Bug #8667

Unable to set OpenSSL GCM iv_length in Ruby

Added by Anonymous 9 months ago. Updated 9 months ago.

Assignee:Martin Bosslet
Target version:-
ruby -v:- Backport:1.9.3: UNKNOWN, 2.0.0: UNKNOWN



In OpenSSL you are allowed to change the ivlength on an AES-BCM cipher. (
EncryptInit.html#GCM_Mode) However
this was not implemented in the ruby-wrapper. Since I am a novice in C and
OpenSSL I think by no means my supplied patch is complete, it is a start
however. Maybe this missing function can be added to Ruby 2.0?

You can now set the iv_length using:

cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
cipher.iv_len = 16

An issue I already spotted is that OpenSSL sets the ivlen on the
cipherdata (snippet from OpenSSL crypto/evp/eaes.c):
EVPAESGCMCTX *gctx = c->cipherdata;
gctx->ivlen = arg;

and not the c->cipher->ivlen. So querying for the ivlen in ruby by using
cipher.iv_len will still report the default which is 12. Encryption however
is done correctly using the new iv-length. I tested it by comparing it to
results from other programming languages (Java and C#).

Regards Andres

ossl_set_iv_length.patch Magnifier (1.25 KB) Anonymous, 07/23/2013 08:02 AM


#1 Updated by Eric Hodel 9 months ago

  • Category set to ext/openssl
  • Status changed from Open to Assigned
  • Assignee set to Martin Bosslet
  • ruby -v set to -

Also available in: Atom PDF