ruby-changes:61241
From: Bart <ko1@a...>
Date: Wed, 13 May 2020 15:48:24 +0900 (JST)
Subject: [ruby-changes:61241] c85789f9b2 (master): [ruby/openssl] Look up cipher by name instead of constant
https://git.ruby-lang.org/ruby.git/commit/?id=c85789f9b2 From c85789f9b2882bc95364c5da182a24aa72ca52cc Mon Sep 17 00:00:00 2001 From: Bart de Water <bartdewater@g...> Date: Sun, 19 Apr 2020 16:14:34 -0400 Subject: [ruby/openssl] Look up cipher by name instead of constant https://github.com/ruby/openssl/commit/b08ae7e73d diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 66bf0be..0b78f40 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -851,22 +851,6 @@ Init_ossl_cipher(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_cipher.c#L851 * * cipher = OpenSSL::Cipher.new('AES-128-CBC') * - * For each algorithm supported, there is a class defined under the - * Cipher class that goes by the name of the cipher, e.g. to obtain an - * instance of AES, you could also use - * - * # these are equivalent - * cipher = OpenSSL::Cipher::AES.new(128, :CBC) - * cipher = OpenSSL::Cipher::AES.new(128, 'CBC') - * cipher = OpenSSL::Cipher::AES.new('128-CBC') - * - * Finally, due to its wide-spread use, there are also extra classes - * defined for the different key sizes of AES - * - * cipher = OpenSSL::Cipher::AES128.new(:CBC) - * cipher = OpenSSL::Cipher::AES192.new(:CBC) - * cipher = OpenSSL::Cipher::AES256.new(:CBC) - * * === Choosing either encryption or decryption mode * * Encryption and decryption are often very similar operations for @@ -895,7 +879,7 @@ Init_ossl_cipher(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_cipher.c#L879 * without processing the password further. A simple and secure way to * create a key for a particular Cipher is * - * cipher = OpenSSL::Cipher::AES256.new(:CFB) + * cipher = OpenSSL::Cipher.new('AES-256-CFB') * cipher.encrypt * key = cipher.random_key # also sets the generated key on the Cipher * @@ -963,14 +947,14 @@ Init_ossl_cipher(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_cipher.c#L947 * * data = "Very, very confidential data" * - * cipher = OpenSSL::Cipher::AES.new(128, :CBC) + * cipher = OpenSSL::Cipher.new('AES-128-CBC') * cipher.encrypt * key = cipher.random_key * iv = cipher.random_iv * * encrypted = cipher.update(data) + cipher.final * ... - * decipher = OpenSSL::Cipher::AES.new(128, :CBC) + * decipher = OpenSSL::Cipher.new('AES-128-CBC') * decipher.decrypt * decipher.key = key * decipher.iv = iv @@ -1006,7 +990,7 @@ Init_ossl_cipher(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_cipher.c#L990 * not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the * security guarantees of GCM mode. * - * cipher = OpenSSL::Cipher::AES.new(128, :GCM).encrypt + * cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt * cipher.key = key * cipher.iv = nonce * cipher.auth_data = auth_data @@ -1022,7 +1006,7 @@ Init_ossl_cipher(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_cipher.c#L1006 * ciphertext with a probability of 1/256. * * raise "tag is truncated!" unless tag.bytesize == 16 - * decipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt + * decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt * decipher.key = key * decipher.iv = nonce * decipher.auth_tag = tag diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index c21c8a5..178f5ab 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -148,12 +148,12 @@ class OpenSSL::TestCipher < OpenSSL::TestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_cipher.rb#L148 def test_AES pt = File.read(__FILE__) %w(ECB CBC CFB OFB).each{|mode| - c1 = OpenSSL::Cipher::AES256.new(mode) + c1 = OpenSSL::Cipher.new("AES-256-#{mode}") c1.encrypt c1.pkcs5_keyivgen("passwd") ct = c1.update(pt) + c1.final - c2 = OpenSSL::Cipher::AES256.new(mode) + c2 = OpenSSL::Cipher.new("AES-256-#{mode}") c2.decrypt c2.pkcs5_keyivgen("passwd") assert_equal(pt, c2.update(ct) + c2.final) @@ -163,7 +163,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_cipher.rb#L163 def test_update_raise_if_key_not_set assert_raise(OpenSSL::Cipher::CipherError) do # it caused OpenSSL SEGV by uninitialized key [Bug #2768] - OpenSSL::Cipher::AES128.new("ECB").update "." * 17 + OpenSSL::Cipher.new("AES-128-ECB").update "." * 17 end end -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/