summaryrefslogtreecommitdiff
path: root/ext/openssl
diff options
context:
space:
mode:
authorBart de Water <bartdewater@gmail.com>2020-07-07 12:59:11 -0400
committerKazuki Yamaguchi <k@rhe.jp>2021-03-16 19:16:11 +0900
commitda6341b70942cf448888471f66dfde2cf614f052 (patch)
tree54b55bbc6796d5d47fd1ca9eb378cc690918effb /ext/openssl
parent13198d4968a6591ec423832c4bf00c56ffdb337a (diff)
[ruby/openssl] User lower case cipher names for maximum compatibility
We ran into some Linux-based systems not accepting the upper case variant https://github.com/ruby/openssl/commit/7bc49121d5
Notes
Notes: Merged: https://github.com/ruby/ruby/pull/4275
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/ossl.c12
-rw-r--r--ext/openssl/ossl_cipher.c14
2 files changed, 13 insertions, 13 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index b9e5ba2a982..b64f1e0e343 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -667,7 +667,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* ahold of the key may use it unless it is encrypted. In order to securely
* export a key you may export it with a pass phrase.
*
- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'
* pass_phrase = 'my secure pass phrase goes here'
*
* key_secure = key.export cipher, pass_phrase
@@ -775,7 +775,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt,
* the number of iterations largely depends on the hardware being used.
*
- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'
* cipher.encrypt
* iv = cipher.random_iv
*
@@ -798,7 +798,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* Use the same steps as before to derive the symmetric AES key, this time
* setting the Cipher up for decryption.
*
- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'
* cipher.decrypt
* cipher.iv = iv # the one generated with #random_iv
*
@@ -833,7 +833,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
*
* First set up the cipher for encryption
*
- * encryptor = OpenSSL::Cipher.new 'AES-256-CBC'
+ * encryptor = OpenSSL::Cipher.new 'aes-256-cbc'
* encryptor.encrypt
* encryptor.pkcs5_keyivgen pass_phrase, salt
*
@@ -846,7 +846,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
*
* Use a new Cipher instance set up for decryption
*
- * decryptor = OpenSSL::Cipher.new 'AES-256-CBC'
+ * decryptor = OpenSSL::Cipher.new 'aes-256-cbc'
* decryptor.decrypt
* decryptor.pkcs5_keyivgen pass_phrase, salt
*
@@ -934,7 +934,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* ca_key = OpenSSL::PKey::RSA.new 2048
* pass_phrase = 'my secure pass phrase goes here'
*
- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'
*
* open 'ca_key.pem', 'w', 0400 do |io|
* io.write ca_key.export(cipher, pass_phrase)
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index 5b92fc39f05..28f5c1b5efd 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)
* call-seq:
* Cipher.new(string) -> cipher
*
- * The string must contain a valid cipher name like "AES-256-CBC".
+ * The string must contain a valid cipher name like "aes-256-cbc".
*
* A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
*/
@@ -874,7 +874,7 @@ Init_ossl_cipher(void)
* individual components name, key length and mode. Either all uppercase
* or all lowercase strings may be used, for example:
*
- * cipher = OpenSSL::Cipher.new('AES-128-CBC')
+ * cipher = OpenSSL::Cipher.new('aes-128-cbc')
*
* === Choosing either encryption or decryption mode
*
@@ -904,7 +904,7 @@ Init_ossl_cipher(void)
* without processing the password further. A simple and secure way to
* create a key for a particular Cipher is
*
- * cipher = OpenSSL::Cipher.new('AES-256-CFB')
+ * cipher = OpenSSL::Cipher.new('aes-256-cfb')
* cipher.encrypt
* key = cipher.random_key # also sets the generated key on the Cipher
*
@@ -972,14 +972,14 @@ Init_ossl_cipher(void)
*
* data = "Very, very confidential data"
*
- * cipher = OpenSSL::Cipher.new('AES-128-CBC')
+ * cipher = OpenSSL::Cipher.new('aes-128-cbc')
* cipher.encrypt
* key = cipher.random_key
* iv = cipher.random_iv
*
* encrypted = cipher.update(data) + cipher.final
* ...
- * decipher = OpenSSL::Cipher.new('AES-128-CBC')
+ * decipher = OpenSSL::Cipher.new('aes-128-cbc')
* decipher.decrypt
* decipher.key = key
* decipher.iv = iv
@@ -1015,7 +1015,7 @@ Init_ossl_cipher(void)
* not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
* security guarantees of GCM mode.
*
- * cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt
+ * cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
* cipher.key = key
* cipher.iv = nonce
* cipher.auth_data = auth_data
@@ -1031,7 +1031,7 @@ Init_ossl_cipher(void)
* ciphertext with a probability of 1/256.
*
* raise "tag is truncated!" unless tag.bytesize == 16
- * decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
+ * decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt
* decipher.key = key
* decipher.iv = nonce
* decipher.auth_tag = tag