diff options
author | Bart de Water <bartdewater@gmail.com> | 2020-04-19 16:14:34 -0400 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2020-04-21 16:33:09 +1200 |
commit | b08ae7e73d10b46164b3d2304df0cf59d3d55099 (patch) | |
tree | eb6158adcf786f7f51e6af40c55f44717625684a | |
parent | eae30d2b96f225798d4a2dd551492e4e6751b248 (diff) | |
download | ruby-openssl-b08ae7e73d10b46164b3d2304df0cf59d3d55099.tar.gz |
Look up cipher by name instead of constant
-rw-r--r-- | ext/openssl/ossl_cipher.c | 26 | ||||
-rw-r--r-- | test/openssl/test_cipher.rb | 6 |
2 files changed, 8 insertions, 24 deletions
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 66bf0beb..0b78f40b 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -851,22 +851,6 @@ Init_ossl_cipher(void) * * cipher = OpenSSL::Cipher.new('AES-128-CBC') * - * For each algorithm supported, there is a class defined under the - * Cipher class that goes by the name of the cipher, e.g. to obtain an - * instance of AES, you could also use - * - * # these are equivalent - * cipher = OpenSSL::Cipher::AES.new(128, :CBC) - * cipher = OpenSSL::Cipher::AES.new(128, 'CBC') - * cipher = OpenSSL::Cipher::AES.new('128-CBC') - * - * Finally, due to its wide-spread use, there are also extra classes - * defined for the different key sizes of AES - * - * cipher = OpenSSL::Cipher::AES128.new(:CBC) - * cipher = OpenSSL::Cipher::AES192.new(:CBC) - * cipher = OpenSSL::Cipher::AES256.new(:CBC) - * * === Choosing either encryption or decryption mode * * Encryption and decryption are often very similar operations for @@ -895,7 +879,7 @@ Init_ossl_cipher(void) * without processing the password further. A simple and secure way to * create a key for a particular Cipher is * - * cipher = OpenSSL::Cipher::AES256.new(:CFB) + * cipher = OpenSSL::Cipher.new('AES-256-CFB') * cipher.encrypt * key = cipher.random_key # also sets the generated key on the Cipher * @@ -963,14 +947,14 @@ Init_ossl_cipher(void) * * data = "Very, very confidential data" * - * cipher = OpenSSL::Cipher::AES.new(128, :CBC) + * cipher = OpenSSL::Cipher.new('AES-128-CBC') * cipher.encrypt * key = cipher.random_key * iv = cipher.random_iv * * encrypted = cipher.update(data) + cipher.final * ... - * decipher = OpenSSL::Cipher::AES.new(128, :CBC) + * decipher = OpenSSL::Cipher.new('AES-128-CBC') * decipher.decrypt * decipher.key = key * decipher.iv = iv @@ -1006,7 +990,7 @@ Init_ossl_cipher(void) * not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the * security guarantees of GCM mode. * - * cipher = OpenSSL::Cipher::AES.new(128, :GCM).encrypt + * cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt * cipher.key = key * cipher.iv = nonce * cipher.auth_data = auth_data @@ -1022,7 +1006,7 @@ Init_ossl_cipher(void) * ciphertext with a probability of 1/256. * * raise "tag is truncated!" unless tag.bytesize == 16 - * decipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt + * decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt * decipher.key = key * decipher.iv = nonce * decipher.auth_tag = tag diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index c21c8a5f..178f5aba 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -148,12 +148,12 @@ class OpenSSL::TestCipher < OpenSSL::TestCase def test_AES pt = File.read(__FILE__) %w(ECB CBC CFB OFB).each{|mode| - c1 = OpenSSL::Cipher::AES256.new(mode) + c1 = OpenSSL::Cipher.new("AES-256-#{mode}") c1.encrypt c1.pkcs5_keyivgen("passwd") ct = c1.update(pt) + c1.final - c2 = OpenSSL::Cipher::AES256.new(mode) + c2 = OpenSSL::Cipher.new("AES-256-#{mode}") c2.decrypt c2.pkcs5_keyivgen("passwd") assert_equal(pt, c2.update(ct) + c2.final) @@ -163,7 +163,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase def test_update_raise_if_key_not_set assert_raise(OpenSSL::Cipher::CipherError) do # it caused OpenSSL SEGV by uninitialized key [Bug #2768] - OpenSSL::Cipher::AES128.new("ECB").update "." * 17 + OpenSSL::Cipher.new("AES-128-ECB").update "." * 17 end end |