Skip to content

Add failing tests for #983#1

Draft
jas14 wants to merge 9 commits into
masterfrom
983-missing-ivlen
Draft

Add failing tests for #983#1
jas14 wants to merge 9 commits into
masterfrom
983-missing-ivlen

Conversation

@jas14

@jas14 jas14 commented Feb 20, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

@jas14 jas14 force-pushed the 983-missing-ivlen branch from f756f80 to 7b41f1b Compare February 20, 2026 19:49
@jas14 jas14 force-pushed the 983-missing-ivlen branch from 2149f4c to 3e3b377 Compare February 20, 2026 19:52
Comment on lines +83 to +91
if ciphername == 'none'
cipher = Transport::IdentityCipher
else
cipher = OpenSSL::Cipher.new(CipherFactory::SSH_TO_OSSL[ciphername])
cipher.decrypt
cipher.key = key[0...keylen]
cipher.iv = key[keylen...keylen + ivlen]
cipher.padding = 0
end

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested manually with AES-CBC, AES-GCM, and unencrypted keys. This doesn't yet work with ChaCha20-Poly1305; it looks like the corresponding class defines key_length to be 64, which is the bytes of key material required to maintain two ciphers.

While that may be necessary for transport, it's not for decrypting a private key. We may be better off interrogating the OpenSSL::Cipher#key_len (and iv_len) directly instead of using CipherFactory.get_lengths above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant