Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: use kNoAuthTagLength in InitAuthenticated #20225

Closed
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 21 additions & 9 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2629,7 +2629,7 @@ void CipherBase::New(const FunctionCallbackInfo<Value>& args) {
void CipherBase::Init(const char* cipher_type,
const char* key_buf,
int key_buf_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
HandleScope scope(env()->isolate());

#ifdef NODE_FIPS_MODE
Expand Down Expand Up @@ -2700,10 +2700,16 @@ void CipherBase::Init(const FunctionCallbackInfo<Value>& args) {
const node::Utf8Value cipher_type(args.GetIsolate(), args[0]);
const char* key_buf = Buffer::Data(args[1]);
ssize_t key_buf_len = Buffer::Length(args[1]);
CHECK(args[2]->IsInt32());

// Don't assign to cipher->auth_tag_len_ directly; the value might not
// represent a valid length at this point.
int auth_tag_len = args[2].As<v8::Int32>()->Value();
unsigned int auth_tag_len;
if (args[2]->IsUint32()) {
auth_tag_len = args[2]->Uint32Value();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you use the overload that takes a Local<Context> or use the args[2].As<Uint32>()->Value() idiom?

} else {
CHECK(args[2]->IsInt32() && args[2]->Int32Value() == -1);
auth_tag_len = kNoAuthTagLength;
}

cipher->Init(*cipher_type, key_buf, key_buf_len, auth_tag_len);
}
Expand All @@ -2714,7 +2720,7 @@ void CipherBase::InitIv(const char* cipher_type,
int key_len,
const char* iv,
int iv_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
HandleScope scope(env()->isolate());

const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
Expand Down Expand Up @@ -2788,10 +2794,16 @@ void CipherBase::InitIv(const FunctionCallbackInfo<Value>& args) {
iv_buf = Buffer::Data(args[2]);
iv_len = Buffer::Length(args[2]);
}
CHECK(args[3]->IsInt32());

// Don't assign to cipher->auth_tag_len_ directly; the value might not
// represent a valid length at this point.
int auth_tag_len = args[3].As<v8::Int32>()->Value();
unsigned int auth_tag_len;
if (args[3]->IsUint32()) {
auth_tag_len = args[3]->Uint32Value();
} else {
CHECK(args[3]->IsInt32() && args[3]->Int32Value() == -1);
auth_tag_len = kNoAuthTagLength;
}

cipher->InitIv(*cipher_type, key_buf, key_len, iv_buf, iv_len, auth_tag_len);
}
Expand All @@ -2802,7 +2814,7 @@ static bool IsValidGCMTagLength(unsigned int tag_len) {
}

bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
CHECK(IsAuthenticatedMode());

// TODO(tniessen) Use EVP_CTRL_AEAD_SET_IVLEN when migrating to OpenSSL 1.1.0
Expand All @@ -2815,7 +2827,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,

const int mode = EVP_CIPHER_CTX_mode(ctx_);
if (mode == EVP_CIPH_CCM_MODE) {
if (auth_tag_len < 0) {
if (auth_tag_len == kNoAuthTagLength) {
char msg[128];
snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type);
env()->ThrowError(msg);
Expand Down Expand Up @@ -2850,7 +2862,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
} else {
CHECK_EQ(mode, EVP_CIPH_GCM_MODE);

if (auth_tag_len >= 0) {
if (auth_tag_len != kNoAuthTagLength) {
if (!IsValidGCMTagLength(auth_tag_len)) {
char msg[50];
snprintf(msg, sizeof(msg),
Expand Down
7 changes: 4 additions & 3 deletions src/node_crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -364,14 +364,15 @@ class CipherBase : public BaseObject {
void Init(const char* cipher_type,
const char* key_buf,
int key_buf_len,
int auth_tag_len);
unsigned int auth_tag_len);
void InitIv(const char* cipher_type,
const char* key,
int key_len,
const char* iv,
int iv_len,
int auth_tag_len);
bool InitAuthenticated(const char *cipher_type, int iv_len, int auth_tag_len);
unsigned int auth_tag_len);
bool InitAuthenticated(const char *cipher_type, int iv_len,
unsigned int auth_tag_len);
bool CheckCCMMessageLength(int message_len);
UpdateResult Update(const char* data, int len, unsigned char** out,
int* out_len);
Expand Down