On Mon, 12 Feb 2007, Lucas Newman wrote: > I think I understand what is happening now. If a large read blocks in the > middle, the chunk of data obtained is processed in transport.c to determine > if a full packet was snagged. While processing half of a packet, if the > data is not a multiple of the crypto block size, the extra bytes are > discarded from the end of the chunk, and the remainder of the packet is > missing those bytes, hence the MAC failure. > > To see this happening, add the following line to transport.c:441: > fprintf(stderr, "Bytes being discarded: %d\n", numdecrypt % session- > >remote.crypt->blocksize); > > If you are able to read a whole packet at once, you will never discard any > bytes when decrypting, so that is why the behavior only appears when doing > large, blocking reads. > > A solution would be to retain the extra bytes and just process them in the > next iteration.
I must be stupid, but I read the code around line 441 and I can't see how the bytes are being discarded. Do you have a suggested patch to fix the problem you see? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ libssh2-devel mailing list libssh2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libssh2-devel
