diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | test/openssl/test_cipher.rb | 3 |
2 files changed, 10 insertions, 1 deletions
@@ -1,3 +1,11 @@ +Thu Nov 14 19:53:00 2013 Tanaka Akira <akr@fsij.org> + + * test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use + String#succ because it can make modified (wrong) auth_tag longer + than 16 bytes. The longer auth_tag makes that + EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. + [ruby-core:55143] [Bug #8439] reported by Vit Ondruch. + Thu Nov 14 11:35:37 2013 Nobuyoshi Nakada <nobu@ruby-lang.org> * hash.c (hash_foreach_ensure): restore iter_lev to the previous diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 088dbc140d..156fa2a9c9 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -187,7 +187,8 @@ class OpenSSL::TestCipher < Test::Unit::TestCase tag = cipher.auth_tag decipher = new_decryptor('aes-128-gcm', key, iv) - decipher.auth_tag = tag[0..-2] << tag[-1].succ + tag.setbyte(-1, (tag.getbyte(-1) + 1) & 0xff) + decipher.auth_tag = tag decipher.auth_data = "aad" assert_raise OpenSSL::Cipher::CipherError do |