JRuby

JOpenSSL - Truncation of OpenSSL Cipher's initialization is not mimic'ed in bouncecastle's JCE

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: JRuby 1.1
  • Fix Version/s: JRuby 1.1
  • Component/s: OpenSSL
  • Labels:
    None
  • Testcase included:
    yes
  • Number of attachments :
    1

Description

BouncyCastle's Cipher implementation strictly enforces IV specifications, while MRI does not and truncates to the proper length.

Attached failing test case which passes under MRI.
Full code sample listed here: http://www.headius.com/rubyspec/index.php/Openssl

Open Question: Should JRuby workaround this issue, should a bug be filed against Ruby, or is it between the BouncyCastle and SSLeay folks?

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Charles Oliver Nutter added a comment -

We'll leave it up to Ola. I don't see "more strictness" as something we should try to break, especially since as you say it could easily be reported as a bug against MRI or OpenSSL (not strict enough).

Show
Charles Oliver Nutter added a comment - We'll leave it up to Ola. I don't see "more strictness" as something we should try to break, especially since as you say it could easily be reported as a bug against MRI or OpenSSL (not strict enough).
Hide
Permalink
Ola Bini added a comment -

Fixed in JOpenSSL trunk by truncating IV if too long.

Show
Ola Bini added a comment - Fixed in JOpenSSL trunk by truncating IV if too long.
Hide
Permalink
Charles Oliver Nutter added a comment -

Marking bugs with invalid "fixed for release" as fixed in 1.1.

Show
Charles Oliver Nutter added a comment - Marking bugs with invalid "fixed for release" as fixed in 1.1.

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.