merge revision(s) 43676: [Backport #8439]

	* test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use
	  String#succ because it can make modified (wrong) auth_tag longer
	  than 16 bytes.  The longer auth_tag makes that
	  EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail.
	  [ruby-core:55143] [Bug #8439] reported by Vit Ondruch.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@44566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 11 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 317315da38..3d8b906326 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Sun Jan 12 16:01:54 2014  Tanaka Akira  <akr@fsij.org>
+
+	* test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use
+	  String#succ because it can make modified (wrong) auth_tag longer
+	  than 16 bytes.  The longer auth_tag makes that
+	  EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail.
+	  [ruby-core:55143] [Bug #8439] reported by Vit Ondruch.
+
 Sun Jan 12 15:33:11 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* util.c (ruby_qsort): fix potential stack overflow on a large
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index 15cfb7b302..a883bb4d61 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -187,7 +187,8 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
       tag = cipher.auth_tag
 
       decipher = new_decryptor('aes-128-gcm', key, iv)
-      decipher.auth_tag = tag[0..-2] << tag[-1].succ
+      tag.setbyte(-1, (tag.getbyte(-1) + 1) & 0xff)
+      decipher.auth_tag = tag
       decipher.auth_data = "aad"
 
       assert_raise OpenSSL::Cipher::CipherError do
diff --git a/version.h b/version.h
index 7f5487b50d..f370c87603 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.0.0"
 #define RUBY_RELEASE_DATE "2014-01-12"
-#define RUBY_PATCHLEVEL 380
+#define RUBY_PATCHLEVEL 381
 
 #define RUBY_RELEASE_YEAR 2014
 #define RUBY_RELEASE_MONTH 1