#31 SHA512 hashes sometimes wrong

v1.2.10
closed-fixed
Aleksey
8
2012-12-26
2012-08-10
Harry Johnston
No

If libeay32.dll isn't present, rhash.exe still runs but sometimes produces the wrong hashes. (I note that 1.2.9 is distributed without libeay32.dll so this may be more of a problem in this version than in previous versions.)

Here's a transcript, note that the hash for internet.cmd changes. Here I've taken rhash.exe from rhash-1.2.9-win64.zip and libeay32.dll from rhash-1.2.8-win64. I'm running Windows 7 x64 with service pack 1.

H:\documents\correspondence\bug-reports\rhash-20120810\z>dir
Volume in drive H is Data
Volume Serial Number is F0DD-A1C4

Directory of H:\documents\correspondence\bug-reports\rhash-20120810\z

10/08/2012 02:27 p.m. <DIR> .
10/08/2012 02:27 p.m. <DIR> ..
18/02/2011 11:00 p.m. 1,502,208 libeay32.dll
13/04/2012 09:34 p.m. 536,720 rhash.exe
10/08/2012 02:27 p.m. <DIR> test
2 File(s) 2,038,928 bytes
3 Dir(s) 49,393,819,648 bytes free

H:\documents\correspondence\bug-reports\rhash-20120810\z>rhash --sha512 -r test
bdd4f1b9ec38b8a658e4c3f8c5e3a73720be1d881c7f99598042c4489993f42390f679b02e318ec5ec18a16e8311d10c72184129d472398ef505b13c
550953c7 test\iewarning.ini
4e27fc6edfe0a4b16d8acea0c7a430b3823451d7cf0dabc92912077e376bb8472dd61a7d2a758d3015dc950310114772b842a199d0890fbb2f54eae3
e0f9da4d test\internet.cmd
bd0d2e556d5f8c272142b576d50d18a59abc2eb67c66487ada09c0a8fa45d2b695976dde2b408fa68fd433ca457e4a7de32177c3d7e11a8ab202559b
c71b6fcd test\Lab Home Page.url
0fadb1a82f1d22a8e3986950aeb277d98770307880413d022403f24616a78b8dca01421773d3f2fb9ec452c035d5ea70c39d8a864cb9e32d8cffc428
cd771f18 test\webmail.ini

H:\documents\correspondence\bug-reports\rhash-20120810\z>del libeay32.dll

H:\documents\correspondence\bug-reports\rhash-20120810\z>rhash --sha512 -r test
bdd4f1b9ec38b8a658e4c3f8c5e3a73720be1d881c7f99598042c4489993f42390f679b02e318ec5ec18a16e8311d10c72184129d472398ef505b13c
550953c7 test\iewarning.ini
1f3476d42c9739869724e6eff1cf9209a1a3cc33d2e0a6fa62e58a438a094a9672782030a7d8f48a3c5ad9ef3bc0579c7dc72c5d83dd8b132490318c
33979ad8 test\internet.cmd
bd0d2e556d5f8c272142b576d50d18a59abc2eb67c66487ada09c0a8fa45d2b695976dde2b408fa68fd433ca457e4a7de32177c3d7e11a8ab202559b
c71b6fcd test\Lab Home Page.url
0fadb1a82f1d22a8e3986950aeb277d98770307880413d022403f24616a78b8dca01421773d3f2fb9ec452c035d5ea70c39d8a864cb9e32d8cffc428
cd771f18 test\webmail.ini

H:\documents\correspondence\bug-reports\rhash-20120810\z>rhash --sha512 -r test\internet.cmd
4e27fc6edfe0a4b16d8acea0c7a430b3823451d7cf0dabc92912077e376bb8472dd61a7d2a758d3015dc950310114772b842a199d0890fbb2f54eae3
e0f9da4d test\internet.cmd

H:\documents\correspondence\bug-reports\rhash-20120810\z>

The problem only seems to happen when using the -r flag and only if there are multiple files in the folder. Most files appear to be unaffected. I've attached a ZIP file (1kb) containing the contents of the test directory used to generate the transcript. I can be contacted at harry@waikato.ac.nz if you have any questions.

Discussion

  • Harry Johnston
    Harry Johnston
    2012-08-10

    Contents of the test folder from the transcript

     
    Attachments
  • Harry Johnston
    Harry Johnston
    2012-08-10

    Forgot to mention: the problem does not occur if libeay32.dll can be found anywhere in the DLL search path, it does not have to be in the same folder as rhash.exe.

     
  • Aleksey
    Aleksey
    2012-08-23

    Thanks for reporting such strange bug :)

    The problem reproduces even without -r, if several files are specified on
    command line:

    D:\bug>rhash.exe --sha512 internet.cmd internet.cmd
    4e27fc6edfe0a4b16d8acea0c7a430b3823451d7cf0dabc92912077e376bb8472dd61a7d2a758d3015dc950310114772b842a199d0890fbb2f54eae3e0f9da4d internet.cmd
    c8bc15c5b5a0807c78e99490cae7adee0d91f5d59172d299ba59c112b40f0f7a5331906a85713aea46230cca385c4f472d27a8bcab0f04bf62255aeccc6aa3e9 internet.cmd

     
  • Aleksey
    Aleksey
    2012-09-02

    SHA-512 was incorrectly calculated for files with size
    112 <= (file_size % 128) < 120

    The internal buffer of SHA-512 context was not properly initialized, when processing final block of data.

     
  • Aleksey
    Aleksey
    2012-09-02

    The fix is now on GitHub and will be delivered with the nearest release.

     
  • Aleksey
    Aleksey
    2012-12-26

    • status: open-accepted --> closed-fixed
    • milestone: --> v1.2.10
     
  • Aleksey
    Aleksey
    2012-12-26

    Fixed in 1.2.10