Issue Details (XML | Word | Printable)

Key: JRUBY-1100
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Ola Bini
Reporter: Aaron Batalion
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
JRuby

JOpenSSL - Truncation of OpenSSL Cipher's initialization is not mimic'ed in bouncecastle's JCE

Created: 03/Jun/07 11:24 PM   Updated: 23/Apr/08 10:16 AM
Component/s: OpenSSL
Affects Version/s: JRuby 1.1
Fix Version/s: JRuby 1.1

Time Tracking:
Not Specified

File Attachments: 1. File test_cipher.rb (0.5 kB)

Testcase included: yes


 Description  « Hide
BouncyCastle's Cipher implementation strictly enforces IV specifications, while MRI does not and truncates to the proper length.

Attached failing test case which passes under MRI.
Full code sample listed here: http://www.headius.com/rubyspec/index.php/Openssl

Open Question: Should JRuby workaround this issue, should a bug be filed against Ruby, or is it between the BouncyCastle and SSLeay folks?

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Charles Oliver Nutter added a comment - 23/Oct/07 12:51 PM
We'll leave it up to Ola. I don't see "more strictness" as something we should try to break, especially since as you say it could easily be reported as a bug against MRI or OpenSSL (not strict enough).

[ Permalink | « Hide ]
Ola Bini added a comment - 11/Feb/08 07:23 AM
Fixed in JOpenSSL trunk by truncating IV if too long.

[ Permalink | « Hide ]
Charles Oliver Nutter added a comment - 23/Apr/08 10:12 AM
Marking bugs with invalid "fixed for release" as fixed in 1.1.


Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.3-#344) - Bug/feature request - Atlassian news - Contact Administrators