[pycrypto] Docs/code mis-match - not specifying IV fails

Wed Jan 8 01:32:59 PST 2014

Hi Charley,

Thanks for clarifying that - that makes sense to me.

Cheers

Hugh

On 8 January 2014 00:59, Charley Nibley <cnibley at gmail.com> wrote:

> Hi Hugh,
>
> This behavior you are seeing is expected.  It changed with a fix to
> prevent an empty string IV passed to the function. IV is always mandatory
> even if at some point in a previous build it was being passed as all
> zeros.  I believe the doc just needs updating.
>
> See line 173:
> https://github.com/dlitz/pycrypto/commit/411f60f58cea79f7e93476ba0c069b80a2a4c1a0
>
> And see the comments here: https://bugs.launchpad.net/pycrypto/+bug/997464
>
> Charley Nibley
>
>
> On Tue, Jan 7, 2014 at 9:43 AM, Hugh Macdonald <
> hugh.macdonald at nvizible.com> wrote:
>
>> Hi,
>>
>> I've just been trying to figure out why some code of mine broke after an
>> update from 2.0.1 to 2.6.1, and found that I hadn't been passing an IV into
>> AES.new() (using MODE_CFB).
>>
>> Previously, it was happy with this, and, according to the docs here (
>> https://www.dlitz.net/software/pycrypto/api/current/), "It is optional
>> and when not present it will be given a default value of all zeroes."
>>
>> Looking at the code that throws the exception (
>> https://github.com/dlitz/pycrypto/blob/master/src/block_template.c, line
>> 163), it doesn't allow for doing what the docs suggest it will.
>>
>> I'm not sure whether I've either misunderstood something or which of the
>> two is wrong, but I thought I'd at least flag it for discussion...
>>
>>
>> Hugh
>>
>> D I S C L A I M E R : This email and any files transmitted with it are
>> intended solely for the intended addressee, and may contain confidential
>> information or material protected by law, copyright or other legislation.
>> If you have received this message in error, please return it to the sender
>> or notify the sender by calling +44 (0)20 3167 3860, and immediately and
>> permanently delete it. You should not copy it or use it for any purpose,
>> nor disclose its contents to any other person. Only the intended recipient
>> may place any reliance upon it. Nvizible Limited accepts no responsibility
>> or liability for emails sent by its employees or personnel which are not
>> sent in the course of its business or that of its clients.
>>
>> Nvizible Limited, 8/9 Carlisle Street, London W1D 3BP .  Registered in
>> England & Wales with Company Number: 6900121
>>
>> _______________________________________________
>> pycrypto mailing list
>> pycrypto at lists.dlitz.net
>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>>
>>
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
>

-- 
D I S C L A I M E R : This email and any files transmitted with it are 
intended solely for the intended addressee, and may contain confidential 
information or material protected by law, copyright or other legislation.  
If you have received this message in error, please return it to the sender 
or notify the sender by calling +44 (0)20 3167 3860, and immediately and 
permanently delete it. You should not copy it or use it for any purpose, 
nor disclose its contents to any other person. Only the intended recipient 
may place any reliance upon it. Nvizible Limited accepts no responsibility 
or liability for emails sent by its employees or personnel which are not 
sent in the course of its business or that of its clients.

Nvizible Limited, 8/9 Carlisle Street, London W1D 3BP .  Registered in 
England & Wales with Company Number: 6900121
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20140108/af732de7/attachment.html>