[openssl-dev] [openssl.org #3815] Issue with X509_NAME_hash in 0.9.8zb

Tue Apr 21 07:00:30 UTC 2015

Hi,
The return value of X509_NAME_hash() has changed from 0.9.8zb onwards. 

I have written a sample program to verify the value return of X509_NAME_hash(). I linked the same program with four different version of crypto library. The output is as below:

=====================================================================
(Linux)(snapper53-64)progs{85} ./X509_NAME_hash_test.t
9C361DAC
(Linux)(snapper53-64)progs{86} ./X509_NAME_hash_test.y
9C361DAC
(Linux)(snapper53-64)progs{87} ./X509_NAME_hash_test.zb
01B7949D
(Linux)(snapper53-64)progs{88} ./X509_NAME_hash_test.zc
01B7949D
=====================================================================

The extension in the binary name is the version of the openSSL. Below is the sample program:

  1 #include <stdio.h>
  2 #include <ctype.h>
  3 #include <string.h>
  4 #include "openssl/asn1.h"
  5 #include "openssl/objects.h"
  6 #include "openssl/x509.h"
  7 #include "openssl/x509v3.h"
  8 
  9 int add_entry_to_X509_NAME( X509_NAME* name,
 10                             const char* id,
 11                             const char* value)
 12 {
 13         int ret = X509_NAME_add_entry_by_txt( name,
 14                                            id, /*(char *) id,*/
 15                                            MBSTRING_UTF8,
 16                                            (const unsigned char*)value,
 17                                            -1, /*strlen(value),*/
 18                                            -1,
 19                                            0 );
 20 
 21         if (ret != 1)
 22         {
 23             printf("Unable to add %s - %s to X509Name (ret = %d)\n", id, value, ret) ;
 24             return -1;
 25         }
 26 
 27         return 0 ;
 28 }
 29 
 30 
 31 int main ()
 32 {
 33         unsigned long file_hash ;
 34         X509_NAME *name;
 35         int i;
 36 
 37         name = X509_NAME_new();
 38         if (!name)
 39             printf("Unable to alloc mem for X509_Name") ;
 40 
 41         add_entry_to_X509_NAME(name, "commonName", "test_agent");
 42         add_entry_to_X509_NAME(name, "organizationalUnitName", "test_domain at example.com");
 43         add_entry_to_X509_NAME(name, "organizationName", "ex"); 44 
 45         file_hash = X509_NAME_hash ((X509_NAME *) name) ;
 46 
 47         printf ("%08X \n", (unsigned int) file_hash);
 48 
 49         return 0;
 50 }

Could you please confirm if this is an openssl bug?

Thanks & Regards,Palak