-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: throw in setAuthTag on invalid length #20040
Conversation
/cc @nodejs/crypto |
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
+1 for throwing an exception. and yes, old implementation truncate the authtag...... |
Is this ready to land? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As per #20040 (comment).
4dad3dc
to
18611c6
Compare
The current implementation performs limited checks only and silently ignores superfluous bytes of the authentication tag. This change makes setAuthTag throw when - the user-specified authTagLength does not match the actual tag length, especially when the authentication tag is longer than 16 bytes, and when - the mode is GCM, no authTagLength option has been specified and the tag length is not a valid GCM tag length. This change makes the conditional assignment in SetAuthTag unnecessary, which is replaced with a CHECK. Refs: nodejs#17825
18611c6
to
00cf4aa
Compare
This patch turned out completely different than I had originally planned, but it still goes into the correct direction in my opinion. Please take another look. As this change is now semver-major anyway, I also unified related error messages. I also took the liberty of marking the discussion of the old change as "Outdated", I can't find the issue about when to use that feature. Feel free to unhide the discussion if this was incorrect. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM at a quick glance.
New CI: https://ci.nodejs.org/job/node-test-pull-request/15168/ I know that most of the TSC is probably travelling right now, but still pinging @nodejs/tsc as this is a semver-major change now. Also @richardlau due to his blocking review. |
Only failure seems to be infra-related:
Here's CitGM: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/1446/ |
Re-running node-test-commit-osx: https://ci.nodejs.org/job/node-test-commit-osx/18957/ |
The current implementation performs limited checks only and silently ignores superfluous bytes of the authentication tag. This change makes setAuthTag throw when - the user-specified authTagLength does not match the actual tag length, especially when the authentication tag is longer than 16 bytes, and when - the mode is GCM, no authTagLength option has been specified and the tag length is not a valid GCM tag length. This change makes the conditional assignment in SetAuthTag unnecessary, which is replaced with a CHECK. Refs: #17825 PR-URL: #20040 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Yihong Wang <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]>
CitGM looks good as far as I can tell. Landed in faf449c. |
The current implementation performs limited checks only and silently ignores superfluous bytes of the authentication tag. This change makes
setAuthTag
throw whenauthTagLength
does not match the actual tag length, especially when the authentication tag is longer than 16 bytes, and whenauthTagLength
option has been specified and the tag length is not a valid GCM tag length.This change makes the conditional assignment in SetAuthTag unnecessary,
which is replaced with a CHECK.
Refs: #17825
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes