kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

[ruby/openssl] User lower case cipher names for maximum compatibility

Browse source 
We ran into some Linux-based systems not accepting the upper case variant

https://github.com/ruby/openssl/commit/7bc49121d5
This commit is contained in:
Bart de Water 2020-07-07 12:59:11 -04:00 committed by Kazuki Yamaguchi
parent 13198d4968
commit da6341b709
Notes: git 2021-03-16 20:38:49 +09:00
3 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
ext/openssl/ossl.c
View file

@ -667,7 +667,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* ahold of the key may use it unless it is encrypted. In order to securely
* export a key you may export it with a pass phrase.
*
* cipher = OpenSSL::Cipher.new 'AES-256-CBC'
* cipher = OpenSSL::Cipher.new 'aes-256-cbc'
* pass_phrase = 'my secure pass phrase goes here'
*
* key_secure = key.export cipher, pass_phrase
@ -775,7 +775,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt,
* the number of iterations largely depends on the hardware being used.
*
* cipher = OpenSSL::Cipher.new 'AES-256-CBC'
* cipher = OpenSSL::Cipher.new 'aes-256-cbc'
* cipher.encrypt
* iv = cipher.random_iv
*
@ -798,7 +798,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* Use the same steps as before to derive the symmetric AES key, this time
* setting the Cipher up for decryption.
*
* cipher = OpenSSL::Cipher.new 'AES-256-CBC'
* cipher = OpenSSL::Cipher.new 'aes-256-cbc'
* cipher.decrypt
* cipher.iv = iv # the one generated with #random_iv
*
@ -833,7 +833,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
*
* First set up the cipher for encryption
*
* encryptor = OpenSSL::Cipher.new 'AES-256-CBC'
* encryptor = OpenSSL::Cipher.new 'aes-256-cbc'
* encryptor.encrypt
* encryptor.pkcs5_keyivgen pass_phrase, salt
*
@ -846,7 +846,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
*
* Use a new Cipher instance set up for decryption
*
* decryptor = OpenSSL::Cipher.new 'AES-256-CBC'
* decryptor = OpenSSL::Cipher.new 'aes-256-cbc'
* decryptor.decrypt
* decryptor.pkcs5_keyivgen pass_phrase, salt
*
@ -934,7 +934,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* ca_key = OpenSSL::PKey::RSA.new 2048
* pass_phrase = 'my secure pass phrase goes here'
*
* cipher = OpenSSL::Cipher.new 'AES-256-CBC'
* cipher = OpenSSL::Cipher.new 'aes-256-cbc'
*
* open 'ca_key.pem', 'w', 0400 do |io|
* io.write ca_key.export(cipher, pass_phrase)

14
ext/openssl/ossl_cipher.c
View file

@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)
* call-seq:
* Cipher.new(string) -> cipher
*
* The string must contain a valid cipher name like "AES-256-CBC".
* The string must contain a valid cipher name like "aes-256-cbc".
*
* A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
*/
@ -874,7 +874,7 @@ Init_ossl_cipher(void)
* individual components name, key length and mode. Either all uppercase
* or all lowercase strings may be used, for example:
*
* cipher = OpenSSL::Cipher.new('AES-128-CBC')
* cipher = OpenSSL::Cipher.new('aes-128-cbc')
*
* === Choosing either encryption or decryption mode
*
@ -904,7 +904,7 @@ Init_ossl_cipher(void)
* without processing the password further. A simple and secure way to
* create a key for a particular Cipher is
*
* cipher = OpenSSL::Cipher.new('AES-256-CFB')
* cipher = OpenSSL::Cipher.new('aes-256-cfb')
* cipher.encrypt
* key = cipher.random_key # also sets the generated key on the Cipher
*
@ -972,14 +972,14 @@ Init_ossl_cipher(void)
*
* data = "Very, very confidential data"
*
* cipher = OpenSSL::Cipher.new('AES-128-CBC')
* cipher = OpenSSL::Cipher.new('aes-128-cbc')
* cipher.encrypt
* key = cipher.random_key
* iv = cipher.random_iv
*
* encrypted = cipher.update(data) + cipher.final
* ...
* decipher = OpenSSL::Cipher.new('AES-128-CBC')
* decipher = OpenSSL::Cipher.new('aes-128-cbc')
* decipher.decrypt
* decipher.key = key
* decipher.iv = iv
@ -1015,7 +1015,7 @@ Init_ossl_cipher(void)
* not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
* security guarantees of GCM mode.
*
* cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt
* cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
* cipher.key = key
* cipher.iv = nonce
* cipher.auth_data = auth_data
@ -1031,7 +1031,7 @@ Init_ossl_cipher(void)
* ciphertext with a probability of 1/256.
*
* raise "tag is truncated!" unless tag.bytesize == 16
* decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
* decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt
* decipher.key = key
* decipher.iv = nonce
* decipher.auth_tag = tag

8
test/openssl/test_cipher.rb
View file

@ -147,13 +147,13 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
def test_AES
pt = File.read(__FILE__)
%w(ECB CBC CFB OFB).each{|mode|
c1 = OpenSSL::Cipher.new("AES-256-#{mode}")
%w(ecb cbc cfb ofb).each{|mode|
c1 = OpenSSL::Cipher.new("aes-256-#{mode}")
c1.encrypt
c1.pkcs5_keyivgen("passwd")
ct = c1.update(pt) + c1.final
c2 = OpenSSL::Cipher.new("AES-256-#{mode}")
c2 = OpenSSL::Cipher.new("aes-256-#{mode}")
c2.decrypt
c2.pkcs5_keyivgen("passwd")
assert_equal(pt, c2.update(ct) + c2.final)
@ -163,7 +163,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
def test_update_raise_if_key_not_set
assert_raise(OpenSSL::Cipher::CipherError) do
# it caused OpenSSL SEGV by uninitialized key [Bug #2768]
OpenSSL::Cipher.new("AES-128-ECB").update "." * 17
OpenSSL::Cipher.new("aes-128-ecb").update "." * 17
end
end