1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

* ext/openssl/ossl_cipher.c: Add warning about key as IV.

Browse Source 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34463 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
emboss 2012-02-08 00:29:26 +00:00
parent 89a2a10508
commit aa3854e33d
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
Wed Feb 08 09:19:00 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/ossl_cipher.c: Add warning about key as IV.
Tue Feb 7 20:08:12 2012 Ayumu AIZAWA <ayumu.aizawa@gmail.com> Tue Feb 7 20:08:12 2012 Ayumu AIZAWA <ayumu.aizawa@gmail.com>
* error.c (exc_inspect): Fix typo. patch from Trent Ogren * error.c (exc_inspect): Fix typo. patch from Trent Ogren

6
ext/openssl/ossl_cipher.c
View File

@ -686,6 +686,12 @@ Init_ossl_cipher(void)
* key = cipher.random_key * key = cipher.random_key
* iv = cipher.random_iv # also sets the generated IV on the Cipher * iv = cipher.random_iv # also sets the generated IV on the Cipher
* *
* Although the key is generally a random value, too, it is a bad choice
* as an IV. There are elaborate ways how an attacker can take advantage
* of such an IV. As a general rule of thumb, exposing the key directly
* or indirectly should be avoided at all cost and exceptions only be
* made with good reason.
*
* === Calling Cipher#final * === Calling Cipher#final
* *
* ECB (which should not be used) and CBC are both block-based modes. * ECB (which should not be used) and CBC are both block-based modes.