Unable to set OpenSSL GCM iv_length in Ruby
In OpenSSL you are allowed to change the iv_length on an AES-BCM cipher. (
this was not implemented in the ruby-wrapper. Since I am a novice in C and
OpenSSL I think by no means my supplied patch is complete, it is a start
however. Maybe this missing function can be added to Ruby 2.0?
You can now set the iv_length using:
cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
cipher.iv_len = 16
An issue I already spotted is that OpenSSL sets the ivlen on the
cipher_data (snippet from OpenSSL crypto/evp/e_aes.c):
EVP_AES_GCM_CTX *gctx = c->cipher_data;
gctx->ivlen = arg;
and not the c->cipher->iv_len. So querying for the iv_len in ruby by using
cipher.iv_len will still report the default which is 12. Encryption however
is done correctly using the new iv-length. I tested it by comparing it to
results from other programming languages (Java and C#).
#2 [ruby-core:62365] Updated by David Waite almost 3 years ago
Alternate patch which makes iv length changes implicit in iv= when using GCM.
This issue currently requires me to require a patched ruby for my software to run.
#5 [ruby-core:76243] Updated by Kazuki Yamaguchi 8 months ago
- Tracker changed from Bug to Feature
- Status changed from Assigned to Closed
I think this is good to have. I thought about changing Cipher#iv= first, too, but I didn't because of the current (2.3) behavior of Cipher#iv=. Please see: