Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cipher.update and cipher.final JRuby vs MRI behavior different #183

Open
shibz opened this issue Jul 12, 2019 · 0 comments
Open

cipher.update and cipher.final JRuby vs MRI behavior different #183

shibz opened this issue Jul 12, 2019 · 0 comments

Comments

@shibz
Copy link

shibz commented Jul 12, 2019

cipher.update and cipher.final have different behavior in JRuby vs MRI for block ciphers when data is added in KEY_LENGTH sized chunks.

require 'openssl'
require 'securerandom'

KEY_LENGTH = 16

cipher = OpenSSL::Cipher.new("AES-128-CBC")
cipher.encrypt
cipher.key = SecureRandom.random_bytes(KEY_LENGTH)

puts cipher.update(SecureRandom.random_bytes(KEY_LENGTH)).length

# MRI = 16
# JRuby = 0

puts cipher.final.length

# MRI = 16
# JRuby = 32

In MRI Ruby, a block of ciphertext is returned as soon as an entire block of data (KEY_LENGTH bytes) has been provided to the cipher. In JRuby, that block of ciphertext is not returned until one additional byte is added to the cipher (for a total of KEY_LENGTH + 1 bytes) via cipher.update.

This produces undesired results in situations where the cipher.final method should be optional because the last block (with PKCS#7 padding) is not desired. For example: SmallLars/openssl-cmac#3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shibz