summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
authorrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-05-24 13:09:03 +0000
committerrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-05-24 13:09:03 +0000
commitce635262f53b760284d56bb1027baebaaec175d1 (patch)
treeefd24c2db86c786402247f7059fb7fa6af796f1c /ext
parentcff5bd63065da3ca53e877b086c2671884ae16dd (diff)
openssl: make Cipher#key= and #iv= reject too long values
* ext/openssl/ossl_cipher.c (ossl_cipher_set_key, ossl_cipher_set_iv): Reject too long values as well as too short ones. Currently they just truncate the input but this would hide bugs and lead to unexpected encryption/decryption results. * test/openssl/test_cipher.rb: Test that Cipher#key= and #iv= reject Strings with invalid length. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r--ext/openssl/ossl_cipher.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index 9aab802508..43a8effa64 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -480,15 +480,17 @@ static VALUE
ossl_cipher_set_key(VALUE self, VALUE key)
{
EVP_CIPHER_CTX *ctx;
+ int key_len;
StringValue(key);
GetCipher(self, ctx);
- if (RSTRING_LEN(key) < EVP_CIPHER_CTX_key_length(ctx))
- ossl_raise(eCipherError, "key length too short");
+ key_len = EVP_CIPHER_CTX_key_length(ctx);
+ if (RSTRING_LEN(key) != key_len)
+ ossl_raise(rb_eArgError, "key must be %d bytes", key_len);
if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1)
- ossl_raise(eCipherError, NULL);
+ ossl_raise(eCipherError, NULL);
return key;
}
@@ -512,12 +514,14 @@ static VALUE
ossl_cipher_set_iv(VALUE self, VALUE iv)
{
EVP_CIPHER_CTX *ctx;
+ int iv_len;
StringValue(iv);
GetCipher(self, ctx);
- if (RSTRING_LEN(iv) < EVP_CIPHER_CTX_iv_length(ctx))
- ossl_raise(eCipherError, "iv length too short");
+ iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+ if (RSTRING_LEN(iv) != iv_len)
+ ossl_raise(rb_eArgError, "iv must be %d bytes", iv_len);
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, (unsigned char *)RSTRING_PTR(iv), -1) != 1)
ossl_raise(eCipherError, NULL);