Digest::SHA256 produces the wrong digest
Ben Laurie
ben at algroup.co.uk
Thu Jan 5 07:52:23 PST 2006
$ apps/openssl dgst -sha256
test9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
$ perl -e "use Digest::SHA256; print
Digest::SHA256::new(256)->hexhash('test');"
d0933eee ad930c56 5827f6aa 5887f852 2140f90d cf9fa07e 40fd7abf 27992307
This is using version 0.01b of p5-Digest-SHA256.
It is not clear what the security impact of this bug is, but it is
potentially serious, depending on the nature of the bug, so I've copied
in the security team.
Can I suggest that ports implementing cryptographic functions should not
be released without at least checking some test vectors?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the freebsd-ports
mailing list