Fix issue 723 - Fixed use of ECB with Botan

opendnssec / SoftHSMv2

SoftHSM version 2

http://www.softhsm.org/

Other

740 stars 335 forks source link

Fix issue 723 - Fixed use of ECB with Botan #724

Open antoinelochet opened 10 months ago

antoinelochet commented 10 months ago

Here is my proposed fix for issue 723

antoinelochet commented 5 months ago

I think that you are right about the tests.

I have added the debug logs because they are often useful. I agree that some security reasons, it may seem bad, but:

using SoftHSM in production is madness
using SoftHSM in production WITH debug logs is beyond madness

So I thought this was tolerable. But per your request, I deleted all the offending lines.

anpa8480 commented 2 weeks ago

if you revert BotanSymmetricAlgorithm.cpp 8fd89ec33edfe4a7b510c471101f78b52a0c1294 and uncomment if (mode == SymMode::ECB) all tests are passing.

Tested with Botan 2.19.3

antoinelochet commented 2 weeks ago

if you revert BotanSymmetricAlgorithm.cpp 8fd89ec and uncomment if (mode == SymMode::ECB) all tests are passing.

Tested with Botan 2.19.3

That's because ECB is not taken into account during compilation phase. It does not fix the failing tests in src/lib

anpa8480 commented 2 weeks ago

if you revert BotanSymmetricAlgorithm.cpp 8fd89ec and uncomment if (mode == SymMode::ECB) all tests are passing. Tested with Botan 2.19.3

That's because ECB is not taken into account during compilation phase. It does not fix the failing tests in src/lib

Sorry I dont understand what do you mean "ECB is not taken into account". You mean because Botan_ecb.cpp is missing in CMakelists.txt? The test was performed with dev branch and not with fix-botan-ecb