Bug in CipherInputStream.read()

Edward A. Ipser, Jr. (ipser@ipser.com)
Mon, 25 Aug 1997 23:32:30 -0700

From: "Edward A. Ipser, Jr." <ipser@ipser.com>
To: "'java-security@java.sun.com'" <java-security@web2.javasoft.com>
Subject: Bug in CipherInputStream.read()
Date: Mon, 25 Aug 1997 23:32:30 -0700

------ =_NextPart_000_01BCB2BE.E83689F0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

A bug in CipherInputStream.read() and a bug in the documentation. I'm =
using jce1_1-ea.exe.

I've been unable to get it to work consistently on big files. In some =
cases it hangs. In other cases it loses input data.

I lose data (its dropped) with:

while ((length =3D cis.read(in)) >=3D 0)
fos.write(in,0,length) ;

This simple loop also looses data (substituting 0s):

while ((c =3D cis.read()) >=3D 0)
fos.write(c) ;

The encrypting loop was:

while ((length =3D fis.read(in,0,in.length)) >=3D 0)
cos.write(in,0,length) ;

Also, the test program doesn't work in Symantec Visual Cafe 1.1 PR2 =
debugger though that is more probably their fault than yours.

Finally, the documentation suggests CipherInputStream.read(byte,int,int) =
has a different behavior from FileInputStream.read(byte,int,int). =
Surly, the statement that the return value is "the number of bytes read =
into b, or -1 if fewer than len encrypted/decrypted bytes remained" must =
be a typo? It implies that -1 will be returned instead of the correct =
length when the last chunk of data is read as opposed to the behavior =
with FileInputStream which returns -1 only after the last chunk of data =
has been read and there is no more data to read.

The complete test program is attached.

=20

Thanks in adance for your attention to these problems.
=00=00
------ =_NextPart_000_01BCB2BE.E83689F0
Content-Type: application/octet-stream; name="TestEncryption.java"
Content-Transfer-Encoding: base64

Ly8NCi8vIFRlc3QgRW5jcnlwdGlvbg0KLy8gQ29weXJpZ2h0IChjKSAxOTk3IElwc2VyIFNvZnR3
YXJlIENvbXBhbnkNCi8vIEFsbCByaWdodHMgcmVzZXJ2ZWQNCi8vDQovLyBDT00uaXBzZXIuc3Zh
c2UuU1ZBU0VHZW5lcmF0ZS5qYXZhDQovLw0KDQpwYWNrYWdlIENPTS5pcHNlci50ZXN0ZW5jcnlw
dGlvbiA7DQoNCmltcG9ydCBqYXZhLmlvLiogOw0KaW1wb3J0IGphdmEudXRpbC4qIDsNCmltcG9y
dCBqYXZhLnNlY3VyaXR5LiogOw0KDQpwdWJsaWMgY2xhc3MgVGVzdEVuY3J5cHRpb24NCnsNCglw
dWJsaWMgc3RhdGljIEtleSBnZW5lcmF0ZUtleSAoU3RyaW5nIGFsZ29yaXRobSwgU3RyaW5nIGZp
bGVOYW1lKQ0KCQl0aHJvd3MgTm9TdWNoQWxnb3JpdGhtRXhjZXB0aW9uLCBJT0V4Y2VwdGlvbg0K
CXsNCiAgICBLZXlHZW5lcmF0b3Iga2V5R2VuID0gS2V5R2VuZXJhdG9yLmdldEluc3RhbmNlKGFs
Z29yaXRobSkgOw0KICAgIFNlY3VyZVJhbmRvbSByYW5kID0gbmV3IFNlY3VyZVJhbmRvbSgpIDsN
CiAgICBrZXlHZW4uaW5pdGlhbGl6ZShyYW5kKSA7DQogICAgS2V5IGtleSA9IGtleUdlbi5nZW5l
cmF0ZUtleSgpIDsNCiAgICBPYmplY3RPdXRwdXRTdHJlYW0ga2V5ZmlsZSA9IG5ldyBPYmplY3RP
dXRwdXRTdHJlYW0obmV3IEZpbGVPdXRwdXRTdHJlYW0oZmlsZU5hbWUpKSA7DQogICAga2V5Zmls
ZS53cml0ZU9iamVjdChrZXkpIDsNCiAgICByZXR1cm4ga2V5IDsNCgl9DQoJcHVibGljIHN0YXRp
YyB2b2lkIGVuY3J5cHRGaWxlIChLZXkga2V5LCBTdHJpbmcgYWxnb3JpdGhtLCBTdHJpbmcgY2xl
YXJGaWxlTmFtZSwgU3RyaW5nIGVuY3J5cHRlZEZpbGVOYW1lKQ0KCQl0aHJvd3MgTm9TdWNoQWxn
b3JpdGhtRXhjZXB0aW9uLCBLZXlFeGNlcHRpb24sIElPRXhjZXB0aW9uDQoJew0KICAgIENpcGhl
ciBjaXBoZXIgPSBDaXBoZXIuZ2V0SW5zdGFuY2UoYWxnb3JpdGhtKSA7DQogICAgY2lwaGVyLmlu
aXRFbmNyeXB0KGtleSkgOw0KICAgIEZpbGVJbnB1dFN0cmVhbSBmaXMgPSBuZXcgRmlsZUlucHV0
U3RyZWFtKGNsZWFyRmlsZU5hbWUpIDsNCiAgICBGaWxlT3V0cHV0U3RyZWFtIGZvcyA9IG5ldyBG
aWxlT3V0cHV0U3RyZWFtKGVuY3J5cHRlZEZpbGVOYW1lKSA7DQogICAgQ2lwaGVyT3V0cHV0U3Ry
ZWFtIGNvcyA9IG5ldyBDaXBoZXJPdXRwdXRTdHJlYW0oZm9zLGNpcGhlcikgOw0KCQlieXRlW10g
aW4gPSBuZXcgYnl0ZVs1MDAwXSA7DQoJCWludCBsZW5ndGggOw0KCQl3aGlsZSAoKGxlbmd0aCA9
IGZpcy5yZWFkKGluLDAsaW4ubGVuZ3RoKSkgPj0gMCkNCgkgICAgY29zLndyaXRlKGluLDAsbGVu
Z3RoKSA7DQogICAgZmlzLmNsb3NlKCkgOw0KICAgIGNvcy5jbG9zZSgpIDsNCgl9DQoJcHVibGlj
IHN0YXRpYyB2b2lkIGVuY3J5cHRUZXN0ICgpDQoJew0KCQl0cnkNCgkJew0KCQkJU3lzdGVtLm91
dC5wcmludGxuKCJnZW5lcmF0ZSBrZXkiKSA7DQoJICAgIEtleSBrZXkgPSBnZW5lcmF0ZUtleSgi
REVTIiwia2V5ZmlsZSIpIDsNCi8vCQkJS2V5IGtleSA9IGdldEtleSgia2V5ZmlsZSIpIDsNCgkJ
CVN5c3RlbS5vdXQucHJpbnRsbigiZW5jcnlwdCIpIDsNCgkgICAgZW5jcnlwdEZpbGUoa2V5LCJE
RVMvRUNCL1BLQ1MjNSIsIkhpZ2hUZWNoLmh0bSIsIlNlY3JldC5lbmNyeXB0IikgOw0KCQl9DQoJ
CWNhdGNoIChFeGNlcHRpb24gZSkNCgkJew0KCSAgICBlLnByaW50U3RhY2tUcmFjZSgpIDsNCgkJ
fQ0KCX0NCglwdWJsaWMgc3RhdGljIEtleSBnZXRLZXkgKFN0cmluZyBmaWxlTmFtZSkNCgkJdGhy
b3dzIENsYXNzTm90Rm91bmRFeGNlcHRpb24sIElPRXhjZXB0aW9uDQoJew0KCQlPYmplY3RJbnB1
dFN0cmVhbSBrZXlmaWxlID0gbmV3IE9iamVjdElucHV0U3RyZWFtKG5ldyBGaWxlSW5wdXRTdHJl
YW0oZmlsZU5hbWUpKSA7DQoJCUtleSBrZXkgPSAoU2VjcmV0S2V5KWtleWZpbGUucmVhZE9iamVj
dCgpIDsNCgkJcmV0dXJuIGtleSA7DQoJfQ0KCXB1YmxpYyBzdGF0aWMgdm9pZCBkZWNyeXB0IChL
ZXkga2V5LCBTdHJpbmcgYWxnb3JpdGhtLCBTdHJpbmcgZW5jcnlwdGVkRmlsZU5hbWUsIFN0cmlu
ZyBjbGVhckZpbGVOYW1lKQ0KCQl0aHJvd3MgS2V5RXhjZXB0aW9uLCBOb1N1Y2hBbGdvcml0aG1F
eGNlcHRpb24sIEZpbGVOb3RGb3VuZEV4Y2VwdGlvbiwgSU9FeGNlcHRpb24NCgl7DQoJCUNpcGhl
ciBjaXBoZXIgPSBDaXBoZXIuZ2V0SW5zdGFuY2UoYWxnb3JpdGhtKSA7DQoJCWNpcGhlci5pbml0
RGVjcnlwdChrZXkpIDsNCgkJRmlsZUlucHV0U3RyZWFtIGZpcyA9IG5ldyBGaWxlSW5wdXRTdHJl
YW0oZW5jcnlwdGVkRmlsZU5hbWUpIDsNCgkJRmlsZU91dHB1dFN0cmVhbSBmb3MgPSBuZXcgRmls
ZU91dHB1dFN0cmVhbShjbGVhckZpbGVOYW1lKSA7DQoJCUNpcGhlcklucHV0U3RyZWFtIGNpcyA9
IG5ldyBDaXBoZXJJbnB1dFN0cmVhbShmaXMsY2lwaGVyKSA7DQoJCWJ5dGVbXSBpbiA9IG5ldyBi
eXRlWzUwMDBdIDsNCgkJaW50IGxlbmd0aCA7DQoJCXdoaWxlICgobGVuZ3RoID0gY2lzLnJlYWQo
aW4pKSA+PSAwKQ0KCSAgICBmb3Mud3JpdGUoaW4sMCxsZW5ndGgpIDsNCgkJZm9zLmNsb3NlKCkg
Ow0KCQljaXMuY2xvc2UoKSA7DQoJfQ0KCXB1YmxpYyBzdGF0aWMgdm9pZCBkZWNyeXB0VGVzdCAo
KQ0KCXsNCgkJdHJ5DQoJCXsNCgkJCVN5c3RlbS5vdXQucHJpbnRsbigiZ2V0IGtleSIpIDsNCgkJ
CUtleSBrZXkgPSBnZXRLZXkoImtleWZpbGUiKSA7DQoJCQlTeXN0ZW0ub3V0LnByaW50bG4oImRl
Y3J5cHQiKSA7DQoJCQlkZWNyeXB0KGtleSwiREVTL0VDQi9QS0NTIzUiLCJTZWNyZXQuZW5jcnlw
dCIsIk91dC5odG0iKSA7DQoJCQlTeXN0ZW0ub3V0LnByaW50bG4oImRvbmUiKSA7DQoJCX0NCgkJ
Y2F0Y2ggKEV4Y2VwdGlvbiBlKQ0KCQl7DQoJCQllLnByaW50U3RhY2tUcmFjZSgpIDsNCgkJfQ0K
CX0NCglwdWJsaWMgc3RhdGljIHZvaWQgbWFpbiAoU3RyaW5nIGFyZ3VtZW50c1tdKQ0KCXsNCgkJ
ZW5jcnlwdFRlc3QoKSA7DQoJCWRlY3J5cHRUZXN0KCkgOw0KCX0NCn0NCg==

------ =_NextPart_000_01BCB2BE.E83689F0--