rsync - Nov 2004 - [Bug 2000] New: mdfour.c calculates wrong result when block is a multiple of 64 bytes long.

https://bugzilla.samba.org/show_bug.cgi?id=2000

           Summary: mdfour.c calculates wrong result when block is a
                    multiple of 64 bytes long.
           Product: rsync
           Version: 2.6.3
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P3
         Component: core
        AssignedTo: wayned@samba.org
        ReportedBy: cph@moria.org.uk
         QAContact: rsync-qa@samba.org


Purely technical, but it looks like lib/mdfour.c gets the MD4 checksum wrong
when the block is an exact multiple of 64 - it never calls mdfour_tail, so the
message length is not added to the checksummed data. Compiling mdfour.c with
TEST_MDFOUR and comparing the hashes with the output of openssl md4 on a 64 byte
file shows the bug easily.

Since rsync doesn't require the cryptographic strength of md4 anyway,
perhaps it
simply doesn't matter - but it would be good for the file to carry a comment
saying that it is not MD4, if that is the intention.

@@ -166,8 +166,6 @@
 
        m = md;
 
-       if (n == 0) mdfour_tail(in, n);
-
        while (n >= 64) {
                copy64(M, in);
                mdfour64(M);
@@ -179,7 +177,7 @@
                }
        }
 
-       if (n) mdfour_tail(in, n);
+       mdfour_tail(in, n);
 }
 
(except obviously you need to be backward compatible!)

-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.