Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/cipher: example legally but confusingly uses CryptBlocks input as its output #19826

Closed
kuchlein opened this issue Apr 3, 2017 · 2 comments
Closed

crypto/cipher: example legally but confusingly uses CryptBlocks input as its output #19826

kuchlein opened this issue Apr 3, 2017 · 2 comments
Labels
Documentation FrozenDueToAge

Comments

@kuchlein
Copy link

kuchlein commented Apr 3, 2017

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

1.8

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN="/usr/local/go/bin"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/tim/go"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/ny/78hxt5md5d9129ys2b43yq700000gn/T/go-build126828932=/tmp/go-build -gno-record-gcc-switches -fno-common"
CXX="clang++"
CGO_ENABLED="1"
PKG_CONFIG="pkg-config"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"

What did you do?

Used the sample code in https://golang.org/src/crypto/cipher/example_test.go but didn't notice that ExampleNewCBCDecrypter used mode.CryptBlocks(ciphertext, ciphertext) effectively overwriting the source array.

What did you expect to see?

The sample code should really be the most safe rather than the most performant. Something like:

// CryptBlocks can work in-place if the two arguments are the same (i.e. mode.CryptBlocks(ciphertext, ciphertext)) or can use a new array.
cleartext := make([]byte, len(ciphertext))
mode.CryptBlocks(cleartext, ciphertext)

What did you see instead?

Add a new array, plaintext, that's the same size as ciphertext and have the comment say that mode.CryptBlocks(dst, src) can use the same array for both src and dst.
@mvdan
Copy link
Member

mvdan commented Apr 3, 2017

Mind sending a CL for this? https://golang.org/doc/contribute.html

@bradfitz bradfitz changed the title Update sample code for crypto/cipher crypto/cipher: example legally but confusingly uses CryptBlocks input as its output Apr 3, 2017
@rsc
Copy link
Contributor

rsc commented Apr 5, 2017

I think it's perfectly fine to use input as output in the example. It's legal and it's common: you've prepared the data in a buffer and now you want to encrypt it. It's rare you want to keep the old form around too.

@rsc rsc closed this as completed Apr 5, 2017
@golang golang locked and limited conversation to collaborators Apr 5, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Documentation FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rsc @mvdan @kuchlein @gopherbot