Bug 112553 - [patch]: security/digest tiger bug
Summary: [patch]: security/digest tiger bug
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-09 21:30 UTC by Ighighi
Modified: 2007-05-29 16:00 UTC (History)
0 users

See Also:

Attachments
file.diff (1.54 KB, patch)
2007-05-09 21:30 UTC, Ighighi 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ighighi 2007-05-09 21:30:05 UTC 
This patch makes Tiger output the correct checksum for the null string.

Previously, hashing /dev/null or the null string (echo -n "") would output the contents of the initial Tiger context.
$ digest tiger /dev/null
TIGER (/dev/null) = 0123456789abcdeffedcba9876543210f096a5b4c3b2e187

It should be:
$ ./digest tiger /dev/null
TIGER (/dev/null) = 24f0130c63ac933216166e76b1bb925ff373de2d49584e7a

See: http://www.cs.technion.ac.il/~biham/Reports/Tiger/testresults.html

The bug is in the Tiger code (not digest) because the emulation of the MD*/SHA* interface isn't well done.  When any of the *End() or *Final() is called after finishing a hash operation on zero-byte data, it must make sure the relevant update function (in this case, TigerUpdate) was called at least once, even with len=0.  This patch just adds a 192-bit static array containing the initial Tiger state (which now uses TigerInit()) that both TigerEnd() and TigerFinal() use to compare it to tiger_context_t (which contains just a Tiger state).  A "less cleaner" way would be to add an integer flag to tiger_context_t. It also makes TigerFinal() truly emulate the MD*/SHA*Final() calls.  This (trivial) patch to tiger.c was tested on a 32-bit Pentium-4 (little endian) running FreeBSD 6.2-STABLE and a Sun SPARC (big endian) running SunOS 5.10.  IMO, it could have been spotted earlier with a better test script.  The remaining algorithms work OK with the null string.

Note: This patch was tested against the current NetBSD's CVS version of pkgsrc/digest/files/tiger.c (as of this time of writing, version 1.2) and FreeBSD's (present in ports/security/digest) and (currently installed as digest-20050323_1.

http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/pkgtools/digest/files/tiger.c

To apply this patch on a FreeBSD system copy this patch to /usr/ports/security/digest/files as patch-tiger.c.patch and reinstall

The original author (agc@netbsd.org) was notified. These comments are reproduced on the patch for your convenience.

Fix: Attached is a UUEncoded patch.

Patch attached with submission follows:
Comment 1 dfilter service freebsd_committer freebsd_triage 2007-05-29 15:54:10 UTC 
miwi        2007-05-29 14:54:04 UTC

  FreeBSD ports repository

  Added files:
    security/digest/files patch-triger.c 
  Log:
  - Add a patch for output the correct checksum for the null string.
  
  PR:             112553
  Submitted by:   Ighighi<ighighi@gmail.com>
  Obtained from:  pkgsrc
  
  Revision  Changes    Path
  1.1       +62 -0     ports/security/digest/files/patch-triger.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 2 Martin Wilke freebsd_committer freebsd_triage 2007-05-29 15:54:21 UTC 
State Changed
From-To: open->closed

Committed. Thanks!