tomaswolf commented on issue #455:

   No problem at all. I immediately came to the same conclusion as you did when 
I looked at BaseCipher, which is why I had written I was "confused". I _do_ 
agree this needs to call Cipher.doFinal(), and I'm confused that it worked 
without so far, not just in Apache MINA SSHD but apparently also in a number of 
other Java SSH implementations.
   An API change in BaseCipher is not needed. Cipher usage in SSH is fairly 
simple; maybe BaseCipher.update() would have better been called processBlocks() 
or some such to avoid confusion with the Java Cipher interface.
   Data passed to the cipher in SSH is always a multiple of the block size. 
Encryption always encrypts a whole message. Decryption may in some modes first 
decrypt the first block to get the message length, then in a second call 
decrypt the rest of the message. The cipher is kept for the whole session until 
the next key exchange, which is why after a doFinal() needed to force-flush 
that internal buffer the re-initializion will need to use the correct IV.
   It'd still be useful to know which cipher exactly was used in the case 
originally reported.

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail:

For queries about this service, please contact Infrastructure at:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to