest
> > 
> > File available here: http://team.lea-linux.org/prae/fichier.bin
> > MD5SUM:  9bda8cfe9fef3a6fb94cc3836e0ad993 
> 
> And the sha1sum starts with '00...'.  Your program interprets it as zero
> length strings due to bad usage of  fputs.
> 
> - Timo
> 
> 
> 





______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to