commit-classpath
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug #835] Incorrect implementation of SHA1PRNG.java


From: nobody
Subject: [Bug #835] Incorrect implementation of SHA1PRNG.java
Date: Sun, 09 Feb 2003 14:54:39 -0500

=================== BUG #835: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=835&group_id=85

Changes by: Brian Jones <address@hidden>
Date: 2003-Feb-09 14:54 (US/Eastern)

            What     | Removed                   | Added
---------------------------------------------------------------------------
          Resolution | None                      | Fixed
              Status | Analyzed                  | Closed




=================== BUG #835: FULL BUG SNAPSHOT ===================


Submitted by: None                    Project: classpath                    
Submitted on: 2002-Jul-09 20:23
Severity:  5 - Major                  Resolution:  Fixed                    
Assigned to:  cbj                     Status:  Closed                       
Platform Version:  None               

Summary:  Incorrect implementation of SHA1PRNG.java

Original Submission:  SHA1PRNG.java is implemented incorrectly and produces 
completely wrong sequence of pseudo-random numbers.

Follow-up Comments
*******************

-------------------------------------------------------
Date: 2003-Feb-09 14:52             By: cbj
Raif S. Naffaf of GNU Crypto fame took a look and gave us a patch which should 
make it possible to use your encrypt/decrypt reliably with GNU Classpath, 
however it probably won't be possible to use interoperably with Sun's VM unless 
more details are determined surrounding their seeding mechanism.  He also 
corrected the Mauve test.

-------------------------------------------------------
Date: 2003-Jan-26 23:44             By: cbj
I have seen a patch for SHA1PRNG on the Kaffe mailing list that was never 
thoughtfully forwarded onward to us.  I'm not sure it will help other than to 
maybe correct our broken implemenation of SHA1PRNG (if it is broken and I've 
not confirmed).  That patch is here, 
http://www.kaffe.org/pipermail/kaffe/2002-June/008278.html.  Could you see if 
that helps?  I've also tried to take a stab at creating a Mauve test case and 
I'll upload that here so you can play with it.  I didn't find any obvious 
duplication of values however.

-------------------------------------------------------
Date: 2003-Jan-25 19:10             By: cbj
Putting this back in an "Open" state just so I don't lose track of it.

-------------------------------------------------------
Date: 2003-Jan-25 19:09             By: cbj
I have started looking at your test attachment.

-------------------------------------------------------
Date: 2002-Jul-23 11:03             By: None
It's been a couple of weeks already, so I may not remember all the details.

There are two issues.  The first one is that if you try to generate <=20 random 
numbers, given the same seed, classpath implementation gives completely 
different sequence of numbers from that of Sun's code (maybe it generates the 
same output disregarding seed value - I do not remember).  The second issue is 
that if you try to generate >20 random numbers, classpath starts repeating 
previously generated 20 values instead of generating new ones.

I will try to find my tests and submit them later.

-------------------------------------------------------
Date: 2002-Jul-22 19:15             By: mark
Could you provide more information? What were you expecting? Do you have some 
sample code or a test case?


CC list is empty


File Attachments
****************

-------------------------------------------------------
Date: 2003-Jan-26 23:44  Name: SHA1PRNG.java  Size: 1KB   By: cbj
Potential Mauve test case
http://savannah.gnu.org/bugs/download.php?group_id=85&amp;bug_id=835&amp;bug_file_id=263

-------------------------------------------------------
Date: 2002-Jul-23 12:05  Name: test.tar.gz  Size: 3KB   By: None
If you try to run serial.class on Sun/IBM JDK and then on any JVM that uses 
classpath, the sequences of random numbers that Cipher outputs will be 
completely different
http://savannah.gnu.org/bugs/download.php?group_id=85&amp;bug_id=835&amp;bug_file_id=56


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=835&group_id=85




reply via email to

[Prev in Thread] Current Thread [Next in Thread]