harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: [classlib][security] problem processing SHA signatures in JBoss installer manifest
Date Thu, 14 Sep 2006 12:56:37 GMT
Geir Magnusson Jr. wrote:
> Nice work all.   You guys are amazing.  Definitely create that patch and
> attach to the initial JIRA.

yep -- cool to see that get worked on by a number of people in the
community.  A tricky bug too, so good teamwork!

Regards,
Tim

> Jimmy, Jing Lv wrote:
>> Richard Liang wrote:
>>> After two-day struggling with JarFile, ObjectInputStream and
>>> MessageDigest, in the end, I have identified the root cause. And now I
>>> have two panda-eyes[1] ;-)
>>>
>>> It seems a bug of
>>> org.apache.harmony.security.provider.crypto.SHA1Impl.  As I have no
>>> idea about SHA1. Could any one have a look at this problem?
>>>
>>> The following test case passes on RI, but fails on Harmony.
>>>
>>>    public void testUpdate() throws NoSuchAlgorithmException {
>>>        byte[] bytes = { 0x6e, 0x61, 0x6d, 0x65};
>>>        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
>>>        byte[] digest1 = sha1.digest();
>>>        byte b = 0x04;
>>>        sha1.update(b);
>>>
>>>        for (int i = 0; i < bytes.length; i++) {
>>>            sha1.update(bytes[i]);
>>>        }
>>>        byte[] digest2 = sha1.digest();
>>>
>>>        sha1.reset();
>>>        byte[] digest3 = sha1.digest();
>>>        assertTrue(MessageDigest.isEqual(digest1, digest3));
>>>
>>>        sha1.update(b);
>>>        sha1.update(bytes, 0, bytes.length);
>>>        byte[] digest4 = sha1.digest();
>>>
>>>        assertTrue(MessageDigest.isEqual(digest2, digest4));
>>>    }
>>>
>>> [1]http://www.panda.org.cn/zhuye/bbe.jpg
>>>
>>
>> Poor Richard! Looking for a needle in a bottle of hay, right? ;)
>>
>> A closer study on SHA1Impl, I find these lines(line 194) may be wrong:
>> for ( ; ( i <= toByte ) && ( byteIndex < 4 ) ; i++ ) { // *NOTE* it
use
>>                                                        // "<=" here
>>      intArray[wordIndex] |=
>>     ( byteInput[i] & 0xFF ) << ((3 - byteIndex)<<3) ;
>>      byteIndex++;
>> }
>> if ( byteIndex == 4 ) {
>>      wordIndex++;
>>      if ( wordIndex == 16 ) {
>>           computeHash(intArray);
>>           wordIndex = 0;
>>      }
>> }
>> if ( i >= toByte ) {       // *NOTE* it use ">=" here
>>      return ;
>> }
>> Though I don't know SHA1 well, I guess it must be ">" in the line of
>> second *NOTE*.
>>
>> This bug happens when byteIndex==1, and fromByte==0, toByte==3(that
>> is, input byte number is 4). The first circle inputs 3 bytes into
>> array, leaving the last byte for next step. But at that time
>> i==toByte, so the last byte is omitted, which is properly an mistake.
>>
>> Change it to "if (i > toByte)" will solve the problem, I've run all
>> tests, including Richard's test, and they all passes. It'll be better
>> someone knows SHA1 check it.
>>
>> If no objection, we can create a patch.
>>
>>> Best regards,
>>> Richard
>>>
>>> On 9/11/06, Richard Liang <richard.liangyx@gmail.com> wrote:
>>>> On 9/9/06, Geir Magnusson Jr. <geir@pobox.com> wrote:
>>>> > I was trying the latest snapshot with the JBoss installer (4.0.1) and
>>>> > found a problem processing the SHA signatures int the jar manifest.
>>>> >
>>>> > I've entered a JIRA - HARMONY-1412
>>>> >
>>>>
>>>> I will have a look at it. ;-)
>>>>
>>>> > geir
>>>> >
>>>> > ---------------------------------------------------------------------
>>>> > Terms of use : http://incubator.apache.org/harmony/mailing.html
>>>> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
>>>> > For additional commands, e-mail:
>>>> harmony-dev-help@incubator.apache.org
>>>> >
>>>> >
>>>>
>>>>
>>>> -- 
>>>> Richard Liang
>>>> China Software Development Lab, IBM
>>>>
>>>
>>>
>>
>>
> 
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> 
> 

-- 

Tim Ellison (t.p.ellison@gmail.com)
IBM Java technology centre, UK.

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message