-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
undocumented backwards compatibility break since 0.02 #9
Comments
You make a great point. I will fix it some time this week. Thanks for the test. One of the problems updating this module was that the tests were a little sparse so it was difficult to be sure I was not breaking something. |
This is a first stab at it. Once I looked at it I noticed that I was also assuming that the user would match the cipher to the key size. I may change it again to have the perl code remove the size from the cipher being passed in. I noticed that I had also used a test with a mismatched cipher and a key that I had to change. Tim
|
openssl deals with mismatches of the keysize and cipher chosen by truncating the key or padding it with zeros this module does not do that. Use the correct key size for the cipher chosen Thanks to @maaarghk for the issue report and the test to replicate it
Fixes #9: keysize should determine the cipher used
[Significant updates since 0.15] Thanks to @maaarghk for reporting a breaking change post 0.02 The module now ensures that the cipher chosen (if not specified) is the correct size according to the keysize. It also enforces that the keysize and ciphers can not be mismatched if the cipher is specified. [Detailed Change Log] - ad7a761 Increment version etc. for release - 5cdb783 Strawberry Perl uses dmake - ae50f2b Fixed #9: keysize should determine the cipher used - 94731c4 v0.17
hey,
in the POD you state:
this is not true. the "original" version supported 128, 192 and 256 based on the provided key length:
perl-Crypt-OpenSSL-AES/AES.xs
Lines 45 to 52 in 324ae34
(note keysize*8 is passed)
i think for that reason it is wrong to set the cipher to AES-256-ECB when no options hash is provided. in
get_cipher
, in the case wherename == NULL
, keysize should be checked to determine the cipher.here is an updated version of the original test file which passes on 0.02 but fails on latest:
cheers.
M
The text was updated successfully, but these errors were encountered: