Bug #8439
test_aes_gcm_wrong_tag(OpenSSL::TestCipher) fails randomly
Description
=begin
7) Error:
test_aes_gcm_wrong_tag(OpenSSL::TestCipher):
OpenSSL::Cipher::CipherError: unable to set GCM tag
/builddir/build/BUILD/ruby-2.0.0-p195/test/openssl/test_cipher.rb:190:in auth_tag='test_aes_gcm_wrong_tag'
/builddir/build/BUILD/ruby-2.0.0-p195/test/openssl/test_cipher.rb:190:in
I am building ruby against openssl-1.0.1e-8.el7.x86_64
=end
Associated revisions
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
History
#1
[ruby-core:55149]
Updated by zzak (Zachary Scott) about 4 years ago
Updated by - Category set to ext
- Status changed from Open to Assigned
- Assignee set to MartinBosslet (Martin Bosslet)
- Target version set to 2.1.0
Can you reproduce this with trunk?
#2
[ruby-core:55737]
Updated by vo.x (Vit Ondruch) about 4 years ago
Updated by Might be related/duplicate to #8221
#3
[ruby-core:55812]
Updated by MartinBosslet (Martin Bosslet) about 4 years ago
Updated by vo.x (Vit Ondruch) wrote:
Might be related/duplicate to #8221
Yes, very much sounds like it. I need to take a deeper look at what happens in the OpenSSL implementation that might explain the random failures.
#4
[ruby-core:58204]
Updated by akr (Akira Tanaka) almost 4 years ago
Updated by I tracked down the random failure.
It seems that the failure occur when tag[-1].succ is 2byte.
I.e. it fails when tag[-1] is "9", "Z", "z" or "\xFF".
I modified test_aes_gcm_wrong_tag as follows:
Index: test_cipher.rb¶
--- test_cipher.rb (revision 43555)
+++ test_cipher.rb (working copy)
@@ -187,6 +187,7 @@ class OpenSSL::TestCipher < Test::Unit::
tag = cipher.auth_tag
decipher = new_decryptor('aes-128-gcm', key, iv)
- p [tag[-1], tag[-1].succ] decipher.auth_tag = tag[0..-2] << tag[-1].succ decipher.auth_data = "aad"
When the test fails, ["9", "10"], ["Z", "AA"], ["z", "aa"] or ["\xFF", "\x01\x00"] are shown.
Assuming tag[-1] is a random byte, I guess the test fails once per 64 times on average because 4/256=1/64.
I'm not sure the intent of tag[-1].succ, though.
#5
Updated by akr (Akira Tanaka) almost 4 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r43676.
Vit, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.
#6
[ruby-core:59595]
Updated by vo.x (Vit Ondruch) over 3 years ago
- Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: UNKNOWN, 2.0.0: REQUIRED
#7
Updated by nagachika (Tomoyuki Chikanaga) over 3 years ago
Updated by - Backport changed from 1.9.3: UNKNOWN, 2.0.0: REQUIRED to 1.9.3: UNKNOWN, 2.0.0: DONE
r43676 was backported to ruby_2_0_0 at r44566.
#8
[ruby-core:60483]
Updated by usa (Usaku NAKAMURA) over 3 years ago
Updated by - Backport changed from 1.9.3: UNKNOWN, 2.0.0: DONE to 1.9.3: DONTNEED, 2.0.0: DONE