From: k@... Date: 2016-07-03T06:53:01+00:00 Subject: [ruby-core:76243] [Ruby trunk Feature#8667][Closed] Unable to set OpenSSL GCM iv_length in Ruby Issue #8667 has been updated by Kazuki Yamaguchi. Tracker changed from Bug to Feature Status changed from Assigned to Closed I think this is good to have. I thought about changing Cipher#iv= first, too, but I didn't because of the current (2.3) behavior of Cipher#iv=. Please see: https://github.com/ruby/openssl/pull/58 ---------------------------------------- Feature #8667: Unable to set OpenSSL GCM iv_length in Ruby https://bugs.ruby-lang.org/issues/8667#change-59482 * Author: Anonymous * Status: Closed * Priority: Normal * Assignee: openssl ---------------------------------------- Hello, In OpenSSL you are allowed to change the iv_length on an AES-BCM cipher. ( http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#GCM_Mode) However this was not implemented in the ruby-wrapper. Since I am a novice in C and OpenSSL I think by no means my supplied patch is complete, it is a start however. Maybe this missing function can be added to Ruby 2.0? You can now set the iv_length using: cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt cipher.iv_len = 16 An issue I already spotted is that OpenSSL sets the ivlen on the cipher_data (snippet from OpenSSL crypto/evp/e_aes.c): EVP_AES_GCM_CTX *gctx = c->cipher_data; gctx->ivlen = arg; and not the c->cipher->iv_len. So querying for the iv_len in ruby by using cipher.iv_len will still report the default which is 12. Encryption however is done correctly using the new iv-length. I tested it by comparing it to results from other programming languages (Java and C#). Regards Andres ---Files-------------------------------- ossl_set_iv_length.patch (1.25 KB) 0001-Alternate-implementation-of-gcm-IV-length-support.patch (2.01 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: