Project

General

Profile

Actions

Bug #18735

closed

Encryptable unit tests fail under Ruby 2.4: key must be 32 bytes

Added by Dominic Cleal over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Under Ruby 2.4.0, encryptable unit tests and those that depend on the concern all fail:

 10) Error:
EncryptableTest#test_0008_string is re-encrypted upon save if password changed:
ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage
    app/models/concerns/encrypt_value.rb:60:in `decrypt_field'
    app/models/concerns/encryptable.rb:33:in `block (2 levels) in define_auto_decrypt_getter'
    test/unit/encryptable_test.rb:71:in `block in <class:EncryptableTest>'

 11) Failure:
EncryptableTest#test_0010_encrypt successfully [/home/dcleal/code/foreman/foreman/test/unit/encryptable_test.rb:95]:
Expected "secretpassword" to not be equal to "secretpassword".

 12) Error:
EncryptableTest#test_0007_string is NOT encrypted AGAIN upon save if it is not changed:
ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage
    app/models/concerns/encrypt_value.rb:60:in `decrypt_field'
    app/models/concerns/encryptable.rb:33:in `block (2 levels) in define_auto_decrypt_getter'
    test/unit/encryptable_test.rb:56:in `block in <class:EncryptableTest>'

 13) Failure:
EncryptableTest#test_0011_decrypt successfully [/home/dcleal/code/foreman/foreman/test/unit/encryptable_test.rb:105]:
Expected "secretpassword" to not be equal to "secretpassword".

The encrypt_str routine is catching an exception raised by Ruby through AS::MessageEncryptor:

> encryptor.encrypt_and_sign(str)
ArgumentError: key must be 32 bytes

The standard key length used in Foreman is 40 bytes (Foreman::Util#secure_encryption_key).

Actions

Also available in: Atom PDF