Porting References to OpenSSL MD5 Routines

4 Mar 2006 2:50 AM

Mark Olbert

I am building an app that has to replicate the MD5 hash created by a second app which uses OpenSSL.

I'm confused about how to "map" the following to the .NET MD5 routines:

MD5_Init(&c);
MD5_Update(&c, src, len);
MD5_Update(&c, extradata[checksum_num], sizeof extradata[checksum_num]);
MD5_Final(dest, &c);

I'm assuming the call to MD5_Init() maps to Initialize(). But what about the calls to MD5_Update and MD5_Final?

- Mark

4 Mar 2006 3:18 AM

Mark Olbert

I should mention that part of my quandry is that the .NET MD5 hash algorithm appears to be returning a different value (for the same
input array) than the OpenSSL MD5 algorithm...which strikes me as weird, so I figure I must be doing something wrong.

- Mark

6 Mar 2006 6:09 AM

Wei-Dong XU [MSFT]

Hi Mark,

Thanks for posting at the newsgroup!

"different value (for the same input array) than the OpenSSL MD5 algorith"
.Net implementation will has the same output if we give the same input for
the MD5 as OpenSSL. I suspect the cause why you donot obtain the same
result is the input data. The char data type in .Net has two bytes, not
the same to the char type in C/C++. This is becaues .Net runttime has the
support to Unicode naturally so that each char has two bytes.

I have the sample code below to illustrate this for you:
C++ code for using OpenSSL.
//-----------
#include <stdio.h>
#include <openssl/md5.h>

int _tmain(int argc, _TCHAR* argv[])
{
    MD5_CTX    ctx,ctx1;

    unsigned char final[MD5_DIGEST_LENGTH];
    MD5_Init(&ctx);

           //input: one hundred char array, each char has the letter 'A'
    char pw[100];
    for( int i=0; i<100; i++)
        pw[i] = 'A';

    MD5_Update(&ctx, (char *)pw, 100);
    MD5_Final(final, &ctx);

    int count = 0;
    for( int i=0; i<MD5_DIGEST_LENGTH; i++)
    {
        printf( "%x", final[i] );
        if( (++count)%2 == 0 )
            printf( " " );
    }

    return 0;
}
output:
8adc 5937 e635 f6c9 af64 6fb 2356 fae

//-----------

C# code
//-----------
using System;
using System.Security.Cryptography;

namespace ConsoleApp
{
    class Program
    {
        static void Main(string[] args)
        {

            char[] myarray = new char[100];

//the same input as above
            byte[] byteStream = new byte[100];
            for (int i = 0; i < byteStream.Length; i++)
                byteStream[i] = (byte)'A';

            MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
            byte[] result = md5.ComputeHash(byteStream);
            Console.WriteLine("---------------------");
            string output = string.Empty;
            int count = 0;
            foreach( byte b in result )
            {
                output += string.Format("{0:x}",b);
                if ((++count) % 2 == 0)
                    output += " ";
            }
            Console.WriteLine(output);
        }
    }
}
output:
8adc 5937 e635 f6c9 af64 6fb 2356 fae

//-----------

From the two, we can find the same result. So this is to say, we have the
same input and obtain the same output no matter whether we are using
OpenSSL or .Net MD5CryptoServiceProvider.

So for your .Net code, I'd suggest please ensure the input data is passed
in as byte[] data type which should have the same binary layout as in C/C++
language.

Please feel free to let me know if you have any further question on this
issue.

Have a nice day!

Best Regards,
Wei-Dong XU
Microsoft Support
---------------------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
---------------------------------------------------------------------------
It is my pleasure to be of any assistance.