Bug #50620 for Digest-Whirlpool: API Non-Conformance and pseudo-random behavior

Sun Oct 18 14:21:46 2009 KENTNL [...] cpan.org - Ticket created

Subject:

API Non-Conformance and pseudo-random behavior

I have experienced multiple disorders with whirlpool, some of which I've had trouble to classify and test for. I believe I have 2 that I can however test for, that are likely to share the same cause. 1. Calling ->hexdigest does not reset the state to empty. 2. Calling ->hexdigest multiple times without manually resetting the state causes different values to be emitted without adding new data. I have not been able to think of a good way to write a Test::More test that exhibits the behaviour I'm experiencing, but I have however produced a way to compare Whirlpools behaviour with MD5 as a standard. the behaviours are drastically different. http://gist.github.com/212780 This GIST contains 1. Output from my test script, showing how different the values are, esp with regard to using MD5 as the standard. 2. The test script. 3. Valgrind output 4. Selected output from valgrind. I note there are a few memory leaks that valgrind discovers in Whirlpool itself, but how significant this is I don't know. ( Its been too long since I last coded in C, and really not looking forward to going back ). NB: Only the example script has been attached to this bug report to reduce mental load for all. All the best.

Subject:

self_changing_state.pl

#!/usr/bin/perl use strict; use warnings; use Digest::Whirlpool; use Digest::MD5; use Data::Dump qw( dump ); my @digesters; for ( 1..5 ){ push @digesters, { whirlpool => Digest::Whirlpool->new(), md5 => Digest::MD5->new() }; } # seeing that its constant accross instances. for ( @digesters ) { print "Whirlpool: \n"; my $hex = $_->{whirlpool}->hexdigest(); my $hexd = $_->{whirlpool}->hexdigest(); if( $hex ne $hexd ){ print "left ne right, but no input has been added\n"; print "left: $hex\n"; print "right: $hexd\n"; } else { print "left eq right\n"; } print "MD5: \n"; $hex = $_->{md5}->hexdigest(); $hexd = $_->{md5}->hexdigest(); if( $hex ne $hexd ){ print "left ne right, but no input has been added\n"; print "left: $hex\n"; print "right: $hexd\n"; } else { print "left eq right\n"; } print "\n"; } # seeing that within a single digester, the same empty value results in a pseudorandom sequence generation. $digesters[0]->{whirlpool}->reset(); $digesters[0]->{md5}->reset(); for ( 1..10 ){ print "whirlpool $_ : " . $digesters[0]->{whirlpool}->hexdigest . "\n"; } for ( 1..10 ){ print "md5 $_ : " . $digesters[0]->{md5}->hexdigest . "\n"; } # seeing that the digester doesn't conform to the specification that the rest conform to # with regard to hexdigest resetting the state. print "\n"; $digesters[0]->{whirlpool}->reset(); for ( 1..10 ){ $digesters[0]->{whirlpool}->add('hello'); print "whirlpool $_ : " . $digesters[0]->{whirlpool}->hexdigest . "\n"; } for ( 1..10 ){ $digesters[0]->{md5}->add('hello'); print "md5 $_ : " . $digesters[0]->{md5}->hexdigest . "\n"; }

Sun Oct 18 16:39:58 2009 avar [...] cpan.org - Correspondence added

On Sun Oct 18 14:21:46 2009, KENTNL wrote: Show quoted text

> 1. Calling ->hexdigest does not reset the state to empty. > > 2. Calling ->hexdigest multiple times without manually resetting the > state causes different values to be emitted without adding new data.

Thanks for the report. These issues were both due to hexdigest() not resetting the digest when called. I've fixed this in 1.0.8 which is currently being processed by PAUSE and should be on the CPAN soon. Here's the commitdiff: http://git.nix.is/?p=avar/pm/Digest- Whirlpool;a=commitdiff;h=892660fdf470cf40942167cc35c15f21820fa06f And you can check out the new version from git://git.nix.is/avar/pm/Digest-Whirlpool An altered version of your test script is now shipped with the distribution.

Sun Oct 18 16:39:58 2009 The RT System itself - Status changed from 'new' to 'open'

Sun Oct 18 16:39:59 2009 avar [...] cpan.org - Status changed from 'open' to 'resolved'