Question about verification tests failing

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Question about verification tests failing

mike-2

Hello, Users!

 

Just starting out with Crypto++ and thought the best place to start would be the self tests.

Tests passed, up to the point of the Assertion below.

 

Is the below a know error on Windows?

I searched the forum and found nothing relevant, so thought I would ask before I dig too much more.

Actions performed:

 

  1. $ git clone https://github.com/weidai11/cryptopp.git cryptopp-test
  2. Cd cryptopp-test
  3. C:\development\cryptopp-test\cryptopp-test>cryptest.exe v > cryptest.txt

 

 

Tests ran fine from here to Assertion below:

Using seed: 1494891954     

Testing Settings...

passed:  Your machine is little endian.

passed:  Library version (library): 600, header version (app): 600

.

.

.

Testing Compressors and Decompressors...

 

passed:  filenames, filetimes and comments

passed:  128 zips and unzips

Assertion failed: zinflate.cpp(560): CryptoPP::Inflator::DecodeBody

 

C:\development\cryptopp-test\cryptopp-test>

 

 

Thanks!

Mike.

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about verification tests failing

Jeffrey Walton-3

Just starting out with Crypto++ and thought the best place to start would be the self tests.

Tests passed, up to the point of the Assertion below.

 

Is the below a know error on Windows?

I searched the forum and found nothing relevant, so thought I would ask before I dig too much more.

Actions performed:

 

  1. $ git clone <a href="https://github.com/weidai11/cryptopp.git" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp.git\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHdaQL7Aic87S9VOCpiflIaRwkH4Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp.git\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHdaQL7Aic87S9VOCpiflIaRwkH4Q&#39;;return true;">https://github.com/weidai11/cryptopp.git cryptopp-test
  2. Cd cryptopp-test
  3. C:\development\cryptopp-test\cryptopp-test>cryptest.exe v > cryptest.txt

passed:  filenames, filetimes and comments

passed:  128 zips and unzips

Assertion failed: zinflate.cpp(560): CryptoPP::Inflator::DecodeBody


The assertion is due to random data being fed to a decompressor. The assert is expected in Debug builds if the random data tickles an out-of-bounds read. After the assert a throw() happens. Also see https://github.com/weidai11/cryptopp/blob/master/zinflate.cpp#L558 .

The changes are recent; see https://github.com/weidai11/cryptopp/issues/414 and https://github.com/weidai11/cryptopp/commit/02df6ea84755.

Related, we use our own debug assert that does not do dumb Posixy things like crash a program while debugging it; or crash a release build. Also see https://github.com/weidai11/cryptopp/blob/master/trap.h .

Crashing a release build is a serious transgression (security bug) on many platforms. If an assert crashes a program, then the sensitive information (like passwords and private keys) are sent to Apple, Canonical, Google, Microsoft, etc through bug reporting/error reporting services. The NSA and GCHQ thanks them :)

> Just starting out with Crypto++ ...

When you need to figure out how to do something, add the word "wiki" to the search. We try to load the wiki up with example code ready for copy/paste. For example: "crypto++ cbc mode wiki" (https://www.google.com/search?q=crypto%2B%2B+cbc+mode+wiki).

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about verification tests failing

Jeffrey Walton-3

Just starting out with Crypto++ and thought the best place to start would be the self tests.

Tests passed, up to the point of the Assertion below.

 

Is the below a know error on Windows?

I searched the forum and found nothing relevant, so thought I would ask before I dig too much more.

Actions performed:

 

  1. $ git clone <a href="https://github.com/weidai11/cryptopp.git" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp.git\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHdaQL7Aic87S9VOCpiflIaRwkH4Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp.git\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHdaQL7Aic87S9VOCpiflIaRwkH4Q&#39;;return true;">https://github.com/weidai11/cryptopp.git cryptopp-test
  2. Cd cryptopp-test
  3. C:\development\cryptopp-test\cryptopp-test>cryptest.exe v > cryptest.txt

passed:  filenames, filetimes and comments

passed:  128 zips and unzips

Assertion failed: zinflate.cpp(560): CryptoPP::Inflator::DecodeBody


By the way, you might be interested in these to pages, too.

  * https://www.cryptopp.com/wiki/Release_Process#Self_Tests
  * https://www.cryptopp.com/wiki/MSBuild_(Command_Line)

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about verification tests failing

Jeffrey Walton-3
In reply to this post by mike-2

Testing Compressors and Decompressors...

 

passed:  filenames, filetimes and comments

passed:  128 zips and unzips

Assertion failed: zinflate.cpp(560): CryptoPP::Inflator::DecodeBody


Also, this is _not_ a failure (or maybe it is?):

Testing Compressors and Decompressors...

FAILED:  Gzip failed to detect a truncated stream
passed:  filenames, filetimes and comments
FAILED:  128 zips and unzips
Assertion failed: zinflate.cpp(560): DecodeBody
passed:  128 deflates and inflates
passed:  128 zlib decompress and compress

The truncated stream test is here: https://github.com/weidai11/cryptopp/blob/master/validat0.cpp#L172. All it does is lop two bytes off a well formed stream:

try {
  StringSource(dest.substr(0, len - 2), true, new Gunzip(new StringSink(rec)));
  std::cout << "FAILED:  Gzip failed to detect a truncated stream\n";
  fail = true;
}
catch (const Exception&) {}

The problem is, Inflator/Deflator only uses an Adler32 checksum, so its not too hard to cause the failure. About 1 in 16 runs witness it if my observations are correct.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about verification tests failing

Jeffrey Walton-3


On Tuesday, May 16, 2017 at 1:41:00 AM UTC-4, Jeffrey Walton wrote:

Testing Compressors and Decompressors...

 

passed:  filenames, filetimes and comments

passed:  128 zips and unzips

Assertion failed: zinflate.cpp(560): CryptoPP::Inflator::DecodeBody


Also, this is _not_ a failure (or maybe it is?):

Testing Compressors and Decompressors...

FAILED:  Gzip failed to detect a truncated stream
passed:  filenames, filetimes and comments
FAILED:  128 zips and unzips
Assertion failed: zinflate.cpp(560): DecodeBody
passed:  128 deflates and inflates
passed:  128 zlib decompress and compress

The truncated stream test is here: <a href="https://github.com/weidai11/cryptopp/blob/master/validat0.cpp#L172" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fblob%2Fmaster%2Fvalidat0.cpp%23L172\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEAAQchwWN0YM69zl3CkJxnpGlgkg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fblob%2Fmaster%2Fvalidat0.cpp%23L172\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEAAQchwWN0YM69zl3CkJxnpGlgkg&#39;;return true;">https://github.com/weidai11/cryptopp/blob/master/validat0.cpp#L172. All it does is lop two bytes off a well formed stream:

try {
  StringSource(dest.substr(0, len - 2), true, new Gunzip(new StringSink(rec)));
  std::cout << "FAILED:  Gzip failed to detect a truncated stream\n";
  fail = true;
}
catch (const Exception&) {}

The problem is, Inflator/Deflator only uses an Adler32 checksum, so its not too hard to cause the failure. About 1 in 16 runs witness it if my observations are correct.

This is now handled more gracefully: https://github.com/weidai11/cryptopp/commit/b083390d4f2c.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Loading...