0

I'm writing a C++ class to add a digital signature to a PDF, using OpenSSL to generate a SHA1 hash, which I then print to a file:

unsigned char hash[SHA_DIGEST_LENGTH];
SHA1((unsigned char *)temp.c_str(), temp.size(), hash);

std::ofstream fout("resources/hash.out", std::ios::binary);
fout << hash;
fout.close();

This code works as expected in Debug mode. In Release mode, fout << hash prints 30 instead of SHA_DIGEST_LENGTH = 20 bytes, the last 10 of which look like garbage (maybe buffer overflow?)

My current workaround is to print each character instead of streaming:

for (int i=0; i<SHA_DIGEST_LENGTH; ++i)
    fout.put(hash[i]);

Which works in both build modes, but I'm curious what could cause the stream operator to misread the length of the string. Does anybody have any thoughts?

For the record, I'm compiling with MSVC++ 12 (x86_amd64).

Improve this question
3
  • 4
    Does SHA1 null-terminate the buffer? Commented Aug 8, 2016 at 14:53
  • Also note temp.size() does not include the null terminator. Commented Aug 8, 2016 at 14:54
  • This is not C, so don't tag it C. Commented Aug 8, 2016 at 14:57

2 Answers 2

Reset to default
3

There is a stream-inserter for NUL-terminated strings, which is the one selected.

But you are trying to output an array of fixed length containing arbitrary bytes, which is something completely different, leading to UB.

Just use memberfunction write(buffer, size) instead, which is designed for that.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You need to take into account that OpenSSL's SHA methods don't null-terminate the output. The normal operator << requires null-termination, so you cannot use it directly.

To print this "unterminated" string with C++ streams, see e.g.

C++ non null terminated char array outputting

for printf e.g.

Using printf with a non-null terminated string

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.