ruby.git/test/openssl/test_cipher.rb, branch v4.0.4 The Ruby Programming Language [ruby/openssl] cipher: use EVP_CIPHER_fetch() if available 2025-11-06T13:25:09+00:00 Kazuki Yamaguchi k@rhe.jp 2025-08-09T09:36:49+00:00 57aaf86bdbdaacb66ebbd29d1e2551d87167cbfe Likewise, use EVP_MD_fetch() if it is available. This adds support for AES-GCM-SIV with OpenSSL 3.2 or later. https://github.com/ruby/openssl/commit/0e565a215e 
Likewise, use EVP_MD_fetch() if it is available.

This adds support for AES-GCM-SIV with OpenSSL 3.2 or later.

https://github.com/ruby/openssl/commit/0e565a215e
[ruby/openssl] cipher: raise CipherError for unsupported algorithm name 2025-11-06T13:25:09+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-03T09:26:28+00:00 26751e40857be6faf91d0c87362ebae769f51faa Raise OpenSSL::Cipher::CipherError instead of ArgumentError or RuntimeError for consistency. https://github.com/ruby/openssl/commit/78601c9c34 
Raise OpenSSL::Cipher::CipherError instead of ArgumentError or
RuntimeError for consistency.

https://github.com/ruby/openssl/commit/78601c9c34
[ruby/openssl] Add AuthTagError exception for AEAD authentication 2025-09-17T12:32:50+00:00 Samuel Williams samuel.williams@shopify.com 2025-09-17T12:32:47+00:00 a1f39b4b807a5412181ca3f1bf87e7c7d2d9f542 failures (https://github.com/ruby/openssl/pull/939) * Add AuthTagError exception for AEAD authentication failures - Add OpenSSL::Cipher::AuthTagError as a subclass of CipherError - Raise AuthTagError specifically for AEAD cipher authentication tag verification failures - Enhanced error messages: 'AEAD authentication tag verification failed' for auth failures - Precise detection: Only EVP_CipherFinal_ex failures in AEAD ciphers raise AuthTagError - All other errors (key setup, IV setup, update failures, etc.) still raise CipherError - Comprehensive test coverage for GCM/CCM modes and error inheritance - Fully backwards compatible: AuthTagError < CipherError https://github.com/ruby/openssl/commit/9663b09040 
failures
(https://github.com/ruby/openssl/pull/939)

* Add AuthTagError exception for AEAD authentication failures

- Add OpenSSL::Cipher::AuthTagError as a subclass of CipherError
- Raise AuthTagError specifically for AEAD cipher authentication tag verification failures
- Enhanced error messages: 'AEAD authentication tag verification failed' for auth failures
- Precise detection: Only EVP_CipherFinal_ex failures in AEAD ciphers raise AuthTagError
- All other errors (key setup, IV setup, update failures, etc.) still raise CipherError
- Comprehensive test coverage for GCM/CCM modes and error inheritance
- Fully backwards compatible: AuthTagError < CipherError

https://github.com/ruby/openssl/commit/9663b09040
[ruby/openssl] cipher: make output buffer String independent 2024-12-21T18:33:03+00:00 Kazuki Yamaguchi k@rhe.jp 2024-12-10T14:06:00+00:00 637f019f1f7611ba41f761a1b17e4228661d0a5b OpenSSL::Cipher#update accepts a String as the second argument to be used as the output buffer. The buffer must be directly writable, in other words, it must not be frozen and not a shared string. rb_str_resize() does not make the String independent if the String already has the intended length. Use the rb_str_modify() family instead to check it. Fixes: https://bugs.ruby-lang.org/issues/20937 https://github.com/ruby/openssl/commit/1de3b80a46 
OpenSSL::Cipher#update accepts a String as the second argument to be
used as the output buffer. The buffer must be directly writable, in
other words, it must not be frozen and not a shared string.

rb_str_resize() does not make the String independent if the String
already has the intended length. Use the rb_str_modify() family instead
to check it.

Fixes: https://bugs.ruby-lang.org/issues/20937

https://github.com/ruby/openssl/commit/1de3b80a46
[ruby/openssl] cipher: fix buffer overflow in Cipher#update 2024-05-02T07:26:11+00:00 Kazuki Yamaguchi k@rhe.jp 2024-02-05T12:54:32+00:00 eb6f0000a4b752803ff7431d24d1a0a535a4387e OpenSSL::Cipher#update currently allocates the output buffer with size (input data length)+(the block size of the cipher). This is insufficient for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers. They have a block size of 8 bytes, but the output may be up to 15 bytes larger than the input. Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output buffer size, instead. OpenSSL doesn't provide a generic way to tell the maximum required buffer size for ciphers, but this is large enough for all algorithms implemented in current versions of OpenSSL. Fixes: https://bugs.ruby-lang.org/issues/20236 https://github.com/ruby/openssl/commit/3035559f54 
OpenSSL::Cipher#update currently allocates the output buffer with size
(input data length)+(the block size of the cipher). This is insufficient
for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers.
They have a block size of 8 bytes, but the output may be up to 15 bytes
larger than the input.

Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output
buffer size, instead. OpenSSL doesn't provide a generic way to tell the
maximum required buffer size for ciphers, but this is large enough for
all algorithms implemented in current versions of OpenSSL.

Fixes: https://bugs.ruby-lang.org/issues/20236

https://github.com/ruby/openssl/commit/3035559f54
[ruby/openssl] Use openssl? instead of OpenSSL::OPENSSL_VERSION_NUMBER. 2023-08-16T05:48:42+00:00 Jun Aruga jaruga@redhat.com 2023-08-14T15:13:22+00:00 8ca0d53fd09b2032d990b0ab92ec63f408861dbc Update the `openssl?` method by adding status argument. Note the format is below. * OpenSSL 3: 0xMNN00PP0 (major minor 00 patch 0) * OpenSSL 1: 0xMNNFFPPS (major minor fix patch status) See <https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_VERSION_NUMBER.html> for details. https://github.com/ruby/openssl/commit/db8deaacd3 
Update the `openssl?` method by adding status argument.

Note the format is below.

* OpenSSL 3: 0xMNN00PP0 (major minor 00 patch 0)
* OpenSSL 1: 0xMNNFFPPS (major minor fix patch status)

See <https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_VERSION_NUMBER.html>
for details.

https://github.com/ruby/openssl/commit/db8deaacd3
[ruby/openssl] Allow empty string to OpenSSL::Cipher#update 2022-12-13T09:07:41+00:00 Yusuke Nakamura yusuke1994525@gmail.com 2022-11-23T12:05:49+00:00 d4dce27d894f4889f29d779c94ba2d30c231f9f8 For some reasons, plaintext may be empty string. ref https://www.rfc-editor.org/rfc/rfc9001.html#section-5.8 https://github.com/ruby/openssl/commit/953592a29e 
For some reasons, plaintext may be empty string.

ref https://www.rfc-editor.org/rfc/rfc9001.html#section-5.8

https://github.com/ruby/openssl/commit/953592a29e
[ruby/openssl] cipher: update test_ciphers 2021-12-20T14:42:02+00:00 Kazuki Yamaguchi k@rhe.jp 2021-10-24T08:50:18+00:00 cfcdd2b4bd6c2420ecc93a8f77e553b53595b7ef Do not attempt to actually use all algorithms. Not all algorithms listed in OpenSSL::Cipher.ciphers are always available. https://github.com/ruby/openssl/commit/91d04f991f 
Do not attempt to actually use all algorithms. Not all algorithms listed
in OpenSSL::Cipher.ciphers are always available.

https://github.com/ruby/openssl/commit/91d04f991f
test/openssl/test_cipher: skip AES-CCM tests on OpenSSL <= 1.1.1b 2021-03-16T13:30:18+00:00 Kazuki Yamaguchi k@rhe.jp 2021-03-16T13:05:04+00:00 44d67128a827c65d1a3867c5d8fd190d10aa1dd2 AES CCM mode in OpenSSL <= 1.1.1b was overly strict in the parameters assignment order. This has been relaxed by OpenSSL 1.1.1c. https://github.com/openssl/openssl/commit/b48e3be947ddc5da6b5a86db8341081c72b9a4ee The test case is failing on Ubuntu 18.04 because it still uses the initial 1.1.1 release and has the issue: http://rubyci.s3.amazonaws.com/graviton2/ruby-master/log/20210316T120003Z.fail.html.gz 
AES CCM mode in OpenSSL <= 1.1.1b was overly strict in the parameters
assignment order. This has been relaxed by OpenSSL 1.1.1c.

https://github.com/openssl/openssl/commit/b48e3be947ddc5da6b5a86db8341081c72b9a4ee

The test case is failing on Ubuntu 18.04 because it still uses the
initial 1.1.1 release and has the issue:

http://rubyci.s3.amazonaws.com/graviton2/ruby-master/log/20210316T120003Z.fail.html.gz
[ruby/openssl] User lower case cipher names for maximum compatibility 2021-03-16T10:16:11+00:00 Bart de Water bartdewater@gmail.com 2020-07-07T16:59:11+00:00 da6341b70942cf448888471f66dfde2cf614f052 We ran into some Linux-based systems not accepting the upper case variant https://github.com/ruby/openssl/commit/7bc49121d5 
We ran into some Linux-based systems not accepting the upper case variant

https://github.com/ruby/openssl/commit/7bc49121d5