Skip to content

Commit

Permalink
crypto: move DEP0182 to runtime deprecation
Browse files Browse the repository at this point in the history
This introduces a runtime deprecation for using GCM authentication tags
that are shorter than the cipher's block size, unless the user
specified the authTagLength option. This behavior has been doc-only
deprecated since 8f61b65.

Refs: nodejs#52327
Refs: nodejs#52345
PR-URL: nodejs#52552
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Benjamin Gruenbaum <[email protected]>
Reviewed-By: Yagiz Nizipli <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
  • Loading branch information
tniessen authored and bmeck committed Jun 22, 2024
1 parent 8d886a1 commit 27327e4
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 9 deletions.
7 changes: 3 additions & 4 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -3078,10 +3078,9 @@ and initialization vector (`iv`).
The `options` argument controls stream behavior and is optional except when a
cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the
`authTagLength` option is required and specifies the length of the
authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength`
option is not required but can be used to restrict accepted authentication tags
to those with the specified length.
For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
authentication tag in bytes, see [CCM mode][].
For AES-GCM and `chacha20-poly1305`, the `authTagLength` option defaults to 16
bytes and must be set to a different value if a different length is used.

The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
recent OpenSSL releases, `openssl list -cipher-algorithms` will
Expand Down
7 changes: 5 additions & 2 deletions doc/api/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -3623,15 +3623,18 @@ Please use the [`crypto.createHmac()`][] method to create Hmac instances.

<!-- YAML
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/52552
description: Runtime deprecation.
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/52345
description: Documentation-only deprecation.
-->

Type: Documentation-only (supports [`--pending-deprecation`][])
Type: Runtime

Applications that intend to use authentication tags that are shorter than the
default authentication tag length should set the `authTagLength` option of the
default authentication tag length must set the `authTagLength` option of the
[`crypto.createDecipheriv()`][] function to the appropriate length.

For ciphers in GCM mode, the [`decipher.setAuthTag()`][] function accepts
Expand Down
3 changes: 1 addition & 2 deletions src/crypto/crypto_cipher.cc
Original file line number Diff line number Diff line change
Expand Up @@ -698,8 +698,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
}

if (mode == EVP_CIPH_GCM_MODE && cipher->auth_tag_len_ == kNoAuthTagLength &&
tag_len != 16 && env->options()->pending_deprecation &&
env->EmitProcessEnvWarning()) {
tag_len != 16 && env->EmitProcessEnvWarning()) {
if (ProcessEmitDeprecationWarning(
env,
"Using AES-GCM authentication tags of less than 128 bits without "
Expand Down
1 change: 0 additions & 1 deletion test/parallel/test-crypto-gcm-implicit-short-tag.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
// Flags: --pending-deprecation
'use strict';
const common = require('../common');
if (!common.hasCrypto)
Expand Down

0 comments on commit 27327e4

Please sign in to comment.