Bug #8439

test_aes_gcm_wrong_tag(OpenSSL::TestCipher) fails randomly

Added by Vit Ondruch about 2 years ago. Updated over 1 year ago.

[ruby-core:55143]
Status:Closed
Priority:Normal
Assignee:Martin Bosslet
ruby -v:ruby -v: ruby 2.0.0p195 (2013-05-14 revision 40734) [x86_64-linux] Backport:1.9.3: DONTNEED, 2.0.0: DONE

Description

=begin
7) Error:
test_aes_gcm_wrong_tag(OpenSSL::TestCipher):
OpenSSL::Cipher::CipherError: unable to set GCM tag
/builddir/build/BUILD/ruby-2.0.0-p195/test/openssl/test_cipher.rb:190:in auth_tag='
/builddir/build/BUILD/ruby-2.0.0-p195/test/openssl/test_cipher.rb:190:in
test_aes_gcm_wrong_tag'

I am building ruby against openssl-1.0.1e-8.el7.x86_64
=end

Associated revisions

Revision 43676
Added by Akira Tanaka over 1 year ago

  • test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.

Revision 43676
Added by Akira Tanaka over 1 year ago

  • test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.

History

#1 Updated by Zachary Scott about 2 years ago

  • Assignee set to Martin Bosslet
  • Category set to ext
  • Status changed from Open to Assigned
  • Target version set to 2.1.0

Can you reproduce this with trunk?

#2 Updated by Vit Ondruch almost 2 years ago

Might be related/duplicate to #8221

#3 Updated by Martin Bosslet almost 2 years ago

vo.x (Vit Ondruch) wrote:

Might be related/duplicate to #8221

Yes, very much sounds like it. I need to take a deeper look at what happens in the OpenSSL implementation that might explain the random failures.

#4 Updated by Akira Tanaka over 1 year ago

I tracked down the random failure.

It seems that the failure occur when tag[-1].succ is 2byte.
I.e. it fails when tag[-1] is "9", "Z", "z" or "\xFF".

I modified test_aes_gcm_wrong_tag as follows:

Index: test_cipher.rb

--- test_cipher.rb (revision 43555)
+++ test_cipher.rb (working copy)
@@ -187,6 +187,7 @@ class OpenSSL::TestCipher < Test::Unit::
tag = cipher.auth_tag

   decipher = new_decryptor('aes-128-gcm', key, iv)
  • p [tag[-1], tag[-1].succ] decipher.auth_tag = tag[0..-2] << tag[-1].succ decipher.auth_data = "aad"

When the test fails, ["9", "10"], ["Z", "AA"], ["z", "aa"] or ["\xFF", "\x01\x00"] are shown.
Assuming tag[-1] is a random byte, I guess the test fails once per 64 times on average because 4/256=1/64.

I'm not sure the intent of tag[-1].succ, though.

#5 Updated by Akira Tanaka over 1 year ago

  • % Done changed from 0 to 100
  • Status changed from Assigned to Closed

This issue was solved with changeset r43676.
Vit, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use String#succ because it can make modified (wrong) auth_tag longer than 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. [Bug #8439] reported by Vit Ondruch.

#6 Updated by Vit Ondruch over 1 year ago

  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: UNKNOWN, 2.0.0: REQUIRED

#7 Updated by Tomoyuki Chikanaga over 1 year ago

  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: REQUIRED to 1.9.3: UNKNOWN, 2.0.0: DONE

r43676 was backported to ruby_2_0_0 at r44566.

#8 Updated by Usaku NAKAMURA over 1 year ago

  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: DONE to 1.9.3: DONTNEED, 2.0.0: DONE

Also available in: Atom PDF