Kazuki Yamaguchi
Kazuki Yamaguchi
Thank you for creating this issue. As a general wrapper for EVP_CIPHER_CTX, a cipher-specific code or magic numbers should be minimized. In this point, in my opinion, the current default...
@padde > If I read the code correctly, the only AE cipher that is implemented is currently AES-GCM. Please correct me if I'm wrong. I honestly don't see any problem...
> 16 bytes is the only sensible default which is mostly backwards compatible with the current 16 byte authentication tag generated during GCM encryption, and setting no default would break...
Sorry for the confusion. It seems I misread @owlstead's comment. > @rhenium how about we still add auth_tag_len to the generic wrapper, without setting a default value. It should be...
@bdewater Thanks for reviewing! > To me this seems to imply that you have to keep the IV as secret as the key, while the "Choosing an IV" section of...
The [ruby-core mailing list](https://lists.ruby-lang.org/cgi-bin/mailman/listinfo/ruby-core) or this GitHub issue tracker is the right place for questions about ruby-openssl. From [your email on openssl-users](https://mta.openssl.org/pipermail/openssl-users/2017-August/006400.html): Like Bob Moskowitz who has been posting about...
> > The critical change being: > - ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr)); > + ext = X509V3_EXT_nconf(conf, ctx, RSTRING_PTR(oid), RSTRING_PTR(value)); > > Because EXT_nconf does all the nid...
> I did not find a way to call OBJ_create() from ruby. Is there one? > Many OpenSSL FAQs suggest you need to hack objects.h and recompile, which is >...
The changes in ext/openssl/ossl_x509ext.c look good. Thanks. > I will investigate adding a regress test case for this, can you give me an example of the nid lookup that would...
I agree with your analysis. It's also confusing since the behavior is inconsistent between types, e.g., `X509_REQ_set_version()` updates the `modified` bit while `X509_set_version()` doesn't. > It would be nice to...