| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Add a method to set the authentication tag length to be generate by an
AEAD ciphers. In particular, OCB mode which is implemented in OpenSSL
1.1.0 requires this.
|
|
|
|
| |
Fixes c0548c94e499.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function ossl_cipher_update_long() was added to fix this in r48923
(ossl_cipher.c: workaround of OpenSSL API, 2014-12-23), but it didn't
work well. [Bug #10633]
This can be tested by running:
$ fallocate -l 2G data.img
$ ruby -ropenssl <<EOF
cipher = OpenSSL::Cipher.new("aes-128-ecb").encrypt
cipher.key = "\x00" * 16
ct = cipher.update(File.read("data.img")) << cipher.final
p ct.bytesize
EOF
|
|\
| |
| |
| |
| | |
* topic/cipher-iv-len:
cipher: allow setting IV length when using AEAD ciphers
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add OpenSSL::Cipher#iv_len=. For interoperability with other
applications, it is sometimes required. Normally 'IV' is fixed-length,
but in OpenSSL, some ciphers such as aes-128-gcm make use of it as
'nonce', which is variable-length.
Changing the IV length in Cipher#iv= is also an option but I decided not
to choose it. Because in Ruby <= 2.3 Cipher#iv= truncates the input when
the length is longer than the current IV length, changing the behavior
might cause unexpected encryption result.
[Bug #8667] [Bug #10420] [GH ruby/ruby#569]
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_cipher.c (ossl_cipher_get_auth_tag,
ossl_cipher_set_auth_tag): Check if the cipher flags retrieved by
EVP_CIPHER_CTX_flags() includes EVP_CIPH_FLAG_AEAD_CIPHER to see if
the cipher supports AEAD. AES-GCM was the only supported in OpenSSL
1.0.1.
(Init_ossl_cipher): Fix doc; OpenSSL::Cipher::AES.new(128, :GCM) can't
work.
* ext/openssl/openssl_missing.h: Define EVP_CTRL_AEAD_{GET,SET}_TAG if
missing. They are added in OpenSSL 1.1.0, and have the same value as
EVP_CTRL_GCM_{GET,SET}_TAG and EVP_CTRL_CCM_{GET,SET}_TAG.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_cipher.c (ossl_cipher_free): Use EVP_CIPHER_CTX_free()
to free EVP_CIPHER_CTX allocated by EVP_CIPHER_CTX_new().
[ruby-core:75225] [Feature #12324]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: Check existence of accessor functions that
don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its
structures opaque and requires use of these accessor functions.
[ruby-core:75225] [Feature #12324]
* ext/openssl/openssl_missing.[ch]: Implement them if missing.
* ext/openssl/ossl*.c: Use these accessor functions.
* test/openssl/test_hmac.rb: Add missing test for HMAC#reset.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_cipher.c (ossl_cipher_set_key, ossl_cipher_set_iv):
Reject too long values as well as too short ones. Currently they
just truncate the input but this would hide bugs and lead to
unexpected encryption/decryption results.
* test/openssl/test_cipher.rb: Test that Cipher#key= and #iv= reject
Strings with invalid length.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c,
ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c
ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c
ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c
ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c
ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c
ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c
ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use
StringValueCStr() where NUL-terminated string is expected.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
| |
|
| |
|
|
|
|
| |
See also r50351 from ruby/ruby#876
|
| |
|
|
|