602147629 / as3crypto Goto Github PK

What steps will reproduce the problem?
1. Connect to an SSL socket via a VPN tunnel.

What is the expected output? What do you see instead?

TLSEngine fails instead of keeping the connection. It appears to die at
instantiation of the record protocol.

I'm still gathering information from users, so once I have a tighter grasp
on the problem(and get a test VPN built to hammer on) I'll put more info
here, and get a patch built.

[deleted issue]

Hi,

I would like to know if you could add diffie-hellman support in your librarie ?

Thanks.

What steps will reproduce the problem?
1. Go the the Secret Key tab
2. Generate a Key
3. Type some text
4. Press the Encrypt button (you may see errors at this point)
5. Press the Decrypt button (you may also see errors at this point)

Expected outcome:  The text is the same as what was typed in
Actual Outcome: Garbage?

What version of the product are you using? On what operating system?
Demo, any version thatI've gotten ahold of.

Please provide any additional information below.

I have a swf using TLS that runs fine if I load it locally.  When I host it
on line it fails.

Is there something special I have to add to the crossdomain.xml? 
Everything works fine if I just switch the TLSSocket back to Socket or if I
run the TLSSocket version from my local computer.

What steps will reproduce the problem?
1. I'm using as3-stomp to connect to activemq at amq.mycompany.com
2. I replaced all the Socket references to TLSSocket within the as3-stomp source
3. Setup AMQ with a *.mycompany.com certificate
4. Try to connect to amq.mycompany.com

What is the expected output? What do you see instead?

Expected output would be a valid connection instead I get TLSEngine shutdown 
triggered by 
Error: Invalid common name: *.mycompany.com, expected amq.mycompany.com

What version of the product are you using? On what operating system?

Using 1.3 mac os x with firefox 3 using flash trace

Please provide any additional information below.

Line 694 of TLSEngine is where the exception originates. The issue is the 
direct string compare 
on line 691.  This should be improved to allow for wildcards.  I'm going to 
look at fixing this up, 
maybe with regex.  Not sure how to submit a patch.

What steps will reproduce the problem?
1. Compile and run CryptCompatability.cs
2. Compile and run CryptCompatability.as

What is the expected output? What do you see instead?
Output should be the same, but it's not.

What version of the product are you using? On what operating system?
1.3

Please provide any additional information below.
CryptCompatability.as uses ZeroPad, an IPad implementation, because .NET 
does not support PKCS5 and as3crypto does not support PKCS7.

What steps will reproduce the problem?
1. Make the following call

socket = new TLSSocket("plus.pop.mail.yahoo.com", 995); 


What is the expected output? What do you see instead?

Expect to connect or get an error

Actually get an unhandled exception ... see Trace below:

Error: Error #2030: End of file was encountered.
    at flash.utils::ByteArray/readShort()
    at com.hurlant.crypto.tls::TLSEngine/parseHandshakeHello()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:434]
    at com.hurlant.crypto.tls::TLSEngine/parseHandshake()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:312]
    at com.hurlant.crypto.tls::TLSEngine/parseOneRecord()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:228]
    at com.hurlant.crypto.tls::TLSEngine/parseRecord()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:206]
    at com.hurlant.crypto.tls::TLSEngine/dataAvailable()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:139]


Not sure if this is because Yahoo is using an unhandled TLS version.  At 
the very least would expect the error to be handled.


What version of the product are you using? On what operating system?

v1.2

TLSSocket.readBytes returns void according to it's funciton signature but
includes a return statement. I guess it is valid as is (as it is returning
void from another function) but it confuses FDTs parser so I updated my
local copy by deleting the return statement (see attached patch

What steps will reproduce the problem?
1. Attempt to compile the current contents of the svn repo to a swc using compc

What is the expected output? 
A nicely compiled swc!

What do you see instead?
    [java] Loading configuration file
/Volumes/DATA/Applications/eclipse/plugins/com.powerflasher.fdt.shippedflex_3.3.
0.4852_1000/flex/frameworks/flex-config.xml
     [java]
/Volumes/DATA/work/osx_eclipse/SharifyLibraryCode/lib/src/as3crypto/com/hurlant/
crypto/symmetric/AESKey.as(214):
col: 23: Warning:
flex2.compiler.as3.SignatureExtension.SignatureGenerationFailed[node='ForStateme
nt',
level='warning',
cause='flex2.compiler.as3.SignatureAssertionRuntimeException: Unreachable
Codepath
     [java]     at
flex2.compiler.as3.SignatureEvaluator.ASSERT(SignatureEvaluator.java:369)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.UNREACHABLE_CODEPATH(SignatureEvaluator.ja
va:357)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:1560)
     [java]     at
macromedia.asc.parser.ForStatementNode.evaluate(ForStatementNode.java:50)
     [java]     at
flash.swf.tools.as3.EvaluatorAdapter.evaluate(EvaluatorAdapter.java:338)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:1795)
     [java]     at
macromedia.asc.parser.StatementListNode.evaluate(StatementListNode.java:60)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:530)
     [java]     at
macromedia.asc.parser.ClassDefinitionNode.evaluate(ClassDefinitionNode.java:106)
     [java]     at
flash.swf.tools.as3.EvaluatorAdapter.evaluate(EvaluatorAdapter.java:338)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:1795)
     [java]     at
macromedia.asc.parser.StatementListNode.evaluate(StatementListNode.java:60)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:454)
     [java]     at macromedia.asc.parser.ProgramNode.evaluate(ProgramNode.java:80)
     [java]     at
flex2.compiler.as3.SignatureExtension.generateSignature(SignatureExtension.java:
270)
     [java]     at
flex2.compiler.as3.SignatureExtension.doSignatureGeneration(SignatureExtension.j
ava:174)
     [java]     at
flex2.compiler.as3.SignatureExtension.parse1(SignatureExtension.java:137)
     [java]     at flex2.compiler.as3.Compiler.parse1(Compiler.java:369)
     [java] ', column='23',
path='/Volumes/DATA/work/osx_eclipse/SharifyLibraryCode/lib/src/as3crypto/com/hu
rlant/crypto/symmetric/AESKey.as',
line='214']
     [java]             for (i=0;i<256;i++) {
     [java]                       ^
     [java]
/Volumes/DATA/work/osx_eclipse/SharifyLibraryCode/lib/bin/as3crypto.swc
(68870 bytes)

What version of the product are you using? On what operating system?
Latest from svn: r28

Please provide any additional information below.

I'm not sure what the syntax on line 204 does? Seems pretty strange! This
is a related bug on the flex sdk:

http://bugs.adobe.com/jira/browse/SDK-19201

But using the swc from here isn't working for me in this situation because
I'm running into other problems and need to debug within the source...

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?
Supports keystores

What version of the product are you using? On what operating system?


Please provide any additional information below.

I was curious if how i could read privite keys from a pkcs#12 keystore (or
some other type of keystore)....

So that the keys are stored in a password protected way.

Any ideas?

What steps will reproduce the problem?
1. Run asdoc against the source tree

What is the expected output? What do you see instead?

I expected the asdoc to complete, but got errors in Crypto.getCipher(). 
Asdoc apparently does not like "/**" comments within the body of a switch
statement.

What version of the product are you using? On what operating system?

Latest SVN HEAD, as of this morning.  Using ASDoc from Flex SDK 3.0.0.

Please provide any additional information below.

The workaround is to simply change "/**" to "/*" in that part of the code.
 I have attached a patched version of the file.

What steps will reproduce the problem?
1. Using Crypto.as to your project 

What is the expected output? What do you see instead?
It should only use the ciphers and modes a particular project uses.
Instead of passing a string (like "blowfish-ecb") representing the cipher
and mode to Crypto's getCipher() mode, it should somehow pass instances of
the cipher and mode you'd like to you. That way only the code of the cipher
and mode you wish to use and downloaded with the project.

For example, the version of Crypto I am using has the cipher files
(AESKey.as, BlowFishKey.as, and DESKey.as) totaling 60kb. If it were
possible to only use BlowFishKey.as in my crypto code, then 20kb would be
added to the project instead of 60kb.

As more and more ciphers are added to this package, this package has a
potential of adding a very considerable amount of filesize to a project -
much more than it already is doing.

What steps will reproduce the problem?
1. Create TLSSocket
2. connect socket


What is the expected output? What do you see instead?
It is expected to see the handshake, but I see nothing.


What version of the product are you using? On what operating system?
HEAD revision of svn, Win XP, Firefox 3.0.2 with Flash Player 9.0 r124

Please provide any additional information below.

I realized that the problem occurs because the handshake is sent before
Event.CONNECT is raised on the inner socket. I delayed engine.start() after
the connection was made, and my problem was solved.

Extrangely, the problem doesn't happen using the Stand Alone Player
(version 9,0,124,0)

Verifying an RSA signature results in a 

TypeError: Error #2007: Parameter bytes must be non-null.

What steps will reproduce the problem?
1. Connect to a host with DNS name that is different from the name in the cert.

I think two things are neccessary here, namely:

A. A method of pausing socket handling until the user has indicated
acceptance or rejection of the different name situation.

B. A means of configuring the socket at runtime to ignore Commoon Name
mismatches.

I've already added an "IgnoreCNMismatch" value to my tree, but I haven't
yet added an event chain to get information back to my root application
regarding the mismatch. Once I get some time, I'll handle that.

The patch attached enabled asdoc included in the free Flex SDK to build the
API documentation.
Only side effect is that the int.MIN_VALUE and similar needed to be
replaced with their numeric presentations as for some reason none of the
versions up to date of asdoc could understand those, if they were used as a
default value of a function parameter.

This also fixes issue #1.

What steps will reproduce the problem?
1. Be in a timezone different from GMT (PST, in my case)
2. Get your new certificate signed and installed on server
3. Connect to that server using TLSSocket

What is the expected output? What do you see instead?

Expected certificate to be validated, however as3crypto decided that it is 
approx 6.5hrs in the 
future so it can't validate it. Now, if we'll take at a difference between GMT 
and PST at the moment, 
it is 7 hours. So, my guess is that as3crypto did not get this issue into 
account when was validating 
certificate's 'NotBefore'.

What steps will reproduce the problem?
1. compc -load-config=build-swc.xml

What do you see instead?
Loading configuration file /home/aheinz/Desktop/crypto/build-swc.xml
Adobe Compc (Flex Component Compiler)
Version 3.2.0 build 3794
Copyright (c) 2004-2007 Adobe Systems, Inc. All rights reserved.

/home/aheinz/Desktop/crypto/build-swc.xml(13): Error: unable to open
'/usr/share/flex3-sdk/bin/../frameworks/libs/playerglobal.swc'

      </external-library-path>

What version of the product are you using?
as3crypto revision 27, Flex 3.2.0.3794

On what operating system?
RHEL4

Patch attached.

What steps will reproduce the problem?
1. encrypt in flash 
2. decrypt in java using cipher "RSA/ECB/PKCS1Padding"
3. sometimes, not always, I get following errors
BadPaddingException... Data must being with zero.

I will try and create test keys and data blocks for you as well.

What steps will reproduce the problem?
1. Run demo crypt at http://crypto.hurlant.com/demo/
2. Click RSA 512/1024 bits Key
3. Input anything , example : "Use this tab to encrypt(fast),decrypt(slow)
or generate RSA keys(way slow).
Generating keys greater than 1024 bits is likely to time-out before completion.
Decrypting with a key greater than 2048 bits is painfully slow."
4. Click Encrypt 
5. Click Decrypt --> error

What is the expected output? What do you see instead?
Expected: "Use this tab to encrypt(fast),decrypt(slow) or generate RSA
keys(way slow).
Generating keys greater than 1024 bits is likely to time-out before completion.
Decrypting with a key greater than 2048 bits is painfully slow."

Instead: Error like in the attacted picture

What version of the product are you using? On what operating system?
run in Firefox 3.0.10, OS: XP Pro

Please provide any additional information below.

What steps will reproduce the problem?
Attempt to send data with size bigger than 16384 bytes fails.

What is the expected output? What do you see instead?
The library should send data reliably no matter its size. However, in case 
of longer packets, the SSL server reports it receives packets with invalid 
length. For example, openssl s_server prints ERROR 3428:error:1408F092:SSL 
routines:SSL3_GET_RECORD:data length too long:.\ssl\s3_pkt.c:446

What version of the product are you using? On what operating system?
This issue is seen in version 1.3, revision 27.

Please provide any additional information below.
I've inspected the sources and found a solution. The fix is in the 
attached file.