Project

General

Profile

Actions

Bug #12561

closed

OpenSSL::Cipher#key= silently truncates key strings.

Added by xavierholt (Kevin Burk) over 8 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:76280]

Description

Not entirely sure if this is a bug or a feature request, so please recategorize if I got it wrong.

Setting the key on an OpenSSL::Cipher will throw an exception if the key is too short. But if the key string is too long, and bytes past the key length are silently discarded. In the IRB session below, it looks like the second and third attempts to set the key succeed, and set the key to different values, but in fact the third attempt sets the key to the same things as the second, ignoring the "ghijkl" that lie past the 128-bit / 16-byte key length.

irb(main):013:0> c = OpenSSL::Cipher.new('AES-128-CBC')
=> #<OpenSSL::Cipher:0x007fb86893af30>
irb(main):014:0> c.key = '1234567890'
OpenSSL::Cipher::CipherError: key length too short
	from (irb):14:in `key='
	from (irb):14
	from /Users/kevin.burk/.rbenv/versions/2.3.0/bin/irb:11:in `<main>'
irb(main):015:0> c.key = '1234567890abcdef'
=> "1234567890abcdef"
irb(main):016:0> c.key = '1234567890abcdefghijkl'
=> "1234567890abcdefghijkl"

Could we throw an OpenSSL::Cipher::CipherError: key length too long exception here? The current behavior makes it very easy for people like me to accidentally screw this up, introducing security flaws.


Files

cipher-truncate.rb (880 Bytes) cipher-truncate.rb Minimal working example. xavierholt (Kevin Burk), 07/06/2016 08:24 PM

Related issues 1 (0 open1 closed)

Has duplicate Ruby master - Bug #14265: Possible bug in OpenSSL libraryThird Party's IssueActions

Updated by rhenium (Kazuki Yamaguchi) over 8 years ago

  • Tracker changed from Feature to Bug
  • Status changed from Open to Closed
  • Backport set to 2.1: WONTFIX, 2.2: WONTFIX, 2.3: WONTFIX

Thank you for reporting!

I believe it is a bug, r55146 fixed it in trunk. Unfortunately it looks like some applications use the behavior unintentionally. So I'm filling Backport with WONTFIX.

Updated by nagachika (Tomoyuki Chikanaga) over 8 years ago

I agree with Kazuki's judgment about backporting to the stable branches.
BTW is there any entry about this change in NEWS file?
User should be noticed about the inconsistent behaviors.

Actions #3

Updated by rhenium (Kazuki Yamaguchi) almost 7 years ago

  • Has duplicate Bug #14265: Possible bug in OpenSSL library added
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0