Bug #8439
test_aes_gcm_wrong_tag(OpenSSL::TestCipher) fails randomly
Description
=begin
7) Error:
test_aes_gcm_wrong_tag(OpenSSL::TestCipher):
OpenSSL::Cipher::CipherError: unable to set GCM tag
/builddir/build/BUILD/ruby-2.0.0-p195/test/openssl/test_cipher.rb:190:in auth_tag='test_aes_gcm_wrong_tag'
/builddir/build/BUILD/ruby-2.0.0-p195/test/openssl/test_cipher.rb:190:in
I am building ruby against openssl-1.0.1e-8.el7.x86_64
=end
Associated revisions
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
History
#1
[ruby-core:55149]
Updated by zzak (Zachary Scott) about 4 years ago
Updated by - Assignee set to MartinBosslet (Martin Bosslet)
- Category set to ext
- Status changed from Open to Assigned
- Target version set to 2.1.0
Can you reproduce this with trunk?
#2
[ruby-core:55737]
Updated by vo.x (Vit Ondruch) almost 4 years ago
Updated by Might be related/duplicate to #8221
#3
[ruby-core:55812]
Updated by MartinBosslet (Martin Bosslet) almost 4 years ago
Updated by vo.x (Vit Ondruch) wrote:
Might be related/duplicate to #8221
Yes, very much sounds like it. I need to take a deeper look at what happens in the OpenSSL implementation that might explain the random failures.
#4
[ruby-core:58204]
Updated by akr (Akira Tanaka) over 3 years ago
Updated by I tracked down the random failure.
It seems that the failure occur when tag[-1].succ is 2byte.
I.e. it fails when tag[-1] is "9", "Z", "z" or "\xFF".
I modified test_aes_gcm_wrong_tag as follows:
Index: test_cipher.rb¶
--- test_cipher.rb (revision 43555)
+++ test_cipher.rb (working copy)
@@ -187,6 +187,7 @@ class OpenSSL::TestCipher < Test::Unit::
tag = cipher.auth_tag
decipher = new_decryptor('aes-128-gcm', key, iv)
- p [tag[-1], tag[-1].succ] decipher.auth_tag = tag[0..-2] << tag[-1].succ decipher.auth_data = "aad"
When the test fails, ["9", "10"], ["Z", "AA"], ["z", "aa"] or ["\xFF", "\x01\x00"] are shown.
Assuming tag[-1] is a random byte, I guess the test fails once per 64 times on average because 4/256=1/64.
I'm not sure the intent of tag[-1].succ, though.
#5
Updated by akr (Akira Tanaka) over 3 years ago
- % Done changed from 0 to 100
- Status changed from Assigned to Closed
This issue was solved with changeset r43676.
Vit, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
#6
[ruby-core:59595]
Updated by vo.x (Vit Ondruch) over 3 years ago
- Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: UNKNOWN, 2.0.0: REQUIRED
#7
Updated by nagachika (Tomoyuki Chikanaga) over 3 years ago
Updated by - Backport changed from 1.9.3: UNKNOWN, 2.0.0: REQUIRED to 1.9.3: UNKNOWN, 2.0.0: DONE
r43676 was backported to ruby_2_0_0 at r44566.
#8
[ruby-core:60483]
Updated by usa (Usaku NAKAMURA) over 3 years ago
Updated by - Backport changed from 1.9.3: UNKNOWN, 2.0.0: DONE to 1.9.3: DONTNEED, 2.0.0: DONE