Nice work all. You guys are amazing. Definitely create that patch and
attach to the initial JIRA.
geir
Jimmy, Jing Lv wrote:
Richard Liang wrote:
After two-day struggling with JarFile, ObjectInputStream and
MessageDigest, in the end, I have identified the root cause. And now I
have two panda-eyes[1] ;-)
It seems a bug of
org.apache.harmony.security.provider.crypto.SHA1Impl. As I have no
idea about SHA1. Could any one have a look at this problem?
The following test case passes on RI, but fails on Harmony.
public void testUpdate() throws NoSuchAlgorithmException {
byte[] bytes = { 0x6e, 0x61, 0x6d, 0x65};
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
byte[] digest1 = sha1.digest();
byte b = 0x04;
sha1.update(b);
for (int i = 0; i < bytes.length; i++) {
sha1.update(bytes[i]);
}
byte[] digest2 = sha1.digest();
sha1.reset();
byte[] digest3 = sha1.digest();
assertTrue(MessageDigest.isEqual(digest1, digest3));
sha1.update(b);
sha1.update(bytes, 0, bytes.length);
byte[] digest4 = sha1.digest();
assertTrue(MessageDigest.isEqual(digest2, digest4));
}
[1]http://www.panda.org.cn/zhuye/bbe.jpg
Poor Richard! Looking for a needle in a bottle of hay, right? ;)
A closer study on SHA1Impl, I find these lines(line 194) may be wrong:
for ( ; ( i <= toByte ) && ( byteIndex < 4 ) ; i++ ) { // *NOTE* it use
// "<=" here
intArray[wordIndex] |=
( byteInput[i] & 0xFF ) << ((3 - byteIndex)<<3) ;
byteIndex++;
}
if ( byteIndex == 4 ) {
wordIndex++;
if ( wordIndex == 16 ) {
computeHash(intArray);
wordIndex = 0;
}
}
if ( i >= toByte ) { // *NOTE* it use ">=" here
return ;
}
Though I don't know SHA1 well, I guess it must be ">" in the line of
second *NOTE*.
This bug happens when byteIndex==1, and fromByte==0, toByte==3(that is,
input byte number is 4). The first circle inputs 3 bytes into array,
leaving the last byte for next step. But at that time i==toByte, so the
last byte is omitted, which is properly an mistake.
Change it to "if (i > toByte)" will solve the problem, I've run all
tests, including Richard's test, and they all passes. It'll be better
someone knows SHA1 check it.
If no objection, we can create a patch.
Best regards,
Richard
On 9/11/06, Richard Liang <[EMAIL PROTECTED]> wrote:
On 9/9/06, Geir Magnusson Jr. <[EMAIL PROTECTED]> wrote:
> I was trying the latest snapshot with the JBoss installer (4.0.1) and
> found a problem processing the SHA signatures int the jar manifest.
>
> I've entered a JIRA - HARMONY-1412
>
I will have a look at it. ;-)
> geir
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Richard Liang
China Software Development Lab, IBM
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]