ruby-core

Issue #8667 has been updated by Kazuki Yamaguchi.

Tracker changed from Bug to Feature
Status changed from Assigned to Closed

I think this is good to have. I thought about changing Cipher#iv= first, too, but I didn't because of the current (2.3) behavior of Cipher#iv=. Please see:

https://github.com/ruby/openssl/pull/58

----------------------------------------
Feature #8667:  Unable to set OpenSSL GCM iv_length in Ruby
https://bugs.ruby-lang.org/issues/8667#change-59482

* Author: Anonymous
* Status: Closed
* Priority: Normal
* Assignee: openssl
----------------------------------------
 Hello,
 
 In OpenSSL you are allowed to change the iv_length on an AES-BCM cipher. (
 http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#GCM_Mode) However
 this was not implemented in the ruby-wrapper. Since I am a novice in C and
 OpenSSL I think by no means my supplied patch is complete, it is a start
 however. Maybe this missing function can be added to Ruby 2.0?
 
 You can now set the iv_length using:
 
 cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
 cipher.iv_len = 16
 
 An issue I already spotted is that OpenSSL sets the ivlen on the
 cipher_data (snippet from OpenSSL crypto/evp/e_aes.c):
 EVP_AES_GCM_CTX *gctx = c->cipher_data;
 gctx->ivlen = arg;
 
 and not the c->cipher->iv_len. So querying for the iv_len in ruby by using
 cipher.iv_len will still report the default which is 12. Encryption however
 is done correctly using the new iv-length. I tested it by comparing it to
 results from other programming languages (Java and C#).
 
 Regards Andres

---Files--------------------------------
ossl_set_iv_length.patch (1.25 KB)
0001-Alternate-implementation-of-gcm-IV-length-support.patch (2.01 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>