[Bug] in SHA1_Transform - const uint8_t buffer's data is modified #59
Description
Hi,
When calculating SHA-1 hashes of a block of data, SHA1_Update is called with a pointer to const uint8_t data.
void SHA1_Update(SHA1_CTX* context, const uint8_t* data, const size_t len)
Unfortunately, the constness of data is casted away, and the contents of data are modified during the SHA1_Transform function.
An example, using sha1.h, and also sha1.cpp's digest_to_hex:
#include <array>
#include <string>
#include <iostream>
#include "sha1.h"
void digest_to_hex(const uint8_t digest[SHA1_DIGEST_SIZE], char *output);
std::string getHash(const std::string &buffer) {
using namespace std;
SHA1_CTX context;
array<uint8_t, 20> digest;
array<char, 80> outputHash;
SHA1_Init(&context);
SHA1_Update(&context, reinterpret_cast<const uint8_t*>(buffer.data()), buffer.size());
SHA1_Final(&context, digest.data());
digest_to_hex(digest.data(), outputHash.data());
string sHash;
sHash += outputHash.data();
return sHash;
}
int main(void) {
using namespace std;
string test_buffer(1000, 'x');
auto hash1 = getHash(test_buffer);
auto hash2 = getHash(test_buffer);
auto hash3 = getHash(test_buffer);
cout << hash1 << endl << hash2 << endl << hash3 <<endl;
}
hash1!=hash2!=hash3, and test_buffer is changed every time its SHA-1 hash is calculated.
This is fixed in other repositories, based off of the same original code (ex.: http://download.redis.io/redis-stable/src/sha1.c).