[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug #835] Incorrect implementation of SHA1PRNG.java
From: |
nobody |
Subject: |
[Bug #835] Incorrect implementation of SHA1PRNG.java |
Date: |
Sun, 26 Jan 2003 23:44:23 -0500 |
=================== BUG #835: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=835&group_id=85
Changes by: Brian Jones <address@hidden>
Date: 2003-Jan-26 23:44 (US/Eastern)
What | Removed | Added
---------------------------------------------------------------------------
Status | Open | Analyzed
------------------ Additional Follow-up Comments ----------------------------
I have seen a patch for SHA1PRNG on the Kaffe mailing list that was never
thoughtfully forwarded onward to us. I'm not sure it will help other than to
maybe correct our broken implemenation of SHA1PRNG (if it is broken and I've
not confirmed). That patch is here,
http://www.kaffe.org/pipermail/kaffe/2002-June/008278.html. Could you see if
that helps? I've also tried to take a stab at creating a Mauve test case and
I'll upload that here so you can play with it. I didn't find any obvious
duplication of values however.
------------------ Additional Bug Attachment ----------------------------
File name: SHA1PRNG.java Size:1 KB
Potential Mauve test case
http://savannah.gnu.org/bugs/download.php?group_id=85&bug_id=835&bug_file_id=263
=================== BUG #835: FULL BUG SNAPSHOT ===================
Submitted by: None Project: classpath
Submitted on: 2002-Jul-09 20:23
Severity: 5 - Major Resolution: None
Assigned to: cbj Status: Analyzed
Platform Version: None
Summary: Incorrect implementation of SHA1PRNG.java
Original Submission: SHA1PRNG.java is implemented incorrectly and produces
completely wrong sequence of pseudo-random numbers.
Follow-up Comments
*******************
-------------------------------------------------------
Date: 2003-Jan-26 23:44 By: cbj
I have seen a patch for SHA1PRNG on the Kaffe mailing list that was never
thoughtfully forwarded onward to us. I'm not sure it will help other than to
maybe correct our broken implemenation of SHA1PRNG (if it is broken and I've
not confirmed). That patch is here,
http://www.kaffe.org/pipermail/kaffe/2002-June/008278.html. Could you see if
that helps? I've also tried to take a stab at creating a Mauve test case and
I'll upload that here so you can play with it. I didn't find any obvious
duplication of values however.
-------------------------------------------------------
Date: 2003-Jan-25 19:10 By: cbj
Putting this back in an "Open" state just so I don't lose track of it.
-------------------------------------------------------
Date: 2003-Jan-25 19:09 By: cbj
I have started looking at your test attachment.
-------------------------------------------------------
Date: 2002-Jul-23 11:03 By: None
It's been a couple of weeks already, so I may not remember all the details.
There are two issues. The first one is that if you try to generate <=20 random
numbers, given the same seed, classpath implementation gives completely
different sequence of numbers from that of Sun's code (maybe it generates the
same output disregarding seed value - I do not remember). The second issue is
that if you try to generate >20 random numbers, classpath starts repeating
previously generated 20 values instead of generating new ones.
I will try to find my tests and submit them later.
-------------------------------------------------------
Date: 2002-Jul-22 19:15 By: mark
Could you provide more information? What were you expecting? Do you have some
sample code or a test case?
CC list is empty
File Attachments
****************
-------------------------------------------------------
Date: 2003-Jan-26 23:44 Name: SHA1PRNG.java Size: 1KB By: cbj
Potential Mauve test case
http://savannah.gnu.org/bugs/download.php?group_id=85&bug_id=835&bug_file_id=263
-------------------------------------------------------
Date: 2002-Jul-23 12:05 Name: test.tar.gz Size: 3KB By: None
If you try to run serial.class on Sun/IBM JDK and then on any JVM that uses
classpath, the sequences of random numbers that Cipher outputs will be
completely different
http://savannah.gnu.org/bugs/download.php?group_id=85&bug_id=835&bug_file_id=56
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=835&group_id=85