AesGcmTest.testByteBufferShiftedAlias

[calvin.raison]

Hi Wycheproof team,

As described in the test's code comments, the AesGcmTest.testByteBufferShiftedAlias test can fail due to the bug described here: https://bugs.openjdk.java.net/browse/JDK-8181386.

My understanding is that to get this test to pass the provider must override the erroneous behaviour in the CipherSpi class. Is this understanding correct?

Regards,

Calvin.

[Daniel Bleichenbacher]

That understanding seems correct to me.

The question in such cases often is: should the test be disabled until there is an update from Oracle?

My personal reaction is: no.

The test checks some behaviour that is not working as advertised.

But at the same time, I'm generally pushing back at comparing libraries based on the tests.

Not everything that fails is the exploitable and/or the fault of the provider. Hence using the

tests for comparisons would lead to biased results.

One library that fixed this problem independently is ConsCrypt. I don't know how difficult this was.

Regards,

Calvin.

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/821c9cd7-1dc5-4187-9fb5-a429e633ee1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[calvin.raison]

Ok, that makes sense. Thanks for your feedback.

On Thursday, 15 November 2018 00:16:33 UTC+10, bleichen wrote:

On Tue, Nov 13, 2018 at 11:38 PM, calvin.raison <calvin...@rsa.com> wrote:

Hi Wycheproof team,

As described in the test's code comments, the AesGcmTest.testByteBufferShiftedAlias test can fail due to the bug described here: https://bugs.openjdk.java.net/browse/JDK-8181386.

My understanding is that to get this test to pass the provider must override the erroneous behaviour in the CipherSpi class. Is this understanding correct?

That understanding seems correct to me.

The question in such cases often is: should the test be disabled until there is an update from Oracle?

My personal reaction is: no.

The test checks some behaviour that is not working as advertised.

But at the same time, I'm generally pushing back at comparing libraries based on the tests.

Not everything that fails is the exploitable and/or the fault of the provider. Hence using the

tests for comparisons would lead to biased results.

One library that fixed this problem independently is ConsCrypt. I don't know how difficult this was.

Regards,

Calvin.

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.