[Libreoffice-bugs] [Bug 114939] SHA1 code has an off by 1 bug

Wed, 10 Jan 2018 04:41:58 -0800 

https://bugs.documentfoundation.org/show_bug.cgi?id=114939

--- Comment #7 from JimF <jf...@cox.net> ---
To me, that patch looks good, and the test case is a 52 byte value, which was
one of the lengths which would trigger this bug.

NOTE, I am almost certain that the MD5 hash has the exact same bug.  Both MD5
and SHA1 use the same Merkle–Damgård construction.  This is where the data is
appended with a set bit all bits to the end of a full buffer limb are cleared,
and the count of bits is placed at the end of buffer into the last 8 bytes.  So
if the data fits into 55 or less bytes in the last buffer, that IS the last
buffer.  If the data in the last buffer is 56 or more bytes, then a new buffer
use used, the set bit is appended to the data (if it can be, or it is the first
byte of this extra buffer is the length of data was an even mod(64) length) any
unused data  bytes in the end that last data buffer are cleared then it is
hashed. Then that last hash limb all bits are cleared (unless the 0x80 was the
first byte), and the 8 byte integer of bit count of data is placed at the last
8 bytes of this limb, and it is hashed.

The buggy code simply adds this extra limb if there are more than 51 bytes of
data in the last limb to hash.  It should be more than 55 bytes (thus the off
by one).

I am sure endMD5() has the exact same bug in it.   I do not know your project,
or know that you have any test cases.  But any data where  n=length(data)%64 is
in the range of 52 to 55 bytes will also have the exact same bug in MD5 as was
corrected in the SHA1 code.

For MD5, this is the line of code that needs changed (in endMD5() method)

```diff
    i += 1;

-   if (i >= (DIGEST_LBLOCK_MD5 - 2))
+   if (i > (DIGEST_LBLOCK_MD5 - 2))
    {
        for (; i < DIGEST_LBLOCK_MD5; i++)
```

The other core hash in this source file (MD2) does not use the Merkle–Damgård
construction, so is not impacted by the code author's original bug or lack of
testing.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

Reply via email to