There's a bug in OpenSSL releases 0.9.6 and 0.9.6a. It's been
fixed in the latest snapshot (openssl-0.9.6-stable-SNAP-20010521),
but there's no mention of it in the NEWS or CHANGES file. I believe
it's a serious enough bug that it should be mentioned there and a
patch made available.
The problem: On systems where type char is unsigned, message digests
are printed in raw binary by default. The "-binary" and "-hex"
options work correctly, so using "-hex" is a workaround.
I've seen this on an IBM SP2 (powerpc-ibm-aix4.3.3.0),
a Cray T3E (alphaev5-cray-unicosmk2.0.5.X), and a Cray T90
(t90-cray-unicos10.0.0.X).
For example, on the SP2:
========================================================================
% echo -n abc | /usr/local/apps/openssl-0.9.6/bin/openssl sha1 | od -x
0000000 a999 3e36 4706 816a ba3e 2571 7850 c26c
0000020 9cd0 d89d
0000024
% echo -n abc | /usr/local/apps/openssl-0.9.6/bin/openssl sha1 -hex
a9993e364706816aba3e25717850c26c9cd0d89d
========================================================================
The fix is in apps/dgst.c. Several flags that had been declared as
"char" have been changed to "int". The problem is the out_bin flag,
which is initialized to -1. If char is unsigned, out_bin is set to
255, and the test
if(out_bin == -1)
fails.
This problem does not affect systems on which char is signed by
default; I've tried SPARC/Solaris and X86/Linux,
--
Keith Thompson, San Diego Supercomputer Center [EMAIL PROTECTED]
<http://www.sdsc.edu/~kst/>
Cxiuj via bazo apartenas ni.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
