Merge pull request #384 from bdewater/lower-case-cipher

rhenium · web-flow · commit 3d160913bfce · 2020-07-08T12:05:38.000+09:00
User lower case cipher names for maximum compatibility
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
@@ -664,7 +664,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
  * ahold of the key may use it unless it is encrypted.  In order to securely
  * export a key you may export it with a pass phrase.
  *
- *   cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+ *   cipher = OpenSSL::Cipher.new 'aes-256-cbc'
  *   pass_phrase = 'my secure pass phrase goes here'
  *
  *   key_secure = key.export cipher, pass_phrase
@@ -772,7 +772,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
  * using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt,
  * the number of iterations largely depends on the hardware being used.
  *
- *   cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+ *   cipher = OpenSSL::Cipher.new 'aes-256-cbc'
  *   cipher.encrypt
  *   iv = cipher.random_iv
  *
@@ -795,7 +795,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
  * Use the same steps as before to derive the symmetric AES key, this time
  * setting the Cipher up for decryption.
  *
- *   cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+ *   cipher = OpenSSL::Cipher.new 'aes-256-cbc'
  *   cipher.decrypt
  *   cipher.iv = iv # the one generated with #random_iv
  *
@@ -830,7 +830,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
  *
  * First set up the cipher for encryption
  *
- *   encryptor = OpenSSL::Cipher.new 'AES-256-CBC'
+ *   encryptor = OpenSSL::Cipher.new 'aes-256-cbc'
  *   encryptor.encrypt
  *   encryptor.pkcs5_keyivgen pass_phrase, salt
  *
@@ -843,7 +843,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
  *
  * Use a new Cipher instance set up for decryption
  *
- *   decryptor = OpenSSL::Cipher.new 'AES-256-CBC'
+ *   decryptor = OpenSSL::Cipher.new 'aes-256-cbc'
  *   decryptor.decrypt
  *   decryptor.pkcs5_keyivgen pass_phrase, salt
  *
@@ -931,7 +931,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
  *   ca_key = OpenSSL::PKey::RSA.new 2048
  *   pass_phrase = 'my secure pass phrase goes here'
  *
- *   cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+ *   cipher = OpenSSL::Cipher.new 'aes-256-cbc'
  *
  *   open 'ca_key.pem', 'w', 0400 do |io|
  *     io.write ca_key.export(cipher, pass_phrase)
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
@@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)
  *  call-seq:
  *     Cipher.new(string) -> cipher
  *
- *  The string must contain a valid cipher name like "AES-256-CBC".
+ *  The string must contain a valid cipher name like "aes-256-cbc".
  *
  *  A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
  */
@@ -874,7 +874,7 @@ Init_ossl_cipher(void)
      * individual components name, key length and mode. Either all uppercase
      * or all lowercase strings may be used, for example:
      *
-     *  cipher = OpenSSL::Cipher.new('AES-128-CBC')
+     *  cipher = OpenSSL::Cipher.new('aes-128-cbc')
      *
      * === Choosing either encryption or decryption mode
      *
@@ -904,7 +904,7 @@ Init_ossl_cipher(void)
      * without processing the password further. A simple and secure way to
      * create a key for a particular Cipher is
      *
-     *  cipher = OpenSSL::Cipher.new('AES-256-CFB')
+     *  cipher = OpenSSL::Cipher.new('aes-256-cfb')
      *  cipher.encrypt
      *  key = cipher.random_key # also sets the generated key on the Cipher
      *
@@ -972,14 +972,14 @@ Init_ossl_cipher(void)
      *
      *   data = "Very, very confidential data"
      *
-     *   cipher = OpenSSL::Cipher.new('AES-128-CBC')
+     *   cipher = OpenSSL::Cipher.new('aes-128-cbc')
      *   cipher.encrypt
      *   key = cipher.random_key
      *   iv = cipher.random_iv
      *
      *   encrypted = cipher.update(data) + cipher.final
      *   ...
-     *   decipher = OpenSSL::Cipher.new('AES-128-CBC')
+     *   decipher = OpenSSL::Cipher.new('aes-128-cbc')
      *   decipher.decrypt
      *   decipher.key = key
      *   decipher.iv = iv
@@ -1015,7 +1015,7 @@ Init_ossl_cipher(void)
      * not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
      * security guarantees of GCM mode.
      *
-     *   cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt
+     *   cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
      *   cipher.key = key
      *   cipher.iv = nonce
      *   cipher.auth_data = auth_data
@@ -1031,7 +1031,7 @@ Init_ossl_cipher(void)
      * ciphertext with a probability of 1/256.
      *
      *   raise "tag is truncated!" unless tag.bytesize == 16
-     *   decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
+     *   decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt
      *   decipher.key = key
      *   decipher.iv = nonce
      *   decipher.auth_tag = tag
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
@@ -147,13 +147,13 @@ def test_ciphers
 
   def test_AES
     pt = File.read(__FILE__)
-    %w(ECB CBC CFB OFB).each{|mode|
-      c1 = OpenSSL::Cipher.new("AES-256-#{mode}")
+    %w(ecb cbc cfb ofb).each{|mode|
+      c1 = OpenSSL::Cipher.new("aes-256-#{mode}")
       c1.encrypt
       c1.pkcs5_keyivgen("passwd")
       ct = c1.update(pt) + c1.final
 
-      c2 = OpenSSL::Cipher.new("AES-256-#{mode}")
+      c2 = OpenSSL::Cipher.new("aes-256-#{mode}")
       c2.decrypt
       c2.pkcs5_keyivgen("passwd")
       assert_equal(pt, c2.update(ct) + c2.final)
@@ -163,7 +163,7 @@ def test_AES
   def test_update_raise_if_key_not_set
     assert_raise(OpenSSL::Cipher::CipherError) do
       # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
-      OpenSSL::Cipher.new("AES-128-ECB").update "." * 17
+      OpenSSL::Cipher.new("aes-128-ecb").update "." * 17
     end
   end
 

Original file line number	Diff line number	Diff line change
`@@ -664,7 +664,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)`
`664`	`664`	`* ahold of the key may use it unless it is encrypted. In order to securely`
`665`	`665`	`* export a key you may export it with a pass phrase.`
`666`	`666`	`*`
`667`		`- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'`
	`667`	`+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'`
`668`	`668`	`* pass_phrase = 'my secure pass phrase goes here'`
`669`	`669`	`*`
`670`	`670`	`* key_secure = key.export cipher, pass_phrase`
`@@ -772,7 +772,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)`
`772`	`772`	`* using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt,`
`773`	`773`	`* the number of iterations largely depends on the hardware being used.`
`774`	`774`	`*`
`775`		`- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'`
	`775`	`+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'`
`776`	`776`	`* cipher.encrypt`
`777`	`777`	`* iv = cipher.random_iv`
`778`	`778`	`*`
`@@ -795,7 +795,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)`
`795`	`795`	`* Use the same steps as before to derive the symmetric AES key, this time`
`796`	`796`	`* setting the Cipher up for decryption.`
`797`	`797`	`*`
`798`		`- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'`
	`798`	`+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'`
`799`	`799`	`* cipher.decrypt`
`800`	`800`	`* cipher.iv = iv # the one generated with #random_iv`
`801`	`801`	`*`
`@@ -830,7 +830,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)`
`830`	`830`	`*`
`831`	`831`	`* First set up the cipher for encryption`
`832`	`832`	`*`
`833`		`- * encryptor = OpenSSL::Cipher.new 'AES-256-CBC'`
	`833`	`+ * encryptor = OpenSSL::Cipher.new 'aes-256-cbc'`
`834`	`834`	`* encryptor.encrypt`
`835`	`835`	`* encryptor.pkcs5_keyivgen pass_phrase, salt`
`836`	`836`	`*`
`@@ -843,7 +843,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)`
`843`	`843`	`*`
`844`	`844`	`* Use a new Cipher instance set up for decryption`
`845`	`845`	`*`
`846`		`- * decryptor = OpenSSL::Cipher.new 'AES-256-CBC'`
	`846`	`+ * decryptor = OpenSSL::Cipher.new 'aes-256-cbc'`
`847`	`847`	`* decryptor.decrypt`
`848`	`848`	`* decryptor.pkcs5_keyivgen pass_phrase, salt`
`849`	`849`	`*`
`@@ -931,7 +931,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)`
`931`	`931`	`* ca_key = OpenSSL::PKey::RSA.new 2048`
`932`	`932`	`* pass_phrase = 'my secure pass phrase goes here'`
`933`	`933`	`*`
`934`		`- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'`
	`934`	`+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'`
`935`	`935`	`*`
`936`	`936`	`* open 'ca_key.pem', 'w', 0400 do \|io\|`
`937`	`937`	`* io.write ca_key.export(cipher, pass_phrase)`
Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)`
`104`	`104`	`* call-seq:`
`105`	`105`	`* Cipher.new(string) -> cipher`
`106`	`106`	`*`
`107`		`- * The string must contain a valid cipher name like "AES-256-CBC".`
	`107`	`+ * The string must contain a valid cipher name like "aes-256-cbc".`
`108`	`108`	`*`
`109`	`109`	`* A list of cipher names is available by calling OpenSSL::Cipher.ciphers.`
`110`	`110`	`*/`
`@@ -874,7 +874,7 @@ Init_ossl_cipher(void)`
`874`	`874`	`* individual components name, key length and mode. Either all uppercase`
`875`	`875`	`* or all lowercase strings may be used, for example:`
`876`	`876`	`*`
`877`		`- * cipher = OpenSSL::Cipher.new('AES-128-CBC')`
	`877`	`+ * cipher = OpenSSL::Cipher.new('aes-128-cbc')`
`878`	`878`	`*`
`879`	`879`	`* === Choosing either encryption or decryption mode`
`880`	`880`	`*`
`@@ -904,7 +904,7 @@ Init_ossl_cipher(void)`
`904`	`904`	`* without processing the password further. A simple and secure way to`
`905`	`905`	`* create a key for a particular Cipher is`
`906`	`906`	`*`
`907`		`- * cipher = OpenSSL::Cipher.new('AES-256-CFB')`
	`907`	`+ * cipher = OpenSSL::Cipher.new('aes-256-cfb')`
`908`	`908`	`* cipher.encrypt`
`909`	`909`	`* key = cipher.random_key # also sets the generated key on the Cipher`
`910`	`910`	`*`
`@@ -972,14 +972,14 @@ Init_ossl_cipher(void)`
`972`	`972`	`*`
`973`	`973`	`* data = "Very, very confidential data"`
`974`	`974`	`*`
`975`		`- * cipher = OpenSSL::Cipher.new('AES-128-CBC')`
	`975`	`+ * cipher = OpenSSL::Cipher.new('aes-128-cbc')`
`976`	`976`	`* cipher.encrypt`
`977`	`977`	`* key = cipher.random_key`
`978`	`978`	`* iv = cipher.random_iv`
`979`	`979`	`*`
`980`	`980`	`* encrypted = cipher.update(data) + cipher.final`
`981`	`981`	`* ...`
`982`		`- * decipher = OpenSSL::Cipher.new('AES-128-CBC')`
	`982`	`+ * decipher = OpenSSL::Cipher.new('aes-128-cbc')`
`983`	`983`	`* decipher.decrypt`
`984`	`984`	`* decipher.key = key`
`985`	`985`	`* decipher.iv = iv`
`@@ -1015,7 +1015,7 @@ Init_ossl_cipher(void)`
`1015`	`1015`	`* not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the`
`1016`	`1016`	`* security guarantees of GCM mode.`
`1017`	`1017`	`*`
`1018`		`- * cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt`
	`1018`	`+ * cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt`
`1019`	`1019`	`* cipher.key = key`
`1020`	`1020`	`* cipher.iv = nonce`
`1021`	`1021`	`* cipher.auth_data = auth_data`
`@@ -1031,7 +1031,7 @@ Init_ossl_cipher(void)`
`1031`	`1031`	`* ciphertext with a probability of 1/256.`
`1032`	`1032`	`*`
`1033`	`1033`	`* raise "tag is truncated!" unless tag.bytesize == 16`
`1034`		`- * decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt`
	`1034`	`+ * decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt`
`1035`	`1035`	`* decipher.key = key`
`1036`	`1036`	`* decipher.iv = nonce`
`1037`	`1037`	`* decipher.auth_tag = tag`