slothg / as3crypto Goto Github PK

What steps will reproduce the problem?

1. Create an instance of BigInteger (for example var foo:BigInteger = new
BigInteger("50"); )

2. Try to retrieve its string value in decimal ( foo.toString(10); )

What is the expected output? 
return "50" (as a string)

What do you see instead?
The flash player enters an infinite loop.

What version of the product are you using? On what operating system?
Trunk (revision 28) / Windows

Please provide any additional information below.
I saw this in the source code of com.hurlant.math.BigInteger (line 72) :

public function toString(radix:Number=16):String {
    if (s<0) return "-"+negate().toString(radix);
    var k:int;
    switch (radix) {
        case 2:   k=1; break;
        case 4:   k=2; break;
        case 8:   k=3; break;
        case 16:  k=4; break;
        case 32:  k=5; break;
        default:
//          return toRadix(radix);
    }

Why is the default statement (line 82) commented ? (when I uncomment this
line, it works and I have the expected value)

toRadix() is protected and only used in toString(), that means currently
toRadix() is never called...

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?
Supports keystores

What version of the product are you using? On what operating system?


Please provide any additional information below.

I was curious if how i could read privite keys from a pkcs#12 keystore (or
some other type of keystore)....

So that the keys are stored in a password protected way.

Any ideas?

TLSSocket.readBytes returns void according to it's funciton signature but
includes a return statement. I guess it is valid as is (as it is returning
void from another function) but it confuses FDTs parser so I updated my
local copy by deleting the return statement (see attached patch

What steps will reproduce the problem?
1. Generate private/public keys using openssl (PEM for private key and DER for 
public key)
2. Use the public key to encrypt a small string in Java, with "RSA" Cipher, and 
loading the public key for encryption 
3. Encrypt the string in Java, and store it in a file with Base64Encoded
4. Goto Flex, load the private key, use Base64 class to decode the encrypted 
string
5. Pass the ByteArray to decrypt method

What is the expected output? What do you see instead?
The expected out should have been the original string
Actual: Caught error displaying the following
"Decrypt error - padding function returned null!-50-Error
null"

What version of the product are you using? On what operating system?
Built from the source, 1.3, using on Windows XP.

Please provide any additional information below.

What steps will reproduce the problem?
1. Run demo crypt at http://crypto.hurlant.com/demo/
2. Click RSA 512/1024 bits Key
3. Input anything , example : "Use this tab to encrypt(fast),decrypt(slow)
or generate RSA keys(way slow).
Generating keys greater than 1024 bits is likely to time-out before completion.
Decrypting with a key greater than 2048 bits is painfully slow."
4. Click Encrypt 
5. Click Decrypt --> error

What is the expected output? What do you see instead?
Expected: "Use this tab to encrypt(fast),decrypt(slow) or generate RSA
keys(way slow).
Generating keys greater than 1024 bits is likely to time-out before completion.
Decrypting with a key greater than 2048 bits is painfully slow."

Instead: Error like in the attacted picture

What version of the product are you using? On what operating system?
run in Firefox 3.0.10, OS: XP Pro

Please provide any additional information below.

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?
core function returns
core function fails because there is another var named h 

What version of the product are you using? On what operating system?
windows 

Please provide any additional information below.

What steps will reproduce the problem?
1. MIME does not specify a fixed length for base64-encoded lines, but it 
does specify a maximum line length of 76 characters. Additionally it 
specifies that any extra-alphabetic characters must be ignored by a 
compliant decoder, although most implementations use a CR/LF newline pair 
to delimit encoded lines.
2. Encode with mostly any other tool strings with an output larger then 76 
characters 
3. Decode with ascrypto

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

jpauclair improved the base64 encoding of this lib, so that it is 700%
faster (!!!) now. i think it should be reimplementet in this lib (should be
no efford).

http://jpauclair.net/2010/01/09/base64-optimized-as3-lib/

What steps will reproduce the problem?
1. Attempt to compile the current contents of the svn repo to a swc using compc

What is the expected output? 
A nicely compiled swc!

What do you see instead?
    [java] Loading configuration file
/Volumes/DATA/Applications/eclipse/plugins/com.powerflasher.fdt.shippedflex_3.3.
0.4852_1000/flex/frameworks/flex-config.xml
     [java]
/Volumes/DATA/work/osx_eclipse/SharifyLibraryCode/lib/src/as3crypto/com/hurlant/
crypto/symmetric/AESKey.as(214):
col: 23: Warning:
flex2.compiler.as3.SignatureExtension.SignatureGenerationFailed[node='ForStateme
nt',
level='warning',
cause='flex2.compiler.as3.SignatureAssertionRuntimeException: Unreachable
Codepath
     [java]     at
flex2.compiler.as3.SignatureEvaluator.ASSERT(SignatureEvaluator.java:369)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.UNREACHABLE_CODEPATH(SignatureEvaluator.ja
va:357)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:1560)
     [java]     at
macromedia.asc.parser.ForStatementNode.evaluate(ForStatementNode.java:50)
     [java]     at
flash.swf.tools.as3.EvaluatorAdapter.evaluate(EvaluatorAdapter.java:338)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:1795)
     [java]     at
macromedia.asc.parser.StatementListNode.evaluate(StatementListNode.java:60)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:530)
     [java]     at
macromedia.asc.parser.ClassDefinitionNode.evaluate(ClassDefinitionNode.java:106)
     [java]     at
flash.swf.tools.as3.EvaluatorAdapter.evaluate(EvaluatorAdapter.java:338)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:1795)
     [java]     at
macromedia.asc.parser.StatementListNode.evaluate(StatementListNode.java:60)
     [java]     at
flex2.compiler.as3.SignatureEvaluator.evaluate(SignatureEvaluator.java:454)
     [java]     at macromedia.asc.parser.ProgramNode.evaluate(ProgramNode.java:80)
     [java]     at
flex2.compiler.as3.SignatureExtension.generateSignature(SignatureExtension.java:
270)
     [java]     at
flex2.compiler.as3.SignatureExtension.doSignatureGeneration(SignatureExtension.j
ava:174)
     [java]     at
flex2.compiler.as3.SignatureExtension.parse1(SignatureExtension.java:137)
     [java]     at flex2.compiler.as3.Compiler.parse1(Compiler.java:369)
     [java] ', column='23',
path='/Volumes/DATA/work/osx_eclipse/SharifyLibraryCode/lib/src/as3crypto/com/hu
rlant/crypto/symmetric/AESKey.as',
line='214']
     [java]             for (i=0;i<256;i++) {
     [java]                       ^
     [java]
/Volumes/DATA/work/osx_eclipse/SharifyLibraryCode/lib/bin/as3crypto.swc
(68870 bytes)

What version of the product are you using? On what operating system?
Latest from svn: r28

Please provide any additional information below.

I'm not sure what the syntax on line 204 does? Seems pretty strange! This
is a related bug on the flex sdk:

http://bugs.adobe.com/jira/browse/SDK-19201

But using the swc from here isn't working for me in this situation because
I'm running into other problems and need to debug within the source...

What steps will reproduce the problem?
1. Checkout v1.3, and do a readRSAPublicKey on this key 
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSInLDKp9pNoaN0rfnulUinVw0
3kezfhkwOXbocpyPKgOqylC9HGUChNYtfTI18jnt8TiI3RoptutBSLZ7xTooybXs
7NZWkjnzPZBpXDkQykd8LrWc1cy8VxHALbil4s8Ua87R8KAHXZukyGuonWs3yvFN
/CB48WZjSgnTOzHuHwIDAQAB
-----END PUBLIC KEY-----

You should get an EOF error in DER.as, at the line der.readBytes(bs,0,len);
 len will be an insanely large number.


Try the precompiled version and you will not have a problem.  The
difference between the two is one line in PEM.as

v1.3
arr[1].position = 1; // there's a 0x00 byte up front. find out why later.
like, read a spec.

trunk
arr[1].position = 0; // there's a 0x00 byte up front. find out why later.
like, read a spec.

Setting the value to 0 in v1.3 clears up the issue.


On what operating system?
Versions specified above, working on OSX.

Please provide any additional information below.
I had to go to 1.3 to get support for connecting to gmail. I've changed the
code to make it work but I don't understand what I've done.  I figure
that's probably dangerous for me.

Thank you,
Eric

What steps will reproduce the problem?
Trace the parameter to pkcs1pad in RSAKey.as

What is the expected output? What do you see instead?
The first bit should be 0x00 (from the padding), but instead it is either 0x01, 
or 0x02 (the padType). The first bit is always omitted.

What version of the product are you using? On what operating system?
as3crypto 1.3, Windows 7 64bit, Firefox 3.6, Flash Player 10.1

Are it's possible?

Used a simple java program to AES encrpt a message with simple key:

public static void main(String[] args) throws Exception {
    String message = "this is a longer message of 32by";
    String strKeyHex="faf579668b4bb03be0732eb0a42a7ebe";
    byte[] raw = hexToBytes(strKeyHex);
    KeyGenerator kgen = KeyGenerator.getInstance("AES");
    kgen.init(128); // Dont know what this should be.
    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    System.out.println("key=" + asHex(raw));
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
    byte[] encrypted = cipher.doFinal(message.getBytes());
    System.out.println("encrypted string: " + asHex(encrypted));
    }


This results in the follwing:
key=faf579668b4bb03be0732eb0a42a7ebe 
encrypted string: 
0877a0ef7eb43b4dae5734cea8eca4e888372368c0c9337765fe2246eb058505245f2e267813374f
959e2a7757bf8d66

Using as3crypto to decrypt:

public function TestDecryption() {
    var key:ByteArray;
    var message:ByteArray;
    var AES:AESKey;

    key = Hex.toArray("faf579668b4bb03be0732eb0a42a7ebe");
    AES = new AESKey(key);
    message = Hex.toArray("0877a0ef7eb43b4dae5734cea8eca4e888372368c0c9337765fe2246eb058505245f2e267813374f959e2a7757bf8d66");

    trace("encrtyped messsage len=" + message.length);      
    trace("raw encrpted message =0877a0ef7eb43b4dae5734cea8eca4e888372368c0c9337765fe2246eb058505245f2e267813374f959e2a7757bf8d66");

    AES.decrypt(message);

    trace("raw decrypted message=" + Hex.fromArray(message, false));
    trace("original unenc messag=746869732069732061206c6f6e676572206d657373616765206f6620333233322");
    trace("decrypted message len=" + message.length);
    trace("decrypted message=" + Hex.toString(Hex.fromArray(message, false)));
    }

Got this:

encrtyped messsage len=48
raw encrpted message 
=0877a0ef7eb43b4dae5734cea8eca4e888372368c0c9337765fe2246eb058505245f2e267813374
f959e2a7757bf8d66
raw decrypted 
message=746869732069732061206c6f6e67657288372368c0c9337765fe2246eb058505245f2e26
7813374f959e2a7757bf8d66
original unenc 
messag=746869732069732061206c6f6e676572206d657373616765206f6620333233322
decrypted message len=48
decrypted message=this is a longer�7#hÀÉ3weþ"Fë���$_.&x�7O��*wW¿�f


As you can see, the first 16 bytes of the message have been correctly 
decrypted, but the rest of the decrypted message is the raw unencrypted 
message. 

What version of the product are you using? On what operating system?

Downloaded from google last week, dont know how to get the version.
Runing on latest update of XP (32bit)

Please provide any additional information below.

I cant find any documenation in the source, wiki or google on how to use this 
library, and Im guessing Im either using it wrong (I should be calling 
something high level), there is a bug, or as3crypto cannot be used to decrypt 
AES messages longer than 16 bytes (which I would constitue a bug).
Any ideas?

The getID4e() method stores the generated iv data correctly, but the getIV4d() 
method calls the variable "iv" (which is null by default) instead of the getter 
method IV().  

This:

protected function getIV4d():ByteArray {
    var vec:ByteArray = new ByteArray;
    if (iv) {
        vec.writeBytes(iv);
    } else {
        throw new Error("an IV must be set before calling decrypt()");
    }
    return vec;
}

should be changed to:

protected function getIV4d():ByteArray {
    var vec:ByteArray = new ByteArray;
    if (IV) {
        vec.writeBytes(IV);
    } else {
        throw new Error("an IV must be set before calling decrypt()");
    }
    return vec;
}

Verifying an RSA signature results in a 

TypeError: Error #2007: Parameter bytes must be non-null.

What steps will reproduce the problem?
1. Using Crypto.as to your project 

What is the expected output? What do you see instead?
It should only use the ciphers and modes a particular project uses.
Instead of passing a string (like "blowfish-ecb") representing the cipher
and mode to Crypto's getCipher() mode, it should somehow pass instances of
the cipher and mode you'd like to you. That way only the code of the cipher
and mode you wish to use and downloaded with the project.

For example, the version of Crypto I am using has the cipher files
(AESKey.as, BlowFishKey.as, and DESKey.as) totaling 60kb. If it were
possible to only use BlowFishKey.as in my crypto code, then 20kb would be
added to the project instead of 60kb.

As more and more ciphers are added to this package, this package has a
potential of adding a very considerable amount of filesize to a project -
much more than it already is doing.

What steps will reproduce the problem?
1. I attached mxml application to reproduce the bug. You can see that the 
encrypted string is not always at the same length, and the server reply 
that it corrupted.
2. It occurs statisticly ~25%.
3. The problem is in "_encrypt method -> chunk.toArray(dst);" probably

What is the expected output? What do you see instead?
Expected Output:
src.position: 71(128), 71(256), 71(384), 71(512), 71(640), 71(768), 71
(896), 71(1024), 71(1152), 71(1280), 71(1408), 71(1536), 71(1664), 71
(1792), 71(1920), 71(2048), 71(2176), 71(2304), 71(2432), 71(2560), 
============================ encryptedKey.length: 2560, PlainKey.Length: 
2236

I can see sometimes (25%) the bug:
src.position: 71(128), 71(256), 71(384), 71(512), 71(640), 71(768), 71
(895), 71(1022), 71(1150), 71(1278), 71(1406), 71(1534), 71(1662), 71
(1790), 71(1918), 71(2046), 71(2174), 71(2302), 71(2430), 71(2558), 
============================ encryptedKey.length: 2558, PlainKey.Length: 
2236

What version of the product are you using? On what operating system?
Windows XP SP2, SP3. AS3Crypto 1.3, SDK 3.4

Thanks,

Hi,

I would like to know if you could add diffie-hellman support in your librarie ?

Thanks.

[deleted issue]

What steps will reproduce the problem?
1. Have an SSL cert signed (issued) by DigiCert Global CA (see attached file)
2. Try to validate the SSL Cert
3. Get error: "PKCS#1 unpad: i=0, expected b[i]==[0,1,2], got b[i]=51"

At first I was getting errors about not being able to find the parent cert
for the SSL certificate I was trying to validate, so I had to add it
manually (the issuer is DigiCert Global CA -
http://www.digicert.com/CACerts/DigiCertGlobalCA.crt).

After that, I get an error when it's trying to verify the RSAKey associated
with that certificate.  The error occurs in the pkcs1unpad function. Does
anyone know what is going wrong?

What steps will reproduce the problem?
1. I'm using as3-stomp to connect to activemq at amq.mycompany.com
2. I replaced all the Socket references to TLSSocket within the as3-stomp source
3. Setup AMQ with a *.mycompany.com certificate
4. Try to connect to amq.mycompany.com

What is the expected output? What do you see instead?

Expected output would be a valid connection instead I get TLSEngine shutdown 
triggered by 
Error: Invalid common name: *.mycompany.com, expected amq.mycompany.com

What version of the product are you using? On what operating system?

Using 1.3 mac os x with firefox 3 using flash trace

Please provide any additional information below.

Line 694 of TLSEngine is where the exception originates. The issue is the 
direct string compare 
on line 691.  This should be improved to allow for wildcards.  I'm going to 
look at fixing this up, 
maybe with regex.  Not sure how to submit a patch.

The patch attached enabled asdoc included in the free Flex SDK to build the
API documentation.
Only side effect is that the int.MIN_VALUE and similar needed to be
replaced with their numeric presentations as for some reason none of the
versions up to date of asdoc could understand those, if they were used as a
default value of a function parameter.

This also fixes issue #1.

What steps will reproduce the problem?
1. Generate a self-signed certificate on your server
2. Try to connect to the server using a TLSSocket


What is the expected output? What do you see instead?
Expected that the certificate would be accepted.  Instead, the cert was
rejected because it was self signed

What version of the product are you using? On what operating system?
Using 1.3 on mac os

Please provide any additional information below.
The code that is rejecting the certificate is in X509Certificate.as at line 79:

if (parent == this) { // pathological case. avoid infinite loop
    return false; // isSigned() returns false if we're self-signed.
}

What steps will reproduce the problem?
1. Use poco netssl_openssl as server side.
2. Use TLSSocket connect the sever.
3.

What is the expected output? What do you see instead?
In debug mode, trace print:
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
TLSEngine shutdown triggered by Error: Cannot verify certificate

What version of the product are you using? On what operating system?
as3crypto 1.0  flex 3.0 
At server side, use SSL 3.0 and TLS 1.0, both version get the same result.

Please provide any additional information below.

What steps will reproduce the problem?
1. Download a file with URLStream
2. Verify its sha1 checksum by calling...?
3. Bang head against wall

What is the expected output? What do you see instead?

I should be able to pass any IDataInput into IHash#hash.  Right now it only 
takes a ByteArray, which severely limits what can be hashed.

What version of the product are you using? On what operating system?

v1.3 on any OS.

Please provide any additional information below.

What steps will reproduce the problem?
1. Run the tool (grabRootCAs.pl) at \certs\tool\.


What is the expected output?
I expect it to work - create the as3 file.

What do you see instead?
curl: (7) Failed to connect to host

What version of the product are you using? On what operating system?
Version: latest from svn.
OS: Vista x32

Fix: 
This can be fixed by changing:
  http://lxr.mozilla.org
to
  http://mxr.mozilla.org

What steps will reproduce the problem?
1. select secretKey, AES, ECB, NONE...
2. any keyFormat....
3. inputText "aaaaa"
4. press "Encrypt"button... is Error..

so...I was..Fix Source...(I`m not English well...Sorry...)

File:com.hurlant.crypto.symmetric.ECBMode


//Line:43 insert...
//=========fix
while(blockSize>src.length)
{
    src.position = src.length;
    src.writeByte(0);
}
src.position = 0;
//===========



byebye~~

                                               -    [email protected]

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

What steps will reproduce the problem?
1. Make the following call

socket = new TLSSocket("plus.pop.mail.yahoo.com", 995); 


What is the expected output? What do you see instead?

Expect to connect or get an error

Actually get an unhandled exception ... see Trace below:

Error: Error #2030: End of file was encountered.
    at flash.utils::ByteArray/readShort()
    at com.hurlant.crypto.tls::TLSEngine/parseHandshakeHello()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:434]
    at com.hurlant.crypto.tls::TLSEngine/parseHandshake()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:312]
    at com.hurlant.crypto.tls::TLSEngine/parseOneRecord()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:228]
    at com.hurlant.crypto.tls::TLSEngine/parseRecord()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:206]
    at com.hurlant.crypto.tls::TLSEngine/dataAvailable()
[\crypto\com\hurlant\crypto\tls\TLSEngine.as:139]


Not sure if this is because Yahoo is using an unhandled TLS version.  At 
the very least would expect the error to be handled.


What version of the product are you using? On what operating system?

v1.2

What steps will reproduce the problem?
1. Create a Blowfish encryption in CBC mode
2. Encrypt to a text-based cipher
3. On decrypt, an error is given: "RangeError: Error #2006: The supplied index 
is out of bounds. at flash.utils::ByteArray/writeBytes()".

What is the expected output? What do you see instead?
The decrypted text is expected. Instead, there is not change.

What version of the product are you using? On what operating system?
as3crypto 1.3; Windows Visa

Please provide any additional information below.

What steps will reproduce the problem?
1. Create TLSSocket
2. connect socket


What is the expected output? What do you see instead?
It is expected to see the handshake, but I see nothing.


What version of the product are you using? On what operating system?
HEAD revision of svn, Win XP, Firefox 3.0.2 with Flash Player 9.0 r124

Please provide any additional information below.

I realized that the problem occurs because the handshake is sent before
Event.CONNECT is raised on the inner socket. I delayed engine.start() after
the connection was made, and my problem was solved.

Extrangely, the problem doesn't happen using the Stand Alone Player
(version 9,0,124,0)

I am using the class RSAKey to sign XML documents and then check using the 
utility XMLSEC (http://www.aleksey.com/xmlsec). But the value of the signature 
never matches the amount signed by xmlsec in a test environment.

What steps will reproduce the problem?
1. Use the file "publicKey" to sign the string contained in "dataToSign.xml.

2. Use the following code to calculate the digital signature:
var src:ByteArray = Hex.toArray(Hex.fromString(dataToSignContent));
var dst:ByteArray = new ByteArray();        
var hash:SHA1 = new SHA1(); 
src = hash.hash(src);
var rsa:RSAKey = PEM.readRSAPrivateKey(key);
rsa.sign(src, dst, src.length);
var signatureValue:String = Base64.encodeByteArray(dst);

3. Use XMLSEC to sign "unsigned.xml" file 
(on command line use "xmlsec1 sign --privkey private.key --output signed.xml 
unsigned.xml").

What is the expected output? What do you see instead?

It is expected that the value of the variable signatureValue (in code above in 
AS3) has the same value produced by xmlsec ie:

FKVcCLU5ac7j0mg5YYLBaarH+DKZRfeL0bX/sBLcL0vMaFSjxplkK9hM7nJCiGRwtV4I/0FujTu4fJqZ
/1ur+SlU5DJxayrI1+ZX3raBsHGAE25egBLXJmNZsh/KSS0pO2eY+GGEyumeuR4lKF0Se4LdJwoxsUeU
amoZj4190xs=

and not

NUm5Mgp8C9qd38uxsTn0CNutstIp8Z8A026Kexp9rmWCaHYP20qaqkTTaP7C8bfpO4FKIeeq3vsCbjUs
iU0W2JudH9IioO1ExNis4Ewkfi/JrxNsTatkeNps8I0OVYUPam/KU8hombMbhZXZiRbDx04KMUtKtLHP
jdj5u0jzK9k=

What version of the product are you using? On what operating system?

I used all the versions of as3crypto, but my tests are with the latest version 
1.3 revision 28. Using FlashBuilder 4 (Flex 4.1.0) in Windows7 64x for signing 
the XML. To verify the signature using FreeBSD8 and/or Ubuntu10 with xmlsec1.

Please provide any additional information below.

In my application I use XML documents also signed with HMAC-SHA1 in XML 
canonicalized and everything works fine (with as3crypto and xmlsec). So I 
assumed that there were no problems in the process of canonicalization. I'm 
working for two months in this role and I can not have any more idea what to do.

What steps will reproduce the problem?
1. Go to http://crypto.hurlant.com/demo/
2. Go to an tabs, and try to test some stuff.
3. Press Decrypt.
4. It'll always throw error. (in debug flash player)

by importing the follwoing:
    import com.hurlant.crypto.symmetric.ICipher;
    import com.hurlant.crypto.symmetric.IVMode;
    import com.hurlant.crypto.symmetric.IMode;
    import com.hurlant.crypto.symmetric.NullPad;
    import com.hurlant.crypto.symmetric.PKCS5;
    import com.hurlant.crypto.symmetric.IPad;
    import com.hurlant.util.Base64;
    import com.hurlant.util.Hex;
    import com.hurlant.crypto.Crypto;

I'm using this to send some variables to a PHP file and then recive the 
results from php like this:

echo 'currName='.$myEncrypt->encrypt($currName).

the encryption key I'm using is "UYHGVREQ"

and I'm decrypting the string from php like this:
decrypt(vars.currName)

imagine that the value of $currName from the php file is "Peter" just for 
an example, ok? it works, just good, just perfect but when accidentaly I 
changed the name to "Rashid", it didn't work!!!

I checked the encrypted string and found "GM+rR8hJp54=" without qutations. 
and that makes the problem and the following error occures in flash:

Error: PKCS#5:unpad: Invalid padding value. expected [103], found [8]
    at com.hurlant.crypto.symmetric::PKCS5/unpad()
    at com.hurlant.crypto.symmetric::ECBMode/decrypt()
    at App/decrypt()
    at App/backResults()
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at flash.net::URLLoader/onComplete()


What is the expected output? What do you see instead?
explained above.


What version of the product are you using? On what operating system?
As3 Crypto Library - 1.3

Please provide any additional information below.

I am trying to connect to gmail's pop3 server (pop.gmail.com:993).

What steps will reproduce the problem?
1. Create an air app (I am using flex).
2. Create a new TLSSocket and connect to gmail.
3. Before I can send anything, I get this error

What is the expected output? What do you see instead?
   Error: pure virtual function call: fromDERContent

What version of the product are you using? On what operating system?
   Latest from SVN. Vista.

I have a swf using TLS that runs fine if I load it locally.  When I host it
on line it fails.

Is there something special I have to add to the crossdomain.xml? 
Everything works fine if I just switch the TLSSocket back to Socket or if I
run the TLSSocket version from my local computer.

What steps will reproduce the problem?
1. Compile and run CryptCompatability.cs
2. Compile and run CryptCompatability.as

What is the expected output? What do you see instead?
Output should be the same, but it's not.

What version of the product are you using? On what operating system?
1.3

Please provide any additional information below.
CryptCompatability.as uses ZeroPad, an IPad implementation, because .NET 
does not support PKCS5 and as3crypto does not support PKCS7.

What steps will reproduce the problem?
1. encrypt in flash 
2. decrypt in java using cipher "RSA/ECB/PKCS1Padding"
3. sometimes, not always, I get following errors
BadPaddingException... Data must being with zero.

I will try and create test keys and data blocks for you as well.

We noticed some inconsistent behavior in the BigInteger.as:fromArray and
BigInteger.as:rShiftTo methods that seem to be attributed to some quirky
math problem in the 64-bit flash runtime on linux.

if a bytearray is passed into the constructor 
a[0] = 1
a[1] = 0
a[2] = 1
the correct BigInteger value should be 65537 (2^16+2^0) but 64-bit flash
gets 41.

We were able to workaround this by dumping the results of the bit shifts
into a temporary variable before assigning by bitwise or (|=) in these two
methods.

It seems to be a fairly low level issue with the runtime, and should only
affect people who installed the 64-bit alpha from Adobe labs.


I submitted this bug to Adobe:
http://bugs.adobe.com/jira/browse/FP-2972


Attached are the source/binary for the faulty test case based on
BigInteger:fromArray (i stripped out as much as I could to highlight the
arithmetic error while still being able to reproduce the issue)


Also attached is a changes.txt file which is a from/to for the changes we
made for the workaround.  Sorry no diff file, it's kind of messy due to
other changes we made in the file.

[deleted issue]

What steps will reproduce the problem?
1. Use TLS socket
2. Apply the diff in issue 4 which suggested by issue 6
3. Connect to a C written server side socket of OpenSSL on port 2000
4. Everything work very good when I am in debug mode. Problem appear when I
put the release on the web server.
5. I can see the <policy-file-request/>\0 to my port 2000 when the socket
in raw mode instead of SSL mode
6. When I reply the cross-domain.xml, the connection closed
(This method work well when I am doing raw socket between the C written
server and the flex)

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?
V1.3

Please provide any additional information below.
Is it something wrong about my way to doing the cross domain security, any
better way to do it?

What steps will reproduce the problem?
1. Go the the Secret Key tab
2. Generate a Key
3. Type some text
4. Press the Encrypt button (you may see errors at this point)
5. Press the Decrypt button (you may also see errors at this point)

Expected outcome:  The text is the same as what was typed in
Actual Outcome: Garbage?

What version of the product are you using? On what operating system?
Demo, any version thatI've gotten ahold of.

Please provide any additional information below.

{ // start initializer

    (function():void 
    {
    var i : uint;
    for (i = 0; i < 256; i++) 
    {
        //do whatever
    }
    } ( )); // function is called directly

} // end initializer

If for loops reside directly inside the initializer, the code is marked as 
unreachable, and the flex compiler will not compile the class.

I have attached a corrected version of the AESKey Class.

What steps will reproduce the problem?
Attempt to send data with size bigger than 16384 bytes fails.

What is the expected output? What do you see instead?
The library should send data reliably no matter its size. However, in case 
of longer packets, the SSL server reports it receives packets with invalid 
length. For example, openssl s_server prints ERROR 3428:error:1408F092:SSL 
routines:SSL3_GET_RECORD:data length too long:.\ssl\s3_pkt.c:446

What version of the product are you using? On what operating system?
This issue is seen in version 1.3, revision 27.

Please provide any additional information below.
I've inspected the sources and found a solution. The fix is in the 
attached file.

using this code:
import com.hurlant.crypto.Crypto;
import com.hurlant.crypto.symmetric.ICipher;
import com.hurlant.util.Hex;
import flash.events.MouseEvent;

var key:ByteArray = Hex.toArray("1234567890abcdef");
var cip:ICipher = Crypto.getCipher("simple-aes-cbc", key);
var dat1:ByteArray = Hex.toArray(Hex.toString("flashguru"));
var dat2:ByteArray = Hex.toArray(Hex.fromString("flashguru"));   


trace("Key "+String(key) ); //Key �4Vx�«Íï
trace("Data "+String(dat1) ) //Data �
trace("Data "+String(dat2) ) //Data �flashguru
trace("ENcry1 "+cip.encrypt(dat1)); //ENcry1 undefined
trace("DEcry1 "+cip.decrypt(dat1)); //DEcry1 undefined

trace("ENcry2 "+cip.encrypt(dat2)); //ENcry2 undefined
trace("DEcry2 "+cip.decrypt(dat2)); //DEcry2 undefined



You can see it returns undefined. Ive tried so many variants as well ripping 
off code and modifying from examples, but still, i get undefined.
Weird thing is that when ripping from demo source, i get undefined but in the 
demo all works.
What am i missing ? And no, as3 is the exakt same as in demo files, should it 
not be returning encrypted data anyway or is this just not working in Flash IDE 
?

All these tests ive made, it seems there is something bugging with 
Hex.toArray() but it could be me who missing some  important part...

What steps will reproduce the problem?
1. Connect to a host with DNS name that is different from the name in the cert.

I think two things are neccessary here, namely:

A. A method of pausing socket handling until the user has indicated
acceptance or rejection of the different name situation.

B. A means of configuring the socket at runtime to ignore Commoon Name
mismatches.

I've already added an "IgnoreCNMismatch" value to my tree, but I haven't
yet added an event chain to get information back to my root application
regarding the mismatch. Once I get some time, I'll handle that.

What steps will reproduce the problem?
1. Be in a timezone different from GMT (PST, in my case)
2. Get your new certificate signed and installed on server
3. Connect to that server using TLSSocket

What is the expected output? What do you see instead?

Expected certificate to be validated, however as3crypto decided that it is 
approx 6.5hrs in the 
future so it can't validate it. Now, if we'll take at a difference between GMT 
and PST at the moment, 
it is 7 hours. So, my guess is that as3crypto did not get this issue into 
account when was validating 
certificate's 'NotBefore'.

What steps will reproduce the problem?
1. compc -load-config=build-swc.xml

What do you see instead?
Loading configuration file /home/aheinz/Desktop/crypto/build-swc.xml
Adobe Compc (Flex Component Compiler)
Version 3.2.0 build 3794
Copyright (c) 2004-2007 Adobe Systems, Inc. All rights reserved.

/home/aheinz/Desktop/crypto/build-swc.xml(13): Error: unable to open
'/usr/share/flex3-sdk/bin/../frameworks/libs/playerglobal.swc'

      </external-library-path>

What version of the product are you using?
as3crypto revision 27, Flex 3.2.0.3794

On what operating system?
RHEL4

Patch attached.

What steps will reproduce the problem?
1. Connect to an SSL socket via a VPN tunnel.

What is the expected output? What do you see instead?

TLSEngine fails instead of keeping the connection. It appears to die at
instantiation of the record protocol.

I'm still gathering information from users, so once I have a tighter grasp
on the problem(and get a test VPN built to hammer on) I'll put more info
here, and get a patch built.

What steps will reproduce the problem?
1. Run asdoc against the source tree

What is the expected output? What do you see instead?

I expected the asdoc to complete, but got errors in Crypto.getCipher(). 
Asdoc apparently does not like "/**" comments within the body of a switch
statement.

What version of the product are you using? On what operating system?

Latest SVN HEAD, as of this morning.  Using ASDoc from Flex SDK 3.0.0.

Please provide any additional information below.

The workaround is to simply change "/**" to "/*" in that part of the code.
 I have attached a patched version of the file.

XTea implementation is wrong. Because it operates on uint types it should use 
">>>" operator for right shift (instead of ">>" which produce wrong results).

You can verify it with C code from wiki: http://en.wikipedia.org/wiki/XTEA