[tahoe-dev] Fixed? Freebsd unparsable directory
Nathan
nejucomo at gmail.com
Tue May 6 11:03:15 PDT 2008
On Tue, May 6, 2008 at 9:22 AM, Ben Laurie <ben at links.org> wrote:
> zooko wrote:
> > Dear Ben Hyde:
> >
> > Thank you very much for helping me debug this issue on FreeBSD.
> >
> > On May 5, 2008, at 5:23 PM, Ben Hyde wrote:
> >
> >> On May 5, 2008, at 6:18 PM, Ben Hyde wrote:
> >>> So that lead me to notice the my cryptopp is 5.4 (i.e. what freebsd
> >>> ports gives me); and that there was a newer version 5.5.2 - hand
> >>> installed that ... same result.
> >> Opps. I was thinking dynamic linking; but doing pycryptopp testing
> >> again with a freshly unpacked tar ... all the tests pass.
> >
> > Ah, so pycryptopp v0.3.0 doesn't link to libcryptopp.so at link time,
> > so you upgrading from Crypto++ 5.4 to Crypto++ 5.5.2 didn't have any
> > effect on the pycryptopp unit tests without also rebuilding pycryptopp.
> >
> > That explains why your second test (quoted above) had "... same result".
> >
> > However, rebuilding pycryptopp v0.3.0 linked against a newer version
> > of Crypto++ should *not* have fixed the bug in question. The bug in
> > question is in this version of AES_init():
> >
> > http://allmydata.org/trac/pycryptopp/browser/pycryptopp/cipher/
> > aesmodule.cpp?rev=133#L104
> >
> > See the bug? Consider this a challenge. :-) You can assume that
> > the Crypto++ implementation is correct.
>
> Presumably the issue is that defaultiv is out of scope by the time it is
> used.
>
> A little surprised that:
>
> a) a default IV exists at all
>
> b) you are using it
>
I second this concern. Even if you want to reuse an IV, shouldn't the
wrapper force the caller to do this explicitly, for that specific
context?
>
> > Ah, okay, so actually if you *did* confirm, as you said you did, that
> > pycryptopp v0.3.0 exhibits incorrect AES cryption when built against
> > Crypto++ v5.4, but correct when built against Crypto++ v5.5.2, then
> > this does make sense. I will assume that Crypto++ v5.5.2 does
> > something different with the stack inside the constructor of
> > CTR_Mode<AES>::Encryption. (I guess that's another hint.)
>
> I don't think we should be relying on this presumption!
>
>
> > I have now bundled pycryptopp-0.5.1 with the Tahoe source checkout.
> >
> > More on this later -- I want to improve Tahoe, and our build/
> > configure/distribution/testing process, to reduce the likelihood of
> > something like this happening again.
>
> I suggest that you should run the package self-tests even if you do not
> use your own versions of the packages.
>
> --
> http://www.apache-ssl.org/ben.html http://www.links.org/
>
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff
>
>
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at allmydata.org
> http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
>
More information about the tahoe-dev
mailing list