From ce635262f53b760284d56bb1027baebaaec175d1 Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 24 May 2016 13:09:03 +0000
Subject: openssl: make Cipher#key= and #iv= reject too long values

* ext/openssl/ossl_cipher.c (ossl_cipher_set_key, ossl_cipher_set_iv):
  Reject too long values as well as too short ones. Currently they
  just truncate the input but this would hide bugs and lead to
  unexpected encryption/decryption results.

* test/openssl/test_cipher.rb: Test that Cipher#key= and #iv= reject
  Strings with invalid length.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/openssl/test_cipher.rb | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'test/openssl')

diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index dab64aa5a1..aec33fdd1a 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -80,6 +80,18 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
     assert_equal(s1, s2, "encrypt reset")
   end
 
+  def test_key_iv_set
+    # default value for DES-EDE3-CBC
+    assert_equal(24, @c1.key_len)
+    assert_equal(8, @c1.iv_len)
+    assert_raise(ArgumentError) { @c1.key = "\x01" * 23 }
+    @c1.key = "\x01" * 24
+    assert_raise(ArgumentError) { @c1.key = "\x01" * 25 }
+    assert_raise(ArgumentError) { @c1.iv = "\x01" * 7 }
+    @c1.iv = "\x01" * 8
+    assert_raise(ArgumentError) { @c1.iv = "\x01" * 9 }
+  end
+
   def test_empty_data
     @c1.encrypt
     assert_raise(ArgumentError){ @c1.update("") }
-- 
cgit v1.2.3