Hi,
I am trying to create a digital signature on a DCM file with MAC-SHA384. Below is the command executed:
"dcmsign.exe +s C:\bin\Release\myKey.key C:\bin\Release\myCrt.crt +m3 -t "0010,0010" C:\bin\Release\00000001.dcm C:\bin\Release\Signed.dcm"
The application crashes. However, it works fine and does not crash for other supported MAC algorithms (i.e. RIPEMD 160, SHA-1, MD 5, SHA-256 and SHA-512). Below errors are observed in event viewer when SHA-384 is used
"
Faulting application path: C:\bin\Release\dcmsign.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
"
Note: I have used "dcmtk-3.6.2". Source code is compiled in debug/release version by enabling OpenSSL (version: openssl-1.1.0g).
Below is my understanding about this issue:
In the API "DcmSignature::createSignature" located at "..\dcmtk-3.6.2\dcmsign\libsrc\dcsignat.cc", below code snippet is used to retrieve MAC size and allocate memory:
unsigned long digestLength = mac.getSize();
unsigned char *digest = new unsigned char[digestLength];
In case when SHA-384 is used, the API "SiSHA384::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha384.cc" is invoked.
This API returns "SHA_DIGEST_LENGTH" which is set to "20" at "..\openssl-1.1.0g\include\openssl\sha.h".
However the API "SiSHA256::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha256.cc" returns "SHA256_DIGEST_LENGTH" which is set to "32" at "..\openssl-1.1.0g\include\openssl\sha.h" and the API "SiSHA512::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha512.cc" return "SHA512_DIGEST_LENGTH" which is set to "64" at "..\openssl-1.1.0g\include\openssl\sha.h".
In the API "DcmSignature::createSignature" located at "..\dcmtk-3.6.2\dcmsign\libsrc\dcsignat.cc", memory allocation is done with "SHA_DIGEST_LENGTH" i.e. "20", however in the API "SHA512_Final" located at "..\openssl-1.1.0g\crypto\sha\sha512.c", memory access is done as per "SHA384_DIGEST_LENGTH" i.e. till "48" (below is the code snippet)
for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
If I am not wrong, the API "SiSHA384::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha384.cc" should return "SHA384_DIGEST_LENGTH" instead of "SHA_DIGEST_LENGTH".
I have modified the DCMTK source code i.e. "SiSHA384::getSize" API with "SHA384_DIGEST_LENGTH". I have compiled the source code and I have tried to create digital signature with MAC-SHA384 It works fine and I am able see that digital signature is created successfully and also the verification is completed successfully.
Request anyone to confirm if there is anything missing in the way I am using "dcmsign.exe". Also request to confirm if the modifications are required in DCMTK source code to use MAC-SHA384
How to use MAC SHA384 to create digital signature?
Moderator: Moderator Team
-
- DCMTK Developer
- Posts: 2503
- Joined: Tue, 2011-05-03, 14:38
- Location: Oldenburg, Germany
- Contact:
Re: How to use MAC SHA384 to create digital signature?
Good catch! I'll fix this issue in the internal development version (which will be available in a couple of days in the public git repository).If I am not wrong, the API "SiSHA384::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha384.cc" should return "SHA384_DIGEST_LENGTH" instead of "SHA_DIGEST_LENGTH".
Re: How to use MAC SHA384 to create digital signature?
Thank you!!!J. Riesmeier wrote:Good catch! I'll fix this issue in the internal development version (which will be available in a couple of days in the public git repository).
Who is online
Users browsing this forum: No registered users and 1 guest