tomaswolf opened a new pull request, #463:

   The org.apache.sshd.common.cipher.Cipher interface specifies for 
update(byte[] buffer, int offset, int length) that length bytes are encrypted 
or decrypted in-place in the given buffer, starting at the given offset.
   The BaseCipher implementation just called javax.crypto.Cipher.update(). 
That, however, may buffer blocks and not update all data right away. (For 
instance, AES pipelined implementations may behave that way.) Buffered blocks 
may be returned/updated in subsequent update() calls. To ensure that really all 
bytes given are updated, one needs to call doFinal(), which always 
returns/updates such buffered blocks.
   But javax.crypto.Cipher.doFinal() resets the cipher to its initial state. 
For use in SSH, this is not appropriate: the cipher must be reset not to the 
initial state but to the final state. This is done for CTR ciphers by adding 
the number of processed blocks to the initial IV and then using that IV for 
re-initialization. For CBC ciphers, the re-initialization IV must be the last 
encrypted block processed.
   Note that in CTR mode, we cannot check for IV re-use. This is not a problem 
in practice because in the SSH protocol key exchanges happen long before an IV 
can wrap around.
   Fixes #455.

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail:

For queries about this service, please contact Infrastructure at:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to