PHP :: Bug #25177 :: Sha1 doesnt work correct with data greater then 2kB

Bug #25177	Sha1 doesnt work correct with data greater then 2kB
Submitted:	2003-08-20 08:22 UTC	Modified:	2003-08-26 01:56 UTC
From:	a dot lunkeit at signcubes dot com	Assigned:
Status:	Not a bug	Package:	*Encryption and hash functions
PHP Version:	4.3.2	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	a dot lunkeit at signcubes dot com
New email:
PHP Version:		OS:

New Comment:

[2003-08-20 08:22 UTC] a dot lunkeit at signcubes dot com

Description:
------------
I noticed, that the sha1 function computes wrong hash values for data with a volume greater than 2kB.

My reference values are various free implementations in C++, which come to the same hash value, but the PHP implementation differs.

With data smaller than 2kB the problem does not exist.



Reproduce code:
---------------
This can be any code using the sha1 function. My code example doesn't really matter.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-08-20 08:29 UTC] derick@php.net

Can you point me to some of the reference test vectors?

[2003-08-20 09:34 UTC] a dot lunkeit at signcubes dot com

Now i found out, that the data can be smaller. I took some data greater than 512 Bytes and the bug also appears. With data smaller than 512 Bytes it will not appear. 
I will generate some vectors for you within next half hour.

[2003-08-20 10:15 UTC] a dot lunkeit at signcubes dot com

Here is the Testcontainer

VERSION:VERSION 1.0
TYPE:OL_PAYMENT
CERTIFICATE:MV8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAeBgkqhkiG9w0BCQUxERgPMjAwMzA4MjAxNTA3MDZaMCMGCSqGSIb3DQEJBDEWBBThpbsOy9VEAPvp64X3gyREhZBK7w==
PKCS7:MIIH6QYJKoZIhvcNAQcCoIIH2jCCB9YCAQExCzAJBgUrDgMCGgUAMIICSgYJKoZIhvcNAQcBoIICOwSCAjdTaG9wLUlkOjEyMzQ1Njc4DQpUcmFuc2FrdGlvbnMtSWQ6MTA2MTM5OTA0Nw0KVHJhbnNha3Rpb25zLVR5cDoxMCAoUmVzZXJ2YXRpb24pDQpCZXRyYWc6Mi41MA0KV RocnVuZzpFVVINCldhcmVua29yYjoNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NCklocmUgQXJ0aWtlbDogDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQoxIFRhc3NlbiBkZXIgU29ydGUgMQ0KDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQpHZXNhbXRiZXRyYWc6IDIuNTAgRXVybw0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KDQpLYXJ0ZW5pbmhhYmVyOiBNaWNoYWVsIEdlaHJrZQ0KS3VuZGVudW1tZXI6IDg5NDkwMTcyMzAwMDAxNDM0OTkNCktyZWRpdGthcnRlbi1OdW1tZXI6IDAxMjM0NTY3ODkNCkFibGF1ZmphaHIgZGVyIEtyZWRpdGthcnRlOiAyMDA2DQpBYmxhdWZtb25hdCBkZXIgS3JlZGl0a2FydGU6IDEyDQqgggP6MIID9jCCA1 gAwIBAgIEL64 GzANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEQMA4GA1UECxQHVGVsZVNlYzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNjpQTjAeFw0wMzA3MTcwODQ5MjRaFw0wNjA3MTcwODQ5MjRaMEwxCzAJBgNVBAYTAkRFMRcwFQYDVQQKDA5TaWduQ3ViZXMgR21iSDEYMBYGA1UEAwwPR2VocmtlLCBNaWNoYWVsMQowCAYDVQQFEwExMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKBgQCNxj6tNW3VzYCXOkgTQCuRoqPUbokOnWUCozNoFMT26lwaSbApKWL4FS4M urXRJS/woltuCXZp3lxnQVA1eR/oMglYIURoKM7Xx1YP7mRKPUvecLLWjaWNPg9rzvg9kqcwjwlKxlMx6H1regWhsooBjucqg6G6NeDi2TJfxuhRQIFAMAAAAGjggHGMIIBwjAfBgNVHSMEGDAWgBTBgtADwJaxh 3T5AeVkxyIXmcqQDCB6AYDVR0fBIHgMIHdMIHaoGqgaIY1bGRhcDovL3Brc2xkYXAudHR0Yy5kZTozODkvbz1EZXV0c2NoZSBUZWxla29tIEFHLGM9ZGWGL2h0dHA6Ly93d3cudHR0Yy5kZS90ZWxlc2VjL3NlcnZsZXQvZG93bmxvYWRfY3JsomykajBoMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzE7MAwGBwKCBgEKBxQTATEwKwYDVQQDFCRUZWxlU2VjIERpcmVjdG9yeSBTZXJ2aWNlIFNpZ0cgMTA6UE4wGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4EFgQUjk1Pj5ro/5o8aepB877Z9eEBUtowDgYDVR0PAQH/BAQDAgZAMBIGA1UdIAQLMAkwBwYFKyQIAQEwIQYDVR0RBBowGIEWbS5nZWhya2VAc2lnbmN1YmVzLmNvbTA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly93d3cudHR0Yy5kZS9vY3NwcjANBgkqhkiG9w0BAQUFAAOBgQA6M2/12adZO8U7V3KRcpKKgnIUubGt8kjbxYwLZ765LFXiazqM77ITXuwCvZNRpuAN4PiG9evIbbJ0At9yslXDFJmmcESkxblj5Ln8m4fx8EG0MC80lSITJMI8JWnC25P2lPqV2SxXZuzv43xWRyqImtGMm5V/RazuUO G2oBDATGCAXYwggFyAgEBMG8wZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDY6UE4CBC uPhswCQYFKw4DAhoFAKBfMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHgYJKoZIhvcNAQkFMREYDzIwMDMwODIwMTUwNzA2WjAjBgkqhkiG9w0BCQQxFgQU4aW7DsvVRAD76euF94MkRIWQSu8wDQYJKoZIhvcNAQEFBQAEgYB5sVMxPutMCBCx4JHcrTwrUUlSrQ3rF5kTP8m889llRgHs45jviZ/H5YE0vUIWK 3YiaRn7Bwz0VhHXV4OmpjHvZQtZYBj t GhF8kS0SDRYH50PEOyLwoWNTJWgyKa4D2sJLrdEWlB/guSYjboG9zvzReyqNgIWa4P3EM3U2uOA==
CUSTNUM:8949017230000143499
SHOP_ID:12345678
TRANS_ID:1061399047
TRANS_ART:10
AMMOUNT:2.50
CURRENCY:EUR
CREDITCARD:0123456789
EXP_MONTH:12
EXP_YEAR:2006
HASH:973a24bd0bb33edd7d4bc59a735264b0e7db1f8f

The data is taken until the Hash Field starts. The appended
to this block contains the original hash computed in C++. Please note, that the lines are separated by CRLF (0x0d, 0x0a).

[2003-08-25 12:38 UTC] iliaa@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

I think you may be doing something wrong and hence getting the wrong hashes. I've compared the hashes generated by sha1($data) and mhash(MHASH_SHA1, $data), with $data being a string from 20k - 1meg and got identical results. Here is a sample script you can try:
<?php
$data = "your data";
$sha = pack("H*", sha1($data));
$mhash = mhash(MHASH_SHA1, $data);

var_dump($sha, $mhash, ($sha === $mhash));
?>

[2003-08-26 01:56 UTC] a dot lunkeit at signcubes dot com

I have to sorry for that problem i reported. In fact, not the sha1 function was the problem but the charset transformation during the transmission. It took a little bit to notice that problem, because the transmitted data was thought to be base 64 encoded and actuallay it wasnt in a correct way.
I dont use that function any longer and wrote one on my own which seem s to work correct. Thanks for your invested time 
in that problem.

Best regards

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Feb 05 16:01:30 2025 UTC