akr	2013-11-14 19:58:15 +0900 (Thu, 14 Nov 2013)

  New Revision: 43676

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=43676

  Log:
    * test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use
      String#succ because it can make modified (wrong) auth_tag longer
      than 16 bytes.  The longer auth_tag makes that
      EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail.
      [ruby-core:55143] [Bug #8439] reported by Vit Ondruch.

  Modified files:
    trunk/ChangeLog
    trunk/test/openssl/test_cipher.rb
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 43675)
+++ ChangeLog	(revision 43676)
@@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Thu Nov 14 19:53:00 2013  Tanaka Akira  <akr@f...>
+
+	* test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use
+	  String#succ because it can make modified (wrong) auth_tag longer
+	  than 16 bytes.  The longer auth_tag makes that
+	  EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail.
+	  [ruby-core:55143] [Bug #8439] reported by Vit Ondruch.
+
 Thu Nov 14 11:35:37 2013  Nobuyoshi Nakada  <nobu@r...>
 
 	* hash.c (hash_foreach_ensure): restore iter_lev to the previous
Index: test/openssl/test_cipher.rb
===================================================================
--- test/openssl/test_cipher.rb	(revision 43675)
+++ test/openssl/test_cipher.rb	(revision 43676)
@@ -187,7 +187,8 @@ class OpenSSL::TestCipher < Test::Unit:: https://github.com/ruby/ruby/blob/trunk/test/openssl/test_cipher.rb#L187
       tag = cipher.auth_tag
 
       decipher = new_decryptor('aes-128-gcm', key, iv)
-      decipher.auth_tag = tag[0..-2] << tag[-1].succ
+      tag.setbyte(-1, (tag.getbyte(-1) + 1) & 0xff)
+      decipher.auth_tag = tag
       decipher.auth_data = "aad"
 
       assert_raise OpenSSL::Cipher::CipherError do

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/