[openssl-dev] [openssl.org #3715] Possible bug in openssl 64 bit version
Peter Mosmans
support at go-forward.net
Tue Feb 24 03:52:41 UTC 2015
Hi,
Are you aware of the file system redirector on Windows for running 32
bit applications on a 64 bit OS ?
The issue could be that you're testing two completely different
binaries, one 32 bit and one 64 bit, hence the different result. Try to
test text-only files.
Please see
https://msdn.microsoft.com/en-us/library/windows/desktop/aa384187%28v=vs.85%29.aspx
for more information.
Cheers,
Peter Mosmans
On 24-02-2015 01:16, Tobias Firnges via RT wrote:
> Hello,
>
> I would like you to verify the following issue:
>
> You can find the version information in the attached screenshot.
>
> - OS: Windows 8.1 64 bit
> - Hardware: Hyper-V on a Dell T110 II as well as a HP ProBook 470 G2
> - I used the version of openssl from http://slproweb.com/products/Win32OpenSSL.html
> - Compiler: Visual Studio 2013 and also tested with codeblocks.org software <-- Same result
> - Detailed description of the error here:
>
> I have tested the following code with Win32 OpenSSL v1.0.1L and Win64 OpenSSL:
> ----------------------------------
> #define _CRT_SECURE_NO_WARNINGS
>
> #include <iostream>
> #include <sstream>
> #include <string>
> #include <iomanip>
> #include <stdio.h>
> #include <openssl/sha.h>
>
> using namespace std;
>
> string sha256(const string str)
> {
> unsigned char hash[SHA256_DIGEST_LENGTH];
> SHA256_CTX sha256;
> SHA256_Init(&sha256);
> SHA256_Update(&sha256, str.c_str(), str.size());
>
> SHA256_Final(hash, &sha256);
>
> stringstream ss;
> for (int i = 0; i < SHA256_DIGEST_LENGTH; i++)
> {
> ss << hex << std::setw(2) << setfill('0') << (int)hash[i];
> }
>
> return ss.str();
> }
>
> void sha256_hash_string(unsigned char hash[SHA256_DIGEST_LENGTH], char outputBuffer[65])
> {
> int i = 0;
>
> for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
> {
> sprintf(outputBuffer + (i * 2), "%02x", hash[i]);
> }
>
> outputBuffer[64] = 0;
> }
>
> int sha256_file(char* path, char output[65])
> {
> FILE *file = fopen(path, "rb");
> if (!file) return -1;
>
> unsigned char hash[SHA256_DIGEST_LENGTH];
> SHA256_CTX sha256;
> SHA256_Init(&sha256);
> const int bufSize = 32768;
> char *buffer = new char[bufSize];
> int bytesRead = 0;
> if (!buffer) return -1;
> while ((bytesRead = (int)fread(buffer, 1, bufSize, file)))
> {
> SHA256_Update(&sha256, buffer, bytesRead);
> }
> SHA256_Final(hash, &sha256);
>
> sha256_hash_string(hash, output);
> fclose(file);
> delete[] buffer;
> return 0;
> }
>
> int main()
> {
>
> // hash a string
> std::cout << "SHA-256 hash of \"Sample String\" text:" << std::endl;
> std::cout << sha256("Sample String") << std::endl << std::endl;
>
> // hash a file
> cout << "SHA-256 hash of file cmd.exe:" << std::endl;
> char calc_hash[65];
> sha256_file("C:\\Windows\\System32\\cmd.exe", calc_hash);
> cout << calc_hash << std::endl;
> cout << "SHA-256 hash of file NETSTAT.exe:" << std::endl;
> sha256_file("C:\\Windows\\System32\\NETSTAT.exe", calc_hash);
> cout << calc_hash << std::endl;
> cout << "SHA-256 hash of file eula.1028.txt:" << std::endl;
> sha256_file("C:\\eula.1028.txt", calc_hash);
> cout << calc_hash << std::endl;
>
> cin.clear();
> cin.ignore(255, '\n');
> cin.get();
>
> return 0;
> }
> ----------------------------------
> The code worked fine with Win32 OpenSSL v1.0.1L, however, when I tried the code with Win64 OpenSSL v1.0.1L, I get a wrong result.
>
> In my test I did the following:
>
> 1. On a 64 bit Windows 8.1 machine, I first tested Win32 OpenSSL v1.0.1L. The results were correct
> 2. I then changed to Win64 OpenSSL v1.0.1.L (inculuding the 64 bit Visual C++ redistributables). The result was correct for Strings and for the txt file, but for exe files the hash is not correct. (See attached screenshot)
> 3. I then compiled the same code on a 32 bit Windows 7 machine with Win32 OpenSSL v1.0.1L and copied the file to the 64 bit machine. Now the String, txt file and exe file hash show the right value.
>
> For compiling I used Visual Studio 2013 and do compare, if the compiler was the issue, I used the latest version of the codeblocks.org software to compile. I always got the same result. All hashs created with Win32 OpenSSL were correct, the hash of exe files created with Win64 OpenSSL was wrong.
>
>
> And my target is to get the correct hash of each file I check in the 32 bit, as well as in the 64 bit environment.
>
> Note: I double checked all the files I tested in online hash calculators. And there I could see, the value for the exe files created with Win64 OpenSSL v1.0.1L were wrong.
>
> Can you please confirm my result. Maybe you find an error in my code. If the error is in Win64 OpenSSL v1.0.1L, please help to release a new version of the tool with the issue fixed.
>
> Note: I first sent the issue to Shining Light Production where I got the following answer:
> -------------------------
> Even if there is a problem, there's nothing I can do. I just build the
> upstream source code into binaries using the officially published
> directions for building OpenSSL.
>
> You need to take this upstream to the openssl-users mailing list.
> However, you are the first person to have this issue (or I'd see a LOT
> more yelling about it), so I'd wager that there is something wrong with
> your code rather than with OpenSSL. Still, there are people there who
> can look at your code and evaluate it for accuracy and correctness.
> -------------------------
>
>
> Thank you for your answer in advance.
>
>
> Best regards
> Tobias
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150224/5aa05b04/attachment.html>
More information about the openssl-dev
mailing list