[ruby-cvs:62309] rhe:r55146 (trunk): openssl: make Cipher#key= and #iv= reject too long values

rhe at ruby-lang.org rhe at ruby-lang.org
Tue May 24 22:09:03 JST 2016


rhe	2016-05-24 22:09:03 +0900 (Tue, 24 May 2016)

  New Revision: 55146

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55146

  Log:
    openssl: make Cipher#key= and #iv= reject too long values
    
    * ext/openssl/ossl_cipher.c (ossl_cipher_set_key, ossl_cipher_set_iv):
      Reject too long values as well as too short ones. Currently they
      just truncate the input but this would hide bugs and lead to
      unexpected encryption/decryption results.
    
    * test/openssl/test_cipher.rb: Test that Cipher#key= and #iv= reject
      Strings with invalid length.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_cipher.c
    trunk/test/openssl/test_cipher.rb


More information about the ruby-cvs mailing list