SHA Implementation in bind
Stefan Mangard
smang at cs.jhu.edu
Wed May 31 16:13:04 UTC 2000
Hi,
I am currently developping a client that receives signed keys from a BIND
8.2.2-P5 nameserver.
I have experienced a problem verifying the signatures created using
dnssigner. It seems that I can't reproduce the hash, that is
actually signed - I am using a DSA key to sign. So I should a signature
corresponding to the DSS standard.
I am using the latest openSSL library for hashing and verification of the
signature created by dnssigner:
I use the SHA1 hash function to hash the message I want to verify and then
use the DSA_verify function of SSH.
My problem:
I don't know, what I do wrong but it has something to do with the
implementation of SHA1 in openSSL and in libbind. Somehow I get different
results from this functions for the same input.
I wrote a little program that hashes a string and prints out the result:
int i;
unsigned char *test = xstrdup("Hello World - can you help me?");
unsigned char *hash;
hash = xmalloc (20);
SHA(test,strlen(test),hash);
for (i=0; i<20; i++) {
printf("%i:", hash[i]);
}
printf("\n");
The problem is depending on wheter I link it with libbind or with
libcrypto (openSSL) I get different results.
I compared the hash value of libbind against the result of the functions
SHA and SHA1 of libcrypto. They are always different.
It seems that the representation of the hash is different in the
implemenations - but unfortunately I found no documentation saying anyting
about a special format.
What do I do wrong?
Thanks,
Stefan Mangard
More information about the bind-users
mailing list