Skip to content
This repository
Browse code

Reorganize MessageEncryptor

1) According to OpenSSL's documentation, cipher.random_iv must be called
   after cipher.encrypt and already sets the generated IV on the cipher.

2) OpenSSL::CipherError was moved to OpenSSL::Cipher::CipherError in
   Ruby 1.8.7. Since Rails 4 requires at least Ruby 1.9.3, support for
   the old location can be dropped.
  • Loading branch information...
commit 91a0a1156e622cad5221f33e852c19aa8eba6cbf 1 parent 41a90dd
J. Leis authored
9  activesupport/lib/active_support/message_encryptor.rb
@@ -28,7 +28,7 @@ def self.dump(value)
28 28
     end
29 29
 
30 30
     class InvalidMessage < StandardError; end
31  
-    OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
  31
+    OpenSSLCipherError = OpenSSL::Cipher::CipherError
32 32
 
33 33
     # Initialize a new MessageEncryptor. +secret+ must be at least as long as
34 34
     # the cipher key size. For the default 'aes-256-cbc' cipher, this is 256
@@ -66,12 +66,11 @@ def decrypt_and_verify(value)
66 66
 
67 67
     def _encrypt(value)
68 68
       cipher = new_cipher
69  
-      # Rely on OpenSSL for the initialization vector
70  
-      iv = cipher.random_iv
71  
-
72 69
       cipher.encrypt
73 70
       cipher.key = @secret
74  
-      cipher.iv  = iv
  71
+
  72
+      # Rely on OpenSSL for the initialization vector
  73
+      iv = cipher.random_iv
75 74
 
76 75
       encrypted_data = cipher.update(@serializer.dump(value))
77 76
       encrypted_data << cipher.final

0 notes on commit 91a0a11

Please sign in to comment.
Something went wrong with that request. Please try again.