Fixed use of ECB with Botan#724
Conversation
bjosv
left a comment
There was a problem hiding this comment.
Seems reasonable.
Are all the extra debug printouts needed? I seems that existing printouts are quite sparse with information, maybe for security reasons(?).
As an addition I suggest that we also disable 2 testcases when built WITH_BOTAN.
They will always fail when using Botan as I understand it. WDYT?
1) test: AESTests::testECB (F) line: 518 AESTests.cpp
assertion failed
- Expression: aes->encryptInit(&aesKey128, SymMode::ECB, IV)
2) test: DESTests::testECB (F) line: 537 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::ECB, IV)
|
I think that you are right about the tests. I have added the debug logs because they are often useful. I agree that some security reasons, it may seem bad, but:
So I thought this was tolerable. But per your request, I deleted all the offending lines. |
bjosv
left a comment
There was a problem hiding this comment.
Good comments. Using debug logs in production would be "beyond madness" :)
|
if you revert BotanSymmetricAlgorithm.cpp 8fd89ec and uncomment if (mode == SymMode::ECB) all tests are passing. Tested with Botan 2.19.3 |
That's because ECB is not taken into account during compilation phase. It does not fix the failing tests in |
Sorry I dont understand what do you mean "ECB is not taken into account". You mean because Botan_ecb.cpp is missing in CMakelists.txt? The test was performed with dev branch and not with fix-botan-ecb |
4c93d01 to
d8d9f49
Compare
|
I will close this PR when #771 is merged since it does a better job than this. |
|
#771 is merged |
Here is my proposed fix for issue 723