From b08ae7e73d10b46164b3d2304df0cf59d3d55099 Mon Sep 17 00:00:00 2001 From: Bart de Water Date: Sun, 19 Apr 2020 16:14:34 -0400 Subject: Look up cipher by name instead of constant --- ext/openssl/ossl_cipher.c | 26 +++++--------------------- test/openssl/test_cipher.rb | 6 +++--- 2 files changed, 8 insertions(+), 24 deletions(-) diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 66bf0beb..0b78f40b 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -851,22 +851,6 @@ Init_ossl_cipher(void) * * cipher = OpenSSL::Cipher.new('AES-128-CBC') * - * For each algorithm supported, there is a class defined under the - * Cipher class that goes by the name of the cipher, e.g. to obtain an - * instance of AES, you could also use - * - * # these are equivalent - * cipher = OpenSSL::Cipher::AES.new(128, :CBC) - * cipher = OpenSSL::Cipher::AES.new(128, 'CBC') - * cipher = OpenSSL::Cipher::AES.new('128-CBC') - * - * Finally, due to its wide-spread use, there are also extra classes - * defined for the different key sizes of AES - * - * cipher = OpenSSL::Cipher::AES128.new(:CBC) - * cipher = OpenSSL::Cipher::AES192.new(:CBC) - * cipher = OpenSSL::Cipher::AES256.new(:CBC) - * * === Choosing either encryption or decryption mode * * Encryption and decryption are often very similar operations for @@ -895,7 +879,7 @@ Init_ossl_cipher(void) * without processing the password further. A simple and secure way to * create a key for a particular Cipher is * - * cipher = OpenSSL::Cipher::AES256.new(:CFB) + * cipher = OpenSSL::Cipher.new('AES-256-CFB') * cipher.encrypt * key = cipher.random_key # also sets the generated key on the Cipher * @@ -963,14 +947,14 @@ Init_ossl_cipher(void) * * data = "Very, very confidential data" * - * cipher = OpenSSL::Cipher::AES.new(128, :CBC) + * cipher = OpenSSL::Cipher.new('AES-128-CBC') * cipher.encrypt * key = cipher.random_key * iv = cipher.random_iv * * encrypted = cipher.update(data) + cipher.final * ... - * decipher = OpenSSL::Cipher::AES.new(128, :CBC) + * decipher = OpenSSL::Cipher.new('AES-128-CBC') * decipher.decrypt * decipher.key = key * decipher.iv = iv @@ -1006,7 +990,7 @@ Init_ossl_cipher(void) * not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the * security guarantees of GCM mode. * - * cipher = OpenSSL::Cipher::AES.new(128, :GCM).encrypt + * cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt * cipher.key = key * cipher.iv = nonce * cipher.auth_data = auth_data @@ -1022,7 +1006,7 @@ Init_ossl_cipher(void) * ciphertext with a probability of 1/256. * * raise "tag is truncated!" unless tag.bytesize == 16 - * decipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt + * decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt * decipher.key = key * decipher.iv = nonce * decipher.auth_tag = tag diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index c21c8a5f..178f5aba 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -148,12 +148,12 @@ class OpenSSL::TestCipher < OpenSSL::TestCase def test_AES pt = File.read(__FILE__) %w(ECB CBC CFB OFB).each{|mode| - c1 = OpenSSL::Cipher::AES256.new(mode) + c1 = OpenSSL::Cipher.new("AES-256-#{mode}") c1.encrypt c1.pkcs5_keyivgen("passwd") ct = c1.update(pt) + c1.final - c2 = OpenSSL::Cipher::AES256.new(mode) + c2 = OpenSSL::Cipher.new("AES-256-#{mode}") c2.decrypt c2.pkcs5_keyivgen("passwd") assert_equal(pt, c2.update(ct) + c2.final) @@ -163,7 +163,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase def test_update_raise_if_key_not_set assert_raise(OpenSSL::Cipher::CipherError) do # it caused OpenSSL SEGV by uninitialized key [Bug #2768] - OpenSSL::Cipher::AES128.new("ECB").update "." * 17 + OpenSSL::Cipher.new("AES-128-ECB").update "." * 17 end end -- cgit v1.2.3