Project

General

Profile

Actions
Copy link

Feature #8667

closed

Unable to set OpenSSL GCM iv_length in Ruby

Added by Anonymous over 11 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:56085]

Description

Hello,

In OpenSSL you are allowed to change the iv_length on an AES-BCM cipher. (
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#GCM_Mode) However
this was not implemented in the ruby-wrapper. Since I am a novice in C and
OpenSSL I think by no means my supplied patch is complete, it is a start
however. Maybe this missing function can be added to Ruby 2.0?

You can now set the iv_length using:

cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
cipher.iv_len = 16

An issue I already spotted is that OpenSSL sets the ivlen on the
cipher_data (snippet from OpenSSL crypto/evp/e_aes.c):
EVP_AES_GCM_CTX *gctx = c->cipher_data;
gctx->ivlen = arg;

and not the c->cipher->iv_len. So querying for the iv_len in ruby by using
cipher.iv_len will still report the default which is 12. Encryption however
is done correctly using the new iv-length. I tested it by comparing it to
results from other programming languages (Java and C#).

Regards Andres

Files

Download all files
ossl_set_iv_length.patch (1.25 KB) ossl_set_iv_length.patch Anonymous, 07/23/2013 08:02 AM
0001-Alternate-implementation-of-gcm-IV-length-support.patch (2.01 KB) 0001-Alternate-implementation-of-gcm-IV-length-support.patch against trunk dwaite (David Waite), 05/04/2014 06:31 PM

Related issues 1 (0 open1 closed)

Related to Ruby master - Feature #10420: Cannot set IV length to OpenSSL::CipherClosedActions
Actions
Copy link
 #1 [ruby-core:56112]

Updated by drbrain (Eric Hodel) over 11 years ago

  • Category set to ext/openssl
  • Status changed from Open to Assigned
  • Assignee set to MartinBosslet (Martin Bosslet)
  • ruby -v set to -
Actions
Copy link
 #2 [ruby-core:62365]

Updated by dwaite (David Waite) over 10 years ago

Alternate patch which makes iv length changes implicit in iv= when using GCM.

This issue currently requires me to require a patched ruby for my software to run.

Actions
Copy link
 #3

Updated by zzak (zzak _) over 9 years ago

  • Assignee changed from MartinBosslet (Martin Bosslet) to 7150

Without knowing what HAVE_AUTHENTICATED_ENCRYPTION is, I'm not really sure.. also we need a test for this.

Actions
Copy link
 #4

Updated by rhenium (Kazuki Yamaguchi) over 8 years ago

  • Related to Feature #10420: Cannot set IV length to OpenSSL::Cipher added
Actions
Copy link
 #5 [ruby-core:76243]

Updated by rhenium (Kazuki Yamaguchi) over 8 years ago

  • Tracker changed from Bug to Feature
  • Status changed from Assigned to Closed

I think this is good to have. I thought about changing Cipher#iv= first, too, but I didn't because of the current (2.3) behavior of Cipher#iv=. Please see:

https://github.com/ruby/openssl/pull/58

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0