config: Port openssl sha224 to use EVP functions #244
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
GreaterFire
requested changes
Feb 10, 2020
GreaterFire
reviewed
Feb 10, 2020
GreaterFire
reviewed
Feb 10, 2020
As suggested by SHA224(3ssl), use the EVP_DigestInit functions. Calling the hash functions directly is deprecated for applications. Further, actually check the return values from the OpenSSL functions and throw appropriate runtime errors.
|
LGTM. Thanks! |
wongsyrone
reviewed
Feb 10, 2020
| throw runtime_error("could not output hash"); | ||
| } | ||
|
|
||
| for (unsigned int i = 0; i < digest_len; ++i) { | ||
| sprintf(mdString + (i << 1), "%02x", (unsigned int)digest[i]); |
There was a problem hiding this comment.
Please use snprintf instead: https://stackoverflow.com/questions/3662899/understanding-the-dangers-of-sprintf
There was a problem hiding this comment.
As you can see from the diff, I didn’t change this line. But I’d be curious in seeing how you intend to exploit this with a single byte ...
|
Why not sha256? |
|
On Wed, Feb 10, 2021 at 8:39 AM GFHuang ***@***.***> wrote:
Why not sha256?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#244 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AG2Z7DQBV6QEB3P4JBPLIIDS6KZD3ANCNFSM4KSF6XAQ>
.
SHA224 is specified in the Trojan Protocol.
https://github.com/trojan-gfw/trojan/blob/master/docs/protocol.md
|
|
I means why choose sha224 to define the protocol rather than the popular sha256? I have no experience in cryptography, but I'm just curious. |
|
@GF-Huang It's shorter |
|
If it's for shorter, why not just use the 28 bytes output from SHA224, rather than convert to hex string that make it 56 bytes? |
|
@GF-Huang That was one of my design failures :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As suggested by SHA224(3ssl), use the EVP_DigestInit functions. Calling
the hash functions directly is deprecated for applications. Further,
actually check the return values from the OpenSSL functions and throw
appropriate runtime errors.