-
Bug
-
Resolution: Cannot Reproduce
-
P4
-
None
-
8, 11, 17, 24
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/provider/SecureRandom.java#L174
Accumulated carry with signed Extension byte, make the behavior and the comment nonsense.
def _update_state(self, output):
if output == b'\xff' * self.DIGEST_SIZE:
self.state = bytes([(self.state[0] + 1) & 0xff]) + self.state[1:]
return
self.state = ((int.from_bytes(self.state, 'little') + int.from_bytes(output, 'little') + 1) % (1 << 160)).to_bytes(20, 'little')
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
use SHA1PRNG from java.security.SecureRandom to gen more than 20 bytes.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
865ccac4bc1ff58e21d626c5c932a41e388855e7677315a70971aef7ac718020
ACTUAL -
865ccac4bc1ff58e21d626c5c932a41e388855e7fcf35fc18e7fde9f7188522f
---------- BEGIN SOURCE ----------
import java.security.SecureRandom;
import javax.crypto.KeyGenerator;
public class Test {
public static void main(String[] args) throws Exception {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
SecureRandom secureRandom = new SecureRandom();
secureRandom.setSeed("testkey".getBytes());
byte[] keyBytes = new byte[32];
secureRandom.nextBytes(keyBytes);
for (byte b: keyBytes) {
System.out.print(String.format("%02x", b));
}
System.out.println();
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
v = (unsigned int)state[i] + (unsigned int)output[i] + last;
FREQUENCY : always
https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/provider/SecureRandom.java#L174
Accumulated carry with signed Extension byte, make the behavior and the comment nonsense.
def _update_state(self, output):
if output == b'\xff' * self.DIGEST_SIZE:
self.state = bytes([(self.state[0] + 1) & 0xff]) + self.state[1:]
return
self.state = ((int.from_bytes(self.state, 'little') + int.from_bytes(output, 'little') + 1) % (1 << 160)).to_bytes(20, 'little')
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
use SHA1PRNG from java.security.SecureRandom to gen more than 20 bytes.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
865ccac4bc1ff58e21d626c5c932a41e388855e7677315a70971aef7ac718020
ACTUAL -
865ccac4bc1ff58e21d626c5c932a41e388855e7fcf35fc18e7fde9f7188522f
---------- BEGIN SOURCE ----------
import java.security.SecureRandom;
import javax.crypto.KeyGenerator;
public class Test {
public static void main(String[] args) throws Exception {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
SecureRandom secureRandom = new SecureRandom();
secureRandom.setSeed("testkey".getBytes());
byte[] keyBytes = new byte[32];
secureRandom.nextBytes(keyBytes);
for (byte b: keyBytes) {
System.out.print(String.format("%02x", b));
}
System.out.println();
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
v = (unsigned int)state[i] + (unsigned int)output[i] + last;
FREQUENCY : always