[
https://issues.apache.org/jira/browse/CRYPTO-157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17284967#comment-17284967
]
Gary D. Gregory commented on CRYPTO-157:
----------------------------------------
Hi [~salyh]
Thank you for your report.
Please feel free to provide a PR on GitHub.
Do keep in mind two important items:
- Don't break binary compatibility
- Provide unit tests.
Good luck!
> Authentication tag length cannot be specified for CryptoInputStream
> -------------------------------------------------------------------
>
> Key: CRYPTO-157
> URL: https://issues.apache.org/jira/browse/CRYPTO-157
> Project: Commons Crypto
> Issue Type: Bug
> Components: Stream
> Reporter: Hendrik Saly
> Priority: Major
>
> CryptoInputStream and CryptoOutputStream are not allowing other
> AlgorithmParameterSpec than IvParameterSpec. B they both claim to support any
> mode of operations, but without submitting a GCMParameterSpec its not
> possible to define a authentication tag length in GCM mode. Despite of that I
> am not sure if cipher in GCM is ever properly initialized without a
> GCMParameterSpec (if there is a default for tLen and its not 128 than the
> cipher is IMHO not properly initialized).
> The other thing is that modes which do not need an AlgorithmParameterSpec
> (like ECB) are also maybe not properly initialized. Not sure if ECB just
> ignores the given IvParameterSpec. I suggest to just allow null here and if
> null is given call the cipher.init(mode, key) method without
> AlgorithmParameterSpec.
> [https://github.com/apache/commons-crypto/blob/6b1a6968c68930e970ab4a9c21885e4872318bab/src/main/java/org/apache/commons/crypto/stream/CryptoInputStream.java#L198]
>
> [https://github.com/apache/commons-crypto/blob/6b1a6968c68930e970ab4a9c21885e4872318bab/src/main/java/org/apache/commons/crypto/stream/CryptoOutputStream.java#L184]
>
> Happy to create a PR if bug is confirmed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
