diff options
author | Rafael França <rafaelmfranca@gmail.com> | 2016-07-27 21:29:41 -0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-07-27 21:29:41 -0300 |
commit | 2a095142fb2f3300c841cf3a15100581635f4a35 (patch) | |
tree | c9b02750116328ae9dc5aac286f65b5be623a0b7 /activesupport | |
parent | c1dc565f1e5da3d9a680cc25ae3a06c739d4d149 (diff) | |
parent | 73209aa7a3abb942e144e358135e5d39a70294fd (diff) | |
download | rails-2a095142fb2f3300c841cf3a15100581635f4a35.tar.gz rails-2a095142fb2f3300c841cf3a15100581635f4a35.tar.bz2 rails-2a095142fb2f3300c841cf3a15100581635f4a35.zip |
Merge pull request #25963 from bdewater/auth_tag_doc
Add rationale for checking auth_tag length for AEAD ciphers
Diffstat (limited to 'activesupport')
-rw-r--r-- | activesupport/lib/active_support/message_encryptor.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb index 87efe117c5..1f2736388d 100644 --- a/activesupport/lib/active_support/message_encryptor.rb +++ b/activesupport/lib/active_support/message_encryptor.rb @@ -99,6 +99,10 @@ module ActiveSupport def _decrypt(encrypted_message) cipher = new_cipher encrypted_data, iv, auth_tag = encrypted_message.split("--".freeze).map {|v| ::Base64.strict_decode64(v)} + + # Currently the OpenSSL bindings do not raise an error if auth_tag is + # truncated, which would allow an attacker to easily forge it. See + # https://github.com/ruby/openssl/issues/63 raise InvalidMessage if aead_mode? && auth_tag.bytes.length != 16 cipher.decrypt |