Forum: Ruby-core [Assigned] Unable to set OpenSSL GCM iv_length in Ruby

58479f76374a3ba3c69b9804163f39f4?d=identicon&s=25 drbrain (Eric Hodel) (Guest)
on 2013-07-23 01:04
(Received via mailing list)
Issue #8667 has been updated by drbrain (Eric Hodel).

Category set to ext/openssl
Status changed from Open to Assigned
Assignee set to MartinBosslet (Martin Bosslet)
ruby -v set to -

Bug #8667:  Unable to set OpenSSL GCM iv_length in Ruby

Author: Anonymous
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext/openssl
Target version:
ruby -v: -
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


 In OpenSSL you are allowed to change the iv_length on an AES-BCM
cipher. (
 this was not implemented in the ruby-wrapper. Since I am a novice in C
 OpenSSL I think by no means my supplied patch is complete, it is a
 however. Maybe this missing function can be added to Ruby 2.0?

 You can now set the iv_length using:

 cipher ='aes-128-gcm').encrypt
 cipher.iv_len = 16

 An issue I already spotted is that OpenSSL sets the ivlen on the
 cipher_data (snippet from OpenSSL crypto/evp/e_aes.c):
 EVP_AES_GCM_CTX *gctx = c->cipher_data;
 gctx->ivlen = arg;

 and not the c->cipher->iv_len. So querying for the iv_len in ruby by
 cipher.iv_len will still report the default which is 12. Encryption
 is done correctly using the new iv-length. I tested it by comparing it
 results from other programming languages (Java and C#).

 Regards Andres
This topic is locked and can not be replied to.