RIPEMD160 digest was broken in version 3.6.2

[andromeda911]

Hi!

RIPEMD160Digest results in last version(3.6.2) are incorrect. Version 3.6.1 is great.

Example:

  var message = 'helloworld';
  var digest = RIPEMD160Digest().process(Uint8List.fromList(message.codeUnits));
  print(hex.encode(digest));
// >>> 8a73c5438c28e79e696144fa869886f240cfaddb   - correct, version 3.6.1
// >>> 7fc98e2ab2eb16399660f9069a45b4f3fe0e9224   - wrong, version 3.6.2

I looked at the commits, and it's probably the updated dependencies that are the problem?

Thanks.

[mwcw]

Hi,

Thanks for the report..

[mwcw]

Hi,

I have been unable to reproduce this on the 3.6.2 code base.

Using (Dart SDK version: 2.18.4 (stable) (Tue Nov 1 15:15:07 2022 +0000))

 var dig = RIPEMD160Digest();
 var msg = Uint8List.fromList("helloworld".codeUnits);

  print("Message: "+hex.encode(msg));

  var digest = dig.process(msg);
  print("Digest: "+hex.encode(digest));

I get on the 3.6.2 code base:

Message: 68656c6c6f776f726c64
Digest: 8a73c5438c28e79e696144fa869886f240cfaddb

If you have a moment could you trying decoding the Message from above and passing that to the digest eg:

createUint8ListFromHexString("68656c6c6f776f726c64")

Before we go diving into the digest implementation we need to rule out that "helloworld".codeUnits is not generating a different encoding of code points because of locale or some other factor.

MW

[andromeda911]

Hi.

I downloaded the pointycastle source code from pub.dev for both versions. Instead of the message "helloworld" used an array of 10 digits. I still get different results:

  var message = [1, 1, 1, 1, 1, 1, 1, 1, 1, 1];
  var digest = RIPEMD160Digest().process(Uint8List.fromList(message));
  print(hex.encode(digest));

Outputs:

99cf493cd47cea163f2872fd7ab15b8668562b96 - v.3.6.1 e5381dc55b3ab503a5044a95108ac7b94a0e30f4 - v.3.6.2

Running on Dart SDK version: 2.18.4 (stable) (Tue Nov 1 15:15:07 2022 +0000) on "windows_x64"

So here is pubspec.lock file for 3.6.2, mb it can help:

pubspec.lock

``` # Generated by pub # See https://dart.dev/tools/pub/glossary#lockfile packages: _fe_analyzer_shared: dependency: transitive description: name: _fe_analyzer_shared url: "https://pub.dartlang.org" source: hosted version: "50.0.0" analyzer: dependency: transitive description: name: analyzer url: "https://pub.dartlang.org" source: hosted version: "5.2.0" args: dependency: transitive description: name: args url: "https://pub.dartlang.org" source: hosted version: "2.3.1" async: dependency: transitive description: name: async url: "https://pub.dartlang.org" source: hosted version: "2.10.0" benchmark_harness: dependency: "direct dev" description: name: benchmark_harness url: "https://pub.dartlang.org" source: hosted version: "2.2.0" boolean_selector: dependency: transitive description: name: boolean_selector url: "https://pub.dartlang.org" source: hosted version: "2.1.1" collection: dependency: "direct main" description: name: collection url: "https://pub.dartlang.org" source: hosted version: "1.17.0" convert: dependency: "direct main" description: name: convert url: "https://pub.dartlang.org" source: hosted version: "3.1.1" coverage: dependency: transitive description: name: coverage url: "https://pub.dartlang.org" source: hosted version: "1.6.1" crypto: dependency: transitive description: name: crypto url: "https://pub.dartlang.org" source: hosted version: "3.0.2" file: dependency: transitive description: name: file url: "https://pub.dartlang.org" source: hosted version: "6.1.4" frontend_server_client: dependency: transitive description: name: frontend_server_client url: "https://pub.dartlang.org" source: hosted version: "3.1.0" glob: dependency: transitive description: name: glob url: "https://pub.dartlang.org" source: hosted version: "2.1.1" http_multi_server: dependency: transitive description: name: http_multi_server url: "https://pub.dartlang.org" source: hosted version: "3.2.1" http_parser: dependency: transitive description: name: http_parser url: "https://pub.dartlang.org" source: hosted version: "4.0.2" io: dependency: transitive description: name: io url: "https://pub.dartlang.org" source: hosted version: "1.0.3" js: dependency: "direct main" description: name: js url: "https://pub.dartlang.org" source: hosted version: "0.6.5" logging: dependency: transitive description: name: logging url: "https://pub.dartlang.org" source: hosted version: "1.1.0" matcher: dependency: "direct dev" description: name: matcher url: "https://pub.dartlang.org" source: hosted version: "0.12.13" meta: dependency: transitive description: name: meta url: "https://pub.dartlang.org" source: hosted version: "1.8.0" mime: dependency: transitive description: name: mime url: "https://pub.dartlang.org" source: hosted version: "1.0.2" node_preamble: dependency: transitive description: name: node_preamble url: "https://pub.dartlang.org" source: hosted version: "2.0.1" package_config: dependency: transitive description: name: package_config url: "https://pub.dartlang.org" source: hosted version: "2.1.0" path: dependency: transitive description: name: path url: "https://pub.dartlang.org" source: hosted version: "1.8.2" pedantic: dependency: "direct dev" description: name: pedantic url: "https://pub.dartlang.org" source: hosted version: "1.11.1" pool: dependency: transitive description: name: pool url: "https://pub.dartlang.org" source: hosted version: "1.5.1" pub_semver: dependency: transitive description: name: pub_semver url: "https://pub.dartlang.org" source: hosted version: "2.1.3" shelf: dependency: transitive description: name: shelf url: "https://pub.dartlang.org" source: hosted version: "1.4.0" shelf_packages_handler: dependency: transitive description: name: shelf_packages_handler url: "https://pub.dartlang.org" source: hosted version: "3.0.1" shelf_static: dependency: transitive description: name: shelf_static url: "https://pub.dartlang.org" source: hosted version: "1.1.1" shelf_web_socket: dependency: transitive description: name: shelf_web_socket url: "https://pub.dartlang.org" source: hosted version: "1.0.3" source_map_stack_trace: dependency: transitive description: name: source_map_stack_trace url: "https://pub.dartlang.org" source: hosted version: "2.1.1" source_maps: dependency: transitive description: name: source_maps url: "https://pub.dartlang.org" source: hosted version: "0.10.11" source_span: dependency: transitive description: name: source_span url: "https://pub.dartlang.org" source: hosted version: "1.9.1" stack_trace: dependency: transitive description: name: stack_trace url: "https://pub.dartlang.org" source: hosted version: "1.11.0" stream_channel: dependency: transitive description: name: stream_channel url: "https://pub.dartlang.org" source: hosted version: "2.1.1" string_scanner: dependency: transitive description: name: string_scanner url: "https://pub.dartlang.org" source: hosted version: "1.2.0" term_glyph: dependency: transitive description: name: term_glyph url: "https://pub.dartlang.org" source: hosted version: "1.2.1" test: dependency: "direct dev" description: name: test url: "https://pub.dartlang.org" source: hosted version: "1.22.0" test_api: dependency: transitive description: name: test_api url: "https://pub.dartlang.org" source: hosted version: "0.4.16" test_core: dependency: transitive description: name: test_core url: "https://pub.dartlang.org" source: hosted version: "0.4.20" typed_data: dependency: transitive description: name: typed_data url: "https://pub.dartlang.org" source: hosted version: "1.3.1" vm_service: dependency: transitive description: name: vm_service url: "https://pub.dartlang.org" source: hosted version: "9.4.0" watcher: dependency: transitive description: name: watcher url: "https://pub.dartlang.org" source: hosted version: "1.0.2" web_socket_channel: dependency: transitive description: name: web_socket_channel url: "https://pub.dartlang.org" source: hosted version: "2.2.0" webkit_inspection_protocol: dependency: transitive description: name: webkit_inspection_protocol url: "https://pub.dartlang.org" source: hosted version: "1.2.0" yaml: dependency: transitive description: name: yaml url: "https://pub.dartlang.org" source: hosted version: "3.1.1" sdks: dart: ">=2.18.0 <3.0.0" ```

Thanks.

[mwcw]

Hi,

Thanks for the extra information, using the source from pub.dev I set up both source bundles and using the array based example you supplied I was unable to generate an differeing digest.

I also upgraded the dependencies for the both and was sill able to generate the same digest, namely:

99cf493cd47cea163f2872fd7ab15b8668562b96

I also tried it with BC-JAVA and OpenSSL and got the above result for all.

So at this point I am unable to reprodce the issue.

MW

[andromeda911]

Reinstall flutter helps. Thanks and sorry for wasted time. GL