0

I'm trying to get MD5 hash with mbedtls by this code:

#include "mbedtls/base64.h"
#include "mbedtls/md5.h"
#include "string.h"
#include <stdio.h>

void app_main() {
  unsigned char hash_source[] = "This is a test..";
  size_t hash_source_len = sizeof(hash_source);
  unsigned char hash_destination[16];
  size_t hash_destination_len = 16;
  unsigned char base64_md5[25];

  mbedtls_md5_context md5_ctx;

  mbedtls_md5_init(&md5_ctx);
  mbedtls_md5_starts_ret(&md5_ctx);
  mbedtls_md5_update_ret(&md5_ctx, hash_source, hash_source_len);
  mbedtls_md5_finish_ret(&md5_ctx, hash_destination);
  mbedtls_md5_free(&md5_ctx);

  size_t base_md5len = 0;
  mbedtls_base64_encode(base64_md5, 25, &base_md5len, hash_destination,
                        hash_destination_len);
  printf("base md5: %s (%d)\n", base64_md5,
         base_md5len); // <- base md5: 62mujHCdeZzR5CkMIruNNQ== (24)
}

It returns 62mujHCdeZzR5CkMIruNNQ== as md5 base64 for input as This is a test.., but all other world returns A3veNGT6JuskB2Flv+cPpg== md5 hash for the same input, e.g. Node.JS:

import crypto from "crypto";

console.log(
  "md5 base64:",
  crypto.createHash("md5").update("This is a test..").digest("base64")
); // <- md5 base64: A3veNGT6JuskB2Flv+cPpg==

or OpenSSL:

echo -n "This is a test.." | openssl dgst -md5 -binary | openssl enc -base64
A3veNGT6JuskB2Flv+cPpg==

Why could it be? And how can I receive "normal" md5 hash at mbedtls? Thx!

Brainenjii
  • 1
  • 2

1 Answers1

0

The problem is not with the library, but your incorrect usage of sizeof. In C, sizeof used with char arrays needs special recommendation.

If you replace the line

size_t hash_source_len = sizeof(hash_source);

with

size_t hash_source_len = 16;

it will provide the same result (A3veNGT6JuskB2Flv+cPpg==)

sizeof(char[]) will always be equal to sizeof(char *), which, for deterministic lengths, will return the "C string" length, that is, including the terminating null byte (in this case, 17).

Victor - Reinstate Monica
  • 1,264
  • 9
  • 11