-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix two bugs with CommonCrypto GCM that can result in invalid output. #1330
Conversation
Test FAILed. |
Test PASSed. |
encryptor = cipher.encryptor() | ||
computed_ct = encryptor.update(pt) + encryptor.finalize() | ||
assert computed_ct == ct | ||
assert encryptor.tag == tag |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should these tests just be run against all backends?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We certainly could do that. They should succeed on all backends and it might uncover future backends that have similar issues? I'll move them to be run for all backends.
Test PASSed. |
Test failures are because OpenSSL 1.0.1 on Ubuntu 12.04 apparently has a similar bug where supplying AAD but no call to update results in an invalid tag. I'll probably need to expand this PR to make an empty call to update in |
Test PASSed. |
LGTM. 👍 |
Fix two bugs with CommonCrypto GCM that can result in invalid output.
Bug 1: Call to AAD but no call to update. Get null tag bytes.
Bug 2: Call to update without call to AAD. Get null ciphertext bytes.
These bugs are ridiculous so there are comments added to try to help us avoid confusion in the future...
Fixes #1329