Look up cipher by name instead of constant

ruby · Apr 19, 2020 · 6f86339 · 6f86339
1 parent 15cbbc7
commit 6f86339
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 24 deletions.
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
@@ -851,22 +851,6 @@ Init_ossl_cipher(void)
      *
      *  cipher = OpenSSL::Cipher.new('AES-128-CBC')
      *
-     * For each algorithm supported, there is a class defined under the
-     * Cipher class that goes by the name of the cipher, e.g. to obtain an
-     * instance of AES, you could also use
-     *
-     *   # these are equivalent
-     *   cipher = OpenSSL::Cipher::AES.new(128, :CBC)
-     *   cipher = OpenSSL::Cipher::AES.new(128, 'CBC')
-     *   cipher = OpenSSL::Cipher::AES.new('128-CBC')
-     *
-     * Finally, due to its wide-spread use, there are also extra classes
-     * defined for the different key sizes of AES
-     *
-     *   cipher = OpenSSL::Cipher::AES128.new(:CBC)
-     *   cipher = OpenSSL::Cipher::AES192.new(:CBC)
-     *   cipher = OpenSSL::Cipher::AES256.new(:CBC)
-     *
      * === Choosing either encryption or decryption mode
      *
      * Encryption and decryption are often very similar operations for
@@ -895,7 +879,7 @@ Init_ossl_cipher(void)
      * without processing the password further. A simple and secure way to
      * create a key for a particular Cipher is
      *
-     *  cipher = OpenSSL::Cipher::AES256.new(:CFB)
+     *  cipher = OpenSSL::Cipher.new('AES-256-CFB')
      *  cipher.encrypt
      *  key = cipher.random_key # also sets the generated key on the Cipher
      *
@@ -963,14 +947,14 @@ Init_ossl_cipher(void)
      *
      *   data = "Very, very confidential data"
      *
-     *   cipher = OpenSSL::Cipher::AES.new(128, :CBC)
+     *   cipher = OpenSSL::Cipher.new('AES-128-CBC')
      *   cipher.encrypt
      *   key = cipher.random_key
      *   iv = cipher.random_iv
      *
      *   encrypted = cipher.update(data) + cipher.final
      *   ...
-     *   decipher = OpenSSL::Cipher::AES.new(128, :CBC)
+     *   decipher = OpenSSL::Cipher.new('AES-128-CBC')
      *   decipher.decrypt
      *   decipher.key = key
      *   decipher.iv = iv
@@ -1006,7 +990,7 @@ Init_ossl_cipher(void)
      * not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
      * security guarantees of GCM mode.
      *
-     *   cipher = OpenSSL::Cipher::AES.new(128, :GCM).encrypt
+     *   cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt
      *   cipher.key = key
      *   cipher.iv = nonce
      *   cipher.auth_data = auth_data
@@ -1022,7 +1006,7 @@ Init_ossl_cipher(void)
      * ciphertext with a probability of 1/256.
      *
      *   raise "tag is truncated!" unless tag.bytesize == 16
-     *   decipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt
+     *   decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
      *   decipher.key = key
      *   decipher.iv = nonce
      *   decipher.auth_tag = tag

diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
@@ -148,12 +148,12 @@ def test_ciphers
   def test_AES
     pt = File.read(__FILE__)
     %w(ECB CBC CFB OFB).each{|mode|
-      c1 = OpenSSL::Cipher::AES256.new(mode)
+      c1 = OpenSSL::Cipher.new("AES-256-#{mode}")
       c1.encrypt
       c1.pkcs5_keyivgen("passwd")
       ct = c1.update(pt) + c1.final
 
-      c2 = OpenSSL::Cipher::AES256.new(mode)
+      c2 = OpenSSL::Cipher.new("AES-256-#{mode}")
       c2.decrypt
       c2.pkcs5_keyivgen("passwd")
       assert_equal(pt, c2.update(ct) + c2.final)
@@ -163,7 +163,7 @@ def test_AES
   def test_update_raise_if_key_not_set
     assert_raise(OpenSSL::Cipher::CipherError) do
       # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
-      OpenSSL::Cipher::AES128.new("ECB").update "." * 17
+      OpenSSL::Cipher.new("AES-128-ECB").update "." * 17
     end
   end