Bug in SHA1
Bradford C. Smith
tobradford at yahoo.com
Wed Feb 24 14:21:43 CET 1999
To the gnupg maintainers:
I believe the code for sha1_final() in cipher/sha1.c computes the 64-bit
message length incorrectly. I have copied the relevant code below along
with my comments.
msb = 0;
t = hd->nblocks;
if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */
msb++; /* BCS: shouldn't do this */
msb += t >> 26;
/* BCS: If t = 0xFFFFFFFF this code will give msb = 0x00000040 at
* this point when the correct result would be msb = 0x0000003F */
t = lsb;
if( (lsb = t + hd->count) < t ) /* add the count */
msb++; /* BCS: this one is correct */
t = lsb;
if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */
msb++; /* BCS: shouldn't do this. Same problem as above. */
msb += t >> 29;
My apologies if this has already been reported or I've made a mistake.
Thanks,
Bradford
==
Bradford C. Smith (bradfords at acm.org)
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Gnupg-devel
mailing list