Collegues, thanks a lot for identifying the bug !!! The fix you propose is correct.
Thanks, Yuri
Nice work all. You guys are amazing. Definitely create that patch and
attach to the initial JIRA.
geir
Jimmy, Jing Lv wrote:
Richard Liang wrote:
After two-day struggling with JarFile, ObjectInputStream and
MessageDigest, in the end, I have identified the root cause. And now I
have two panda-eyes[1] ;-)
It seems a bug of
org.apache.harmony.security.provider.crypto.SHA1Impl. As I have no
idea about SHA1. Could any one have a look at this problem?
The following test case passes on RI, but fails on Harmony.
public void testUpdate() throws NoSuchAlgorithmException {
byte[] bytes = { 0x6e, 0x61, 0x6d, 0x65};
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
byte[] digest1 = sha1.digest();
byte b = 0x04;
sha1.update(b);
for (int i = 0; i < bytes.length; i++) {
sha1.update(bytes[i]);
}
byte[] digest2 = sha1.digest();
sha1.reset();
byte[] digest3 = sha1.digest();
assertTrue(MessageDigest.isEqual(digest1, digest3));
sha1.update(b);
sha1.update(bytes, 0, bytes.length);
byte[] digest4 = sha1.digest();
assertTrue(MessageDigest.isEqual(digest2, digest4));
}
[1]http://www.panda.org.cn/zhuye/bbe.jpg
Poor Richard! Looking for a needle in a bottle of hay, right? ;)
A closer study on SHA1Impl, I find these lines(line 194) may be wrong:
for ( ; ( i <= toByte ) && ( byteIndex < 4 ) ; i++ ) { // *NOTE* it use
// "<=" here
intArray[wordIndex] |=
( byteInput[i] & 0xFF ) << ((3 - byteIndex)<<3) ;
byteIndex++;
}
if ( byteIndex == 4 ) {
wordIndex++;
if ( wordIndex == 16 ) {
computeHash(intArray);
wordIndex = 0;
}
}
if ( i >= toByte ) { // *NOTE* it use ">=" here
return ;
}
Though I don't know SHA1 well, I guess it must be ">" in the line of
second *NOTE*.
This bug happens when byteIndex==1, and fromByte==0, toByte==3(that is,
input byte number is 4). The first circle inputs 3 bytes into array,
leaving the last byte for next step. But at that time i==toByte, so the
last byte is omitted, which is properly an mistake.
Change it to "if (i > toByte)" will solve the problem, I've run all
tests, including Richard's test, and they all passes. It'll be better
someone knows SHA1 check it.
If no objection, we can create a patch.
Best regards,
Richard
On 9/11/06, Richard Liang <[EMAIL PROTECTED]> wrote:
On 9/9/06, Geir Magnusson Jr. <[EMAIL PROTECTED]> wrote:
> I was trying the latest snapshot with the JBoss installer (4.0.1) and
> found a problem processing the SHA signatures int the jar manifest.
>
> I've entered a JIRA - HARMONY-1412
>
I will have a look at it. ;-)
> geir
>
> ---------------------------------------------------------------------
> Terms of use :
*http://incubator.apache.org/harmony/mailing.html*<http://incubator.apache.org/harmony/mailing.html>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
>
>
--
Richard Liang
China Software Development Lab, IBM
---------------------------------------------------------------------
Terms of use :
*http://incubator.apache.org/harmony/mailing.html*<http://incubator.apache.org/harmony/mailing.html>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
