Re: [GNU Crypto] What to do with bugs?

gnu-crypto-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU Crypto] What to do with bugs?

From:	Casey Marshall
Subject:	Re: [GNU Crypto] What to do with bugs?
Date:	Sat, 20 Sep 2003 21:47:01 -0700
User-agent:	Mutt/1.4i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Sep 20, 2003 at 10:01:46PM +0200, Mikael Hakman wrote:

> 1. gnu.crypto.jce.cipher.CipherAdapter
> 
> engineUpdate(byte[] in, int inOff, int inLen, byte[] out, int outOff)
> 
> It does not update partBlock/partLen correctly when inLen<blockSize.
> In particular when inLen=1 as is the case when using JCE CipherStreams
> only the very last block is processed. There are bugs in several places
> in this function.
> 

I think you are right about this. It looks like inOff was misplaced.

I also wouldn't discount problems with the JCE; BouncyCastle's
implementation of these classes (which we are using) is riddled with
bugs.

> 2. gnu.crypto.jce.cipher.CipherAdapter
> 
> engineDoFinal(byte[] input, int off, int len)
> 
> Errors when decrypting when len<(len of actual padding) - some or all pad
> bytes has already been processed in such case, in particular when parameter
> len=0. This happens when application calls e.g. doFinal() after is has 
> processed the whole input.
> 

This isn't a bug. If you update the entire input with one of the
update() methods, the decrypted padding will be returned by that method.
If you then call doFinal the padding is already gone.

You shouldn't use the no-argument doFinal() if you are decrypting with a
padded block cipher.

Sun's Cipher API is retarded. Use something else if you can.

> 5. What are gpg commands to get the envelope you are providing? Is there
> any plugin for OE that can automatically pack-in/pack-out emails?
> 

If you mean how to verify PGP-signed data, something like

        gpg --verify <signed-message>

Should work.

The GnuPG home page lists this

        <http://www3.gdata.de/gpg/index.html>

but I know very little about Windoze or German, so YMMV.

- -- 
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/bS0igAuWMgRGsWsRAiYGAJ4x4hrtvi/CjZmtHHiGDXnkofcPUQCghR0t
97/a6YSvf/wi0BNAmKC+1mc=
=FK/H
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[GNU Crypto] What to do with bugs?, Mikael Hakman, 2003/09/20
- Re: [GNU Crypto] What to do with bugs?, Raif S. Naffah, 2003/09/20
  - Re: [GNU Crypto] What to do with bugs?, Mikael Hakman, 2003/09/20
    - Re: [GNU Crypto] What to do with bugs?, Raif S. Naffah, 2003/09/20
    - Re: [GNU Crypto] What to do with bugs?, Mikael Hakman, 2003/09/21
    - Re: [GNU Crypto] What to do with bugs?, Raif S. Naffah, 2003/09/21
    - Re: [GNU Crypto] What to do with bugs?, Mikael Hakman, 2003/09/22
    - Re: [GNU Crypto] What to do with bugs?, Raif S. Naffah, 2003/09/27
    - Re: [GNU Crypto] What to do with bugs?, Raif S. Naffah, 2003/09/27
    - Re: [GNU Crypto] What to do with bugs?, Casey Marshall <=
    - Re: [GNU Crypto] What to do with bugs?, Mikael Hakman, 2003/09/21
    - Re: [GNU Crypto] What to do with bugs?, Casey Marshall, 2003/09/21

Prev by Date: Re: [GNU Crypto] What to do with bugs?
Next by Date: Re: [GNU Crypto] What to do with bugs?
Previous by thread: Re: [GNU Crypto] What to do with bugs?
Next by thread: Re: [GNU Crypto] What to do with bugs?
Index(es):
- Date
- Thread