Fix auth_tag retrieval on JRuby (#32)

rack · Jan 22, 2024 · d6a7228 · d6a7228
1 parent a5944c0
commit d6a7228
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/lib/rack/session/encryptor.rb b/lib/rack/session/encryptor.rb
@@ -302,7 +302,7 @@ def encrypt(message)
           encrypted_data = cipher.update(serialized_payload) << cipher.final
 
           data << cipher_iv
-          data << cipher.auth_tag(16)
+          data << auth_tag_from(cipher)
           data << encrypted_data
 
           Base64.strict_encode64(data)
@@ -327,6 +327,21 @@ def message_secret_from_salt(salt)
         def set_cipher_key(cipher, key)
           cipher.key = key
         end
+
+        if RUBY_ENGINE == 'jruby'
+          # JRuby's OpenSSL implementation doesn't currently support passing
+          # an argument to #auth_tag. Here we work around that.
+          def auth_tag_from(cipher)
+            tag = cipher.auth_tag
+            raise Error, 'the auth tag must be 16 bytes long' if tag.bytesize != 16
+
+            tag
+          end
+        else
+          def auth_tag_from(cipher)
+            cipher.auth_tag(16)
+          end
+        end
       end
 
       def initialize(secret, opts = {})