[jruby-dev] [jira] Created: (JRUBY-1670) JRuby-OpenSSL needs BN, DH, and other features to support Net::SSH (patch attached).

Wed, 05 Dec 2007 01:42:01 -0800 

JRuby-OpenSSL needs BN, DH, and other features to support Net::SSH (patch 
attached).
------------------------------------------------------------------------------------

                 Key: JRUBY-1670
                 URL: http://jira.codehaus.org/browse/JRUBY-1670
             Project: JRuby
          Issue Type: New Feature
          Components: JRuby-extras
            Reporter: Bill Dortch
            Assignee: Bill Dortch
         Attachments: jopenssl.patch

JRuby-OpenSSL needs some additional functionality to match MRI's 
implementation, and to support applications like Net::SSH that depend on that 
functionality.

The attached patch supplies two missing classes, OpenSSL::BN (Bignum) and 
OpenSSL::PKey::DH (Diffie-Hellman). It also adds some missing functionality to 
several other classes:

 - Adds OpenSSL::BN, used by OSSL/Net::SSH to represent various parameters and 
key values
 - Adds OpenSSL::PKey::DH, used by Net::SSH for key exchange
 - Adds support to OpenSSL::PKey::DSA for key component accessors 
(p,q,g,y[pub_key]), used by Net::SSH when serializing/deserializing.
 - Adds support to OpenSSL::PKey::RSA for key component accessors (e,n), used 
by Net::SSH when serializing/deserializing.
 - Adds support to PEM.java for reading/writing encoded DH parameters
 - Implements OpenSSL::PKey#verify, used byt Net::SSH
 - various other small changes/fixes
 
 In spite of all this, Net::SHH _still doesn't work_.  The latest obstacle is 
in Cipher.java, where I get an exception (originating in BC code) complaining 
about initialization vector length vs. block size.  I'm a bit out of my depth 
there, and will file a separate JIRA, though I've included the stack trace 
below, along with my debug output (I've left the debug code in).
 
 I noticed that suddenly there are unit tests for jopenssl, so I'll have to add 
some for the new classes.
 
 A word of warning: safe prime generation (by BN.generate_prime) is *very* 
slow, so if you plan to ask for 2048 bits (or more), be prepared to let it run 
overnight.  (Or use C-OpenSSL; published benchmarks show it to be nearly 4X 
faster for safe primes than java.math.BigInteger-based generators.)

Note that I am not a jruby-extras committer, so someone else will need to do 
apply this.

The Cipher debug output and stack trace:
{noformat}
*** doInitialize
name = des-ede3-cbc
cryptoBase = des
cryptoVersion = ede3
cryptoMode = cbc
padding_type = NoPadding
realName = DESede/cbc/NoPadding
keyLen = 168
ivLen = 64
encryptMode = true
ciphInited = false
key.length = 168
iv.length = 64
padding = 0
*******************************
java.lang.IllegalArgumentException: initialisation vector must be the same 
length as block size
        at org.bouncycastle.crypto.modes.CBCBlockCipher.init(Unknown Source)
        at org.bouncycastle.crypto.BufferedBlockCipher.init(Unknown Source)
        at org.jruby.ext.openssl.Cipher.doInitialize(Cipher.java:549)
        at org.jruby.ext.openssl.Cipher.update(Cipher.java:568)
        at org.jruby.ext.openssl.CipherInvoker$update_F1.call(Unknown Source)
        at 
org.jruby.runtime.callback.FastInvocationCallback.execute(FastInvocationCallback.java:55)

        at 
org.jruby.internal.runtime.methods.SimpleCallbackMethod.call(SimpleCallbackMethod.java:70
)
        at 
org.jruby.runtime.CallSite$InlineCachingCallSite.call(CallSite.java:158)
        at 
org.jruby.runtime.CallSite$ArgumentBoxingCallSite.call(CallSite.java:103)
        at org.jruby.evaluator.ASTInterpreter.callNode(ASTInterpreter.java:653)
        at 
org.jruby.evaluator.ASTInterpreter.evalInternal(ASTInterpreter.java:300)
...

OpenSSL::Cipher::CipherError: No message available
        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh/transport/packet-stream
.rb:107:in `synchronize'
        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh/transport/packet-stream
.rb:87:in `send'
        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh/transport/packet-stream
.rb:107:in `method_missing'
        from (eval):3:in `send'
        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh/transport/session.rb:32
8:in `send_message'
        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh/userauth/driver.rb:86:i
n `send_message'
        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh/userauth/driver.rb:144:
in `authenticate'
        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh/session.rb:134:in
 `init
ialize'
        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh/session.rb:121:in
 `new'

        from 
C:/jruby/trunk/lib/ruby/gems/1.8/gems/net-ssh-1.1.2/lib/net/ssh.rb:47:in `start'
        from c:/temp/./sst.rb:4:in `start'
        from (irb):1:in `load'
        from (irb):1:in `signal_status'
{noformat}

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe from this list please visit:

    http://xircles.codehaus.org/manage_email

Reply via email to