Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test using GCM with IV option failing #31

Open
balasankarc opened this issue Jan 9, 2018 · 1 comment
Open

Test using GCM with IV option failing #31

balasankarc opened this issue Jan 9, 2018 · 1 comment

Comments

@balasankarc
Copy link

Related to #22 , #22 (comment) and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842432

Ruby version: 2.3.3
Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880276
Complete log: http://aws-logs.debian.net/2017/10/30/ruby-encryptor_3.0.0-1_unstable.log

Relevant Log

Run options: -v --seed 47501

# Running:

EncryptorTest#test_should_raise_argument_error_if_key_is_not_specified = 0.00 s = .
EncryptorTest#test_should_use_the_default_authentication_data_if_it_is_not_specified = 0.01 s = .
EncryptorTest#test_should_use_authentication_data_if_it_is_specified = 0.01 s = .
EncryptorTest#test_should_use_the_default_algorithm_if_one_is_not_specified = 0.01 s = .
EncryptorTest#test_should_use_iv_to_initialize_encryption = 0.01 s = .
EncryptorTest#test_should_yield_block_with_cipher_and_options = 0.00 s = .
EncryptorTest#test_should_raise_argument_error_if_iv_is_not_specified = 0.00 s = .
EncryptorTest#test_should_raise_argument_error_if_key_is_too_short = 0.00 s = .
EncryptorTest#test_should_have_a_default_algorithm = 0.00 s = .
EncryptorTest#test_should_raise_argument_error_if_iv_is_too_short = 0.00 s = .
LegacyEncryptorTest#test_should_raise_argument_error_if_key_is_not_specified = 0.00 s = .
LegacyEncryptorTest#test_should_use_the_default_algorithm_if_one_is_not_specified = 0.00 s = .
LegacyEncryptorTest#test_should_yield_block_with_cipher_and_options = 0.00 s = .
LegacyEncryptorTest#test_should_have_a_default_algorithm = 0.00 s = .
CompatibilityTest#test_encrypt_with_iv = 0.00 s = .
CompatibilityTest#test_ciphertext_encrypted_with_v2_decrypts_with_v2_gcm_iv_option = 0.00 s = E
CompatibilityTest#test_decrypt_without_iv = 0.00 s = .
CompatibilityTest#test_encrypt_with_iv_and_salt = 0.00 s = .
CompatibilityTest#test_encrypt_without_iv = 0.00 s = .
CompatibilityTest#test_decrypt_with_iv_and_salt = 0.00 s = .
CompatibilityTest#test_ciphertext_encrypted_with_v2_does_not_decrypt_without_v2_gcm_iv_option = 0.00 s = .
CompatibilityTest#test_decrypt_with_iv = 0.00 s = .

Finished in 0.051692s, 425.6001 runs/s, 696.4365 assertions/s.

  1) Error:
CompatibilityTest#test_ciphertext_encrypted_with_v2_decrypts_with_v2_gcm_iv_option:
OpenSSL::Cipher::CipherError: 
    /<<PKGBUILDDIR>>/lib/encryptor.rb:98:in `final'
    /<<PKGBUILDDIR>>/lib/encryptor.rb:98:in `crypt'
    /<<PKGBUILDDIR>>/lib/encryptor.rb:49:in `decrypt'
    /<<PKGBUILDDIR>>/test/compatibility_test.rb:98:in `test_ciphertext_encrypted_with_v2_decrypts_with_v2_gcm_iv_option'
    /usr/lib/ruby/vendor_ruby/minitest/test.rb:107:in `block (3 levels) in run'
    /usr/lib/ruby/vendor_ruby/minitest/test.rb:204:in `capture_exceptions'
    /usr/lib/ruby/vendor_ruby/minitest/test.rb:104:in `block (2 levels) in run'
    /usr/lib/ruby/vendor_ruby/minitest/test.rb:255:in `time_it'
    /usr/lib/ruby/vendor_ruby/minitest/test.rb:103:in `block in run'
    /usr/lib/ruby/vendor_ruby/minitest.rb:350:in `on_signal'
    /usr/lib/ruby/vendor_ruby/minitest/test.rb:275:in `with_info_handler'
    /usr/lib/ruby/vendor_ruby/minitest/test.rb:102:in `run'
    /usr/lib/ruby/vendor_ruby/minitest.rb:839:in `run_one_method'
    /usr/lib/ruby/vendor_ruby/minitest.rb:324:in `run_one_method'
    /usr/lib/ruby/vendor_ruby/minitest.rb:311:in `block (2 levels) in run'
    /usr/lib/ruby/vendor_ruby/minitest.rb:310:in `each'
    /usr/lib/ruby/vendor_ruby/minitest.rb:310:in `block in run'
    /usr/lib/ruby/vendor_ruby/minitest.rb:350:in `on_signal'
    /usr/lib/ruby/vendor_ruby/minitest.rb:337:in `with_info_handler'
    /usr/lib/ruby/vendor_ruby/minitest.rb:309:in `run'
    /usr/lib/ruby/vendor_ruby/minitest.rb:159:in `block in __run'
    /usr/lib/ruby/vendor_ruby/minitest.rb:159:in `map'
    /usr/lib/ruby/vendor_ruby/minitest.rb:159:in `__run'
    /usr/lib/ruby/vendor_ruby/minitest.rb:136:in `run'
    /usr/lib/ruby/vendor_ruby/minitest.rb:63:in `block in autorun'

22 runs, 36 assertions, 0 failures, 1 errors, 0 skips
rake aborted!
Command failed with status (1): [ruby -w -I"test"  "/usr/lib/ruby/vendor_ruby/rake/rake_test_loader.rb" "test/compatibility_test.rb" "test/encryptor_string_test.rb" "test/encryptor_test.rb" "test/legacy_encryptor_string_test.rb" "test/legacy_encryptor_test.rb" -v]

My understanding is that CVE-2016-7798 was fixed in Ruby 2.3.3 itself. And with #22 , this was fixed also on encryptor end. I don't understand much of the code, but was the comment

Hopefully there won't be too much fallout

actually anticipating something like the above log? If so, what can we do to fix it?
@pravi
Copy link

pravi commented Mar 5, 2018

@shuber @saghaulor ping

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pravi @balasankarc