Red Hat Bugzilla – Bug 189492
openssl release: 0.9.7a is broken
Last modified: 2007-11-30 17:07:24 EST
Description of problem:
Redhat uses old version of openssl which has a serious bug.
The bug does not show up in later releases.
Version-Release number of selected component (if applicable):
Attaching simple program that reveals the problem.
Sha1 generates bad hash when specific pointer is passed.
Steps to Reproduce:
1. Compile simple program and run it.
SHA1 generates bad hash for specified data pointer.
SHA1 should always generate the same hash.
Release 0.9.8 seems to work fine. I have emailed this problem to openssl group.
Nevertheless its probably better to switch to 0.9.8.
Created attachment 128040 [details]
Simple program that reveals the problem.
According to openssl guys this bug has been fixed in later releases of openssl:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.