Return-Path: Delivered-To: apmail-incubator-harmony-dev-archive@www.apache.org Received: (qmail 86400 invoked from network); 13 Sep 2006 10:32:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 13 Sep 2006 10:32:34 -0000 Received: (qmail 79284 invoked by uid 500); 13 Sep 2006 10:32:31 -0000 Delivered-To: apmail-incubator-harmony-dev-archive@incubator.apache.org Received: (qmail 79138 invoked by uid 500); 13 Sep 2006 10:32:31 -0000 Mailing-List: contact harmony-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: harmony-dev@incubator.apache.org Delivered-To: mailing list harmony-dev@incubator.apache.org Received: (qmail 79127 invoked by uid 99); 13 Sep 2006 10:32:31 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Sep 2006 03:32:31 -0700 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of yurikropachev@gmail.com designates 64.233.182.184 as permitted sender) Received: from [64.233.182.184] (HELO nf-out-0910.google.com) (64.233.182.184) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Sep 2006 03:32:21 -0700 Received: by nf-out-0910.google.com with SMTP id x4so1829166nfb for ; Wed, 13 Sep 2006 03:31:53 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=TzYxl8f/naU5VGLiFI0wbFuJudF1MbMq0GdZHIV/19D4smwmDreqdb7H/mpnJXoeYybSlXaF1L53W4gZXVrecFr+VndqsSKzwPbcB019I6LyxtjCyJfThjRKLktwu/52/CrttEx/sHkblYc+fRRSbLxBehQRoS/5eW+n3MG6tmE= Received: by 10.78.128.15 with SMTP id a15mr218165hud; Wed, 13 Sep 2006 03:31:50 -0700 (PDT) Received: by 10.78.183.6 with HTTP; Wed, 13 Sep 2006 03:31:50 -0700 (PDT) Message-ID: <8e0d2d0609130331v4c6ae44kd9f6833a82299054@mail.gmail.com> Date: Wed, 13 Sep 2006 17:31:50 +0700 From: "Yuri Kropachev" To: harmony-dev@incubator.apache.org Subject: Re: [classlib][security] problem processing SHA signatures in JBoss installer manifest MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_3734_6569222.1158143510469" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------=_Part_3734_6569222.1158143510469 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Collegues, thanks a lot for identifying the bug !!! The fix you propose is correct. Thanks, Yuri > Nice work all. You guys are amazing. Definitely create that patch and > attach to the initial JIRA. > geir > Jimmy, Jing Lv wrote: >> Richard Liang wrote: >>> After two-day struggling with JarFile, ObjectInputStream and >>> MessageDigest, in the end, I have identified the root cause. And now I >>> have two panda-eyes[1] ;-) >>> >>> It seems a bug of >>> org.apache.harmony.security.provider.crypto.SHA1Impl. As I have no >>> idea about SHA1. Could any one have a look at this problem? >>> >>> The following test case passes on RI, but fails on Harmony. >>> >>> public void testUpdate() throws NoSuchAlgorithmException { >>> byte[] bytes = { 0x6e, 0x61, 0x6d, 0x65}; >>> MessageDigest sha1 = MessageDigest.getInstance("SHA1"); >>> byte[] digest1 = sha1.digest(); >>> byte b = 0x04; >>> sha1.update(b); >>> >>> for (int i = 0; i < bytes.length; i++) { >>> sha1.update(bytes[i]); >>> } >>> byte[] digest2 = sha1.digest(); >>> >>> sha1.reset(); >>> byte[] digest3 = sha1.digest(); >>> assertTrue(MessageDigest.isEqual(digest1, digest3)); >>> >>> sha1.update(b); >>> sha1.update(bytes, 0, bytes.length); >>> byte[] digest4 = sha1.digest(); >>> >>> assertTrue(MessageDigest.isEqual(digest2, digest4)); >>> } >>> >>> [1]http://www.panda.org.cn/zhuye/bbe.jpg >>> >> >> Poor Richard! Looking for a needle in a bottle of hay, right? ;) >> >> A closer study on SHA1Impl, I find these lines(line 194) may be wrong: >> for ( ; ( i <= toByte ) && ( byteIndex < 4 ) ; i++ ) { // *NOTE* it use >> // "<=" here >> intArray[wordIndex] |= >> ( byteInput[i] & 0xFF ) << ((3 - byteIndex)<<3) ; >> byteIndex++; >> } >> if ( byteIndex == 4 ) { >> wordIndex++; >> if ( wordIndex == 16 ) { >> computeHash(intArray); >> wordIndex = 0; >> } >> } >> if ( i >= toByte ) { // *NOTE* it use ">=" here >> return ; >> } >> Though I don't know SHA1 well, I guess it must be ">" in the line of >> second *NOTE*. >> >> This bug happens when byteIndex==1, and fromByte==0, toByte==3(that is, >> input byte number is 4). The first circle inputs 3 bytes into array, >> leaving the last byte for next step. But at that time i==toByte, so the >> last byte is omitted, which is properly an mistake. >> >> Change it to "if (i > toByte)" will solve the problem, I've run all >> tests, including Richard's test, and they all passes. It'll be better >> someone knows SHA1 check it. >> >> If no objection, we can create a patch. >> >>> Best regards, >>> Richard >>> >>>> On 9/11/06, Richard Liang wrote: >>>> On 9/9/06, Geir Magnusson Jr. wrote: >>>> > I was trying the latest snapshot with the JBoss installer (4.0.1) and >>>> > found a problem processing the SHA signatures int the jar manifest. >>>> > >>>> > I've entered a JIRA - HARMONY-1412 >>>> > >>>> >>>> I will have a look at it. ;-) >>>> >>>> > geir >>>> > >>>> > --------------------------------------------------------------------- >>>> > Terms of use : *http://incubator.apache.org/harmony/mailing.html* >>>> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org >>>> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org >>>> > >>>> > >>>> >>>> >>>> -- >>>> Richard Liang >>>> China Software Development Lab, IBM >>>> >>> >>> >> >> > --------------------------------------------------------------------- > Terms of use : *http://incubator.apache.org/harmony/mailing.html* > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org > For additional commands, e-mail: harmony-dev-help@incubator.apache.org ------=_Part_3734_6569222.1158143510469--