18 Oct 2009, 20:32
Todd_2009-08_water_pragsmall

Todd R. Fiala (5 posts)

Hi folks,

While working through recipe 1 (Protecting Information with Symmetric Ciphers), I am getting an error in Ruby 1.9 that I don’t see in Ruby 1.8:

$ ruby1.9 symmetric_cipher.rb ciphertext non-base64 length: 85 symmetric_cipher.rb:10:in final': wrong final block length (OpenSSL::Cipher::CipherError) from symmetric_cipher.rb:10:in '

This is the call to Cipher.final.

Any insight into this? I thought perhaps the 1.9 bindings for OpenSSL changed padding behavior. I have tried modifying the Cipher.padding value for 32-byte/256 bit but that doesn’t seem to make a difference.

I’m on a MacBook Pro, OS X 10.6.1. Both my ruby 1.8 and 1.9 are via MacPorts, and I have the MacPorts openssl 0.9.8k installed. Everything on my system is updated to the latest versions.

Thanks for any thoughts!

Sincerely, Todd Fiala

18 Oct 2009, 21:06
Todd_2009-08_water_pragsmall

Todd R. Fiala (5 posts)

Heh, okay well careful examination of my output above will indicate I added a print statement to tell me a little more about the content of the base64-decoded string.

The base64 decoded string comes out to 32 bytes (the cipher block size) on Ruby 1.8. Something about the string handling or decoding must have changed in Ruby 1.9 since the length of the decoded string is reporting as 85 bytes, which would certainly cause an issue with the decryption. I thought saw 32 on the Ruby 1.9 run but clearly the wiring between my eyes and brain must have been a little cloudy.

I’ll track that down further and report when I figure it out. This does not appear to be an OpenSSL binding issue but rather some kind of string handling change that will need a tweak for ruby 1.9.

-Todd

19 Oct 2009, 01:30
Todd_2009-08_water_pragsmall

Todd R. Fiala (5 posts)

Hi folks,

After fiddling with this a bit, I made a minor change that works. The fix that worked for me was as follows. Replace line 9 from the first security/symmetric_cipher.rb:

plaintext = cipher.update(ciphertext.unpack(‘m*’).to_s)

with this new version (appears to work in both Ruby 1.8 and Ruby 1.9):

plaintext = cipher.update(ciphertext.unpack(‘m’)[0])

I hope that saves somebody some time :-)

-Todd

19 Oct 2009, 07:11
Maik_schmidt_avatar2_pragsmall

Maik Schmidt (113 posts)

Hi Todd!

Thank your very much for pointing this out and for fixing it!!!!

Cheers

Maik

21 Oct 2009, 15:08
Todd_2009-08_water_pragsmall

Todd R. Fiala (5 posts)

Sure thing, Maik :-)

Thanks for writing the book. I look forward to working through the rest of the recipes!

-Todd

  You must be logged in to comment