diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-03 15:03:55 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-03 15:14:10 +0900 |
commit | aab6051dbdc0cef47c203a95d471bd0417f013fa (patch) | |
tree | 5887e1a06f90920d42a1d3f2dbdac52cc05e8bec /ext/openssl/ossl_cipher.c | |
parent | cf2d4f43a98bdc37224460a0b1851a0dc7ced2e8 (diff) | |
download | ruby-openssl-aab6051dbdc0cef47c203a95d471bd0417f013fa.tar.gz |
cipher: fix documentation regarding default IV
Remove a sentence "If not explicitly set, the OpenSSL default of an
all-zeroes ("\\0") IV is used." It actually works so, but not guranteed
by the OpenSSL API. At least I didn't find any formal documentation
saying so.
Diffstat (limited to 'ext/openssl/ossl_cipher.c')
-rw-r--r-- | ext/openssl/ossl_cipher.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 0ad75592..e2ec0bf8 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -502,9 +502,6 @@ ossl_cipher_set_key(VALUE self, VALUE key) * Cipher#random_iv to create a secure random IV. * * Only call this method after calling Cipher#encrypt or Cipher#decrypt. - * - * If not explicitly set, the OpenSSL default of an all-zeroes ("\\0") IV is - * used. */ static VALUE ossl_cipher_set_iv(VALUE self, VALUE iv) @@ -939,12 +936,10 @@ Init_ossl_cipher(void) * you absolutely need it</b> * * Because of this, you will end up with a mode that explicitly requires - * an IV in any case. Note that for backwards compatibility reasons, - * setting an IV is not explicitly mandated by the Cipher API. If not - * set, OpenSSL itself defaults to an all-zeroes IV ("\\0", not the - * character). Although the IV can be seen as public information, i.e. - * it may be transmitted in public once generated, it should still stay - * unpredictable to prevent certain kinds of attacks. Therefore, ideally + * an IV in any case. Although the IV can be seen as public information, + * i.e. it may be transmitted in public once generated, it should still + * stay unpredictable to prevent certain kinds of attacks. Therefore, + * ideally * * <b>Always create a secure random IV for every encryption of your * Cipher</b> |