[Pycrypto-checkins] [ pycrypto-Bugs-1740198 ] SHA256 computation error

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Bugs item #1740198, was opened at 2007-06-20 10:43
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=120937&aid=1740198&group_id=20937

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Laurent_Bondavalli (lbondavalli)
Assigned to: Nobody/Anonymous (nobody)
Summary: SHA256 computation error

Initial Comment:
SHA256 computation is false each time the message length is equal to 55 mod 64 (in bytes) because of a boundary error on padding.

Patch has been written and tested on NIST vectors.




For example, here is a NIST test vector for Sha256 (length is given in bits)

Len = 440
Msg = 9eabfcd3603337df3dcd119d6287a9bc8bb94d650ef29bcf1b32e60d425adc2a35e06577d0c7ce2456cf260efee9e8d8aeeddb3d068f37
MD = 83eeed2dfeb8d2604ab5ec1ac9b5dcab8cc2222518468bc5c24c16ce72e70687


pycrytpo 2.0.1
>>> from Crypto.Hash import SHA256
>>> a = 

SHA256.new('\x9e\xab\xfc\xd3`37\xdf=\xcd\x11\x9db\x87\xa9\xbc\x8b\xb9Me\x0e\xf2\x9b\xcf\x1b2\xe6\rBZ\xdc*5\xe0ew\xd0\xc7\xce$V\xcf&\x0e\xfe\xe9\xe8\xd8\xae\

xed\xdb=\x06\x8f7')
>>> a.hexdigest()
'9a433bd916f41c09d90a4922ef648bbd34aa7d80258b7520ca663779beeb4b3a'




HERE IS THE PATCH

--- SHA256.c    2005-06-14 00:14:57.000000000 +0000
+++ SHA256.c    2007-06-20 08:00:53.000000000 +0000
@@ -140,7 +140,7 @@
                                * then compress.  Then we can fall back to padding zeros and length
                                * encoding like normal.
                              */
-    if (md->curlen >= 56) {
+    if (md->curlen > 56) {
         for (; md->curlen < 64;)
             md->buf[md->curlen++] = 0;
         sha_compress(md);




pycrypto 2.0.1 + patch
>>> from Crypto.Hash import SHA256
>>> a = 

SHA256.new('\x9e\xab\xfc\xd3`37\xdf=\xcd\x11\x9db\x87\xa9\xbc\x8b\xb9Me\x0e\xf2\x9b\xcf\x1b2\xe6\rBZ\xdc*5\xe0ew\xd0\xc7\xce$V\xcf&\x0e\xfe\xe9\xe8\xd8\xae\

xed\xdb=\x06\x8f7')
>>> a.hexdigest()
'83eeed2dfeb8d2604ab5ec1ac9b5dcab8cc2222518468bc5c24c16ce72e70687'


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=120937&aid=1740198&group_id=20937


