search

wokier / gwt-crypto

Automatically exported from code.google.com/p/gwt-crypto
8 stars 1 forks source link

Long string input produces "all zero" md5 digest #17

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
See http://code.google.com/p/crypto-js/source/detail?r=205 for issue & related 
fix.

What steps will reproduce the problem?
1. Create an md5 digest for a 4000 char string.
2. ???
3. Is it all zeroes?

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?

Please provide any additional information below.

In order to prevent GWT from optimizing out the shift by zero fix, I needed a 
variable for which it couldn't infer the value.

        int zeroAndNothingElse = Math.sqrt(2) < 5 ? 0 : 1;
        H1 = (H1 + a) >>> zeroAndNothingElse;
        H2 = (H2 + b) >>> zeroAndNothingElse;
        H3 = (H3 + c) >>> zeroAndNothingElse;
        H4 = (H4 + d) >>> zeroAndNothingElse;

This fixed the issue for me in 
com.googlecode.gwt.crypto.bouncycastle.digests.MD5Digest

I don't know why the zero-shift causes the desired side-effect, or what the 
other side effects may be.

Original issue reported on code.google.com by dearm...@gmail.com on 11 Apr 2012 at 1:30

GoogleCodeExporter commented 9 years ago 
fwiw, User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) 
Gecko/20100101 Firefox/11.0

Original comment by dearm...@gmail.com on 11 Apr 2012 at 1:33

GoogleCodeExporter commented 9 years ago 
I'm currently experiencing this same problem.

I"d like a little more clarification about where you applied your zero-shift 
fix.  Was this towards the bottom of the processBlock() method where it's doing:

H1 += a;
H2 += b;
H3 += c;
H4 += d;

???  Did you simply replace these 4 lines with your zero-shift changes you 
mention?

Original comment by drfoste...@gmail.com on 18 Oct 2012 at 5:42

GoogleCodeExporter commented 9 years ago 
I just copied the src into our tree, renamed it MD5DigestEx, and replaced those 
lines, yes.

I don't recall where I read about the shift by zero working, it was in some 
other JS-crypto lib.  

All of the other sqrt nonsense is there because GWT is really good at 
optimizing out shift by 0 and in turn everything that evaluates to 0.

FWIW versions, gwt 2.3.0 and gwt-crypto 2.3.0

Original comment by dearm...@gmail.com on 18 Oct 2012 at 7:09

GoogleCodeExporter commented 9 years ago 
Could you confirm the error on GWT 2.5, unfortunately GWT is producing a lot of 
weird in terms of optimizations which can be harmful for mathematical libraries 
such as this one. Please submit a patch if you've found the solution.

Original comment by rame...@gmail.com on 22 Jan 2013 at 9:00