From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Jim Meyering <jim@meyering.net>
Newsgroups: gmane.emacs.devel
Subject: Re: md5 broken?
Date: Sat, 28 May 2011 14:23:43 +0200
Message-ID: <87zkm7t3n4.fsf@rho.meyering.net>
References: <87ipsv188f.fsf@gmail.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1306585434 8174 80.91.229.12 (28 May 2011 12:23:54 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sat, 28 May 2011 12:23:54 +0000 (UTC)
Cc: Paul Eggert <eggert@cs.ucla.edu>, emacs-devel@gnu.org
To: Antoine Levitt <antoine.levitt@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat May 28 14:23:50 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QQIYW-0002ol-MO
	for ged-emacs-devel@m.gmane.org; Sat, 28 May 2011 14:23:48 +0200
Original-Received: from localhost ([::1]:39401 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QQIYW-0003EI-6g
	for ged-emacs-devel@m.gmane.org; Sat, 28 May 2011 08:23:48 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:46635)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jim@meyering.net>) id 1QQIYU-0003EB-AF
	for emacs-devel@gnu.org; Sat, 28 May 2011 08:23:47 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jim@meyering.net>) id 1QQIYT-00008M-0L
	for emacs-devel@gnu.org; Sat, 28 May 2011 08:23:46 -0400
Original-Received: from mx.meyering.net ([82.230.74.64]:33555)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jim@meyering.net>) id 1QQIYS-00008I-PY
	for emacs-devel@gnu.org; Sat, 28 May 2011 08:23:44 -0400
Original-Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000)
	id 14CA6602F2; Sat, 28 May 2011 14:23:44 +0200 (CEST)
In-Reply-To: <87ipsv188f.fsf@gmail.com> (Antoine Levitt's message of "Sat, 28
	May 2011 11:32:00 +0200")
Original-Lines: 67
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 82.230.74.64
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:139829
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/139829>

Antoine Levitt wrote:
...
> (md5 "truc")
> => 45723a2af3788c4ff17f8d1114760e62
> (which is the same thing as md5sum)
>
>>>From an emacs just compiled,
>
> (md5 "truc")
> => 45723a2aff78ff4fff7fff1114760e62
> (it seems some digits have been randomly replaced by f, for some reason)
...

Thanks for the report.
That was due to yesterday's crypto_hash_function change.
It switched from unsigned to signed char pointers.
The patch below fixes it by introducing the tiny "to_uchar" function
from coreutils/src/system.h.  It's safer to use a tiny helper
function like that rather than a cast.

I fixed it with this:

2011-05-28  Jim Meyering  <meyering@redhat.com>

	avoid a sign-extension bug in crypto_hash_function
	* fns.c (to_uchar): Define.
	(crypto_hash_function): Use it to convert some newly-signed
	variables to unsigned, to avoid sign-extension bugs.  For example,
	without this change, (md5 "truc") would evaluate to
	45723a2aff78ff4fff7fff1114760e62 rather than the expected
	45723a2af3788c4ff17f8d1114760e62.  Reported by Antoine Levitt in
	http://thread.gmane.org/gmane.emacs.devel/139824


=== modified file 'src/fns.c'
--- src/fns.c	2011-05-27 19:37:32 +0000
+++ src/fns.c	2011-05-28 12:09:59 +0000
@@ -4520,6 +4520,11 @@
 #include "md5.h"
 #include "sha1.h"

+/* Convert a possibly-signed character to an unsigned character.  This is
+   a bit safer than casting to unsigned char, since it catches some type
+   errors that the cast doesn't.  */
+static inline unsigned char to_uchar (char ch) { return ch; }
+
 /* TYPE: 0 for md5, 1 for sha1. */

 static Lisp_Object
@@ -4717,7 +4722,7 @@
 	  {
 	    char value[33];
 	    for (i = 0; i < 16; i++)
-	      sprintf (&value[2 * i], "%02x", digest[i]);
+	      sprintf (&value[2 * i], "%02x", to_uchar (digest[i]));
 	    res = make_string (value, 32);
 	  }
 	else
@@ -4735,7 +4740,7 @@
 	  {
 	    char value[41];
 	    for (i = 0; i < 20; i++)
-	      sprintf (&value[2 * i], "%02x", digest[i]);
+	      sprintf (&value[2 * i], "%02x", to_uchar (digest[i]));
 	    res = make_string (value, 40);
 	  }
 	else