From 9054e9b7c303a9bf9c02fe3601eaed9b1b1dfe78 Mon Sep 17 00:00:00 2001 From: David Waite Date: Sun, 4 May 2014 12:28:35 -0600 Subject: [PATCH] Alternate implementation of gcm IV length support; make setting the IV length implicit in assigning an IV. --- ext/openssl/ossl_cipher.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index df6fd10..b95d034 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -450,6 +450,11 @@ ossl_cipher_set_key(VALUE self, VALUE key) return key; } +#define ossl_is_gcm(nid) (nid) == NID_aes_128_gcm || \ + (nid) == NID_aes_192_gcm || \ + (nid) == NID_aes_256_gcm + + /* * call-seq: * cipher.iv = string -> string @@ -468,16 +473,29 @@ ossl_cipher_set_key(VALUE self, VALUE key) static VALUE ossl_cipher_set_iv(VALUE self, VALUE iv) { + long ivlen; + int nid; EVP_CIPHER_CTX *ctx; StringValue(iv); GetCipher(self, ctx); - if (RSTRING_LEN(iv) < EVP_CIPHER_CTX_iv_length(ctx)) - ossl_raise(eCipherError, "iv length too short"); + ivlen = RSTRING_LEN(iv); + nid = EVP_CIPHER_CTX_nid(ctx); + +#ifdef HAVE_AUTHENTICATED_ENCRYPTION + if (ossl_is_gcm(nid)) { + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL); + } else { +#endif + if (ivlen < EVP_CIPHER_CTX_iv_length(ctx)) + ossl_raise(eCipherError, "iv length too short"); +#ifdef HAVE_AUTHENTICATED_ENCRYPTION + } +#endif if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, (unsigned char *)RSTRING_PTR(iv), -1) != 1) - ossl_raise(eCipherError, NULL); + ossl_raise(eCipherError, NULL); return iv; } @@ -522,10 +540,6 @@ ossl_cipher_set_auth_data(VALUE self, VALUE data) return data; } -#define ossl_is_gcm(nid) (nid) == NID_aes_128_gcm || \ - (nid) == NID_aes_192_gcm || \ - (nid) == NID_aes_256_gcm - static VALUE ossl_get_gcm_auth_tag(EVP_CIPHER_CTX *ctx, int len) { -- 1.9.2