tomaswolf commented on issue #455: URL: https://github.com/apache/mina-sshd/issues/455#issuecomment-1911992707
No problem at all. I immediately came to the same conclusion as you did when I looked at BaseCipher, which is why I had written I was "confused". I _do_ agree this needs to call Cipher.doFinal(), and I'm confused that it worked without so far, not just in Apache MINA SSHD but apparently also in a number of other Java SSH implementations. An API change in BaseCipher is not needed. Cipher usage in SSH is fairly simple; maybe BaseCipher.update() would have better been called processBlocks() or some such to avoid confusion with the Java Cipher interface. Data passed to the cipher in SSH is always a multiple of the block size. Encryption always encrypts a whole message. Decryption may in some modes first decrypt the first block to get the message length, then in a second call decrypt the rest of the message. The cipher is kept for the whole session until the next key exchange, which is why after a doFinal() needed to force-flush that internal buffer the re-initializion will need to use the correct IV. It'd still be useful to know which cipher exactly was used in the case originally reported. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org