value is always different

Daniel Kahn Gillmor dkg at
Mon Apr 26 21:05:11 CEST 2010

On 04/26/2010 11:06 AM, Ali Khalfan wrote:
>     char plain_text[256];
>     strcpy(plain_text,"It was the best of times it was the worst of times it was the happiest ");
>     err = gcry_md_open(&ctx,GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
>     gcry_md_setkey (ctx, key, 32);
>     gcry_md_write(ctx, &plain_text,sizeof plain_text);
>     unsigned char *digest = gcry_md_read (ctx, GCRY_MD_SHA256);

In addition to Nikos' observation about misuse of pointers, i note that
a big chunk of the plain_text buffer is not initialized by your code.

That is, everything after the null byte following "happiest " is in
whatever state it was in when plain_text[256] was allocated on the stack.

Since you're passing the entire plain_text buffer (all 256 bytes) to the
digest function, you're potentially digesting some arbitrary noise,
depending on how your compiler cleans/prepares (or doesn't) the stack
for use, and what was in that memory position in the first place.

You could memset() or bzero() the buffer before strcpy() to ensure that
it is a predictable value.

hope this helps,


PS this question might be better asked on a gcrypt-specific list, since
it has nothing to do with gnutls itself.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100426/9bf7290e/attachment.pgp>

More information about the Gnutls-help mailing list