Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: improve setAuthTag #22538

Closed
wants to merge 1 commit into from
Closed

crypto: improve setAuthTag #22538

wants to merge 1 commit into from

Conversation

tniessen
Copy link
Member

This is an attempt to make the behavior of setAuthTag match the documentation: In GCM mode, it can be called at any time before invoking final, even after the last call to update.

Fixes: #22421

cc @nodejs/crypto @nodejs/security-wg @achronos0

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@tniessen
crypto: improve setAuthTag
4270faf 
This is an attempt to make the behavior of setAuthTag match the
documentation: In GCM mode, it can be called at any time before
invoking final, even after the last call to update.

Fixes: nodejs#22421
@nodejs-github-bot
Copy link
Collaborator

@tniessen build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/680/pipeline

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Aug 26, 2018
@tniessen
Copy link
Member Author

Ping @nodejs/crypto

@BridgeAR
Copy link
Member

This needs a review. No one looked at it for five days.

@tniessen
Copy link
Member Author

Thanks, @BridgeAR. @nodejs/crypto seems to be mostly dead these days. The change itself isn't that complex:

It should be possible to call setAuthTag() at any point before calling final(), but it currently isn't because the authentication tag is cached in the CipherBase class and only passed to OpenSSL once setAAD or update is called. The simplest solution is to also pass the cached tag to OpenSSL when final() is called, and that's what this PR does.

@tniessen
Copy link
Member Author

CI: https://ci.nodejs.org/job/node-test-pull-request/16910/

@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Aug 31, 2018
@addaleax
Copy link
Member

addaleax commented Sep 2, 2018

Landed in b402609

@addaleax addaleax closed this Sep 2, 2018
addaleax pushed a commit that referenced this pull request Sep 2, 2018
@tniessen @addaleax
crypto: improve setAuthTag
b402609 
This is an attempt to make the behavior of setAuthTag match the
documentation: In GCM mode, it can be called at any time before
invoking final, even after the last call to update.

Fixes: #22421

PR-URL: #22538
Reviewed-By: Anna Henningsen <[email protected]>
targos pushed a commit that referenced this pull request Sep 2, 2018
@tniessen @targos
crypto: improve setAuthTag
8593266 
This is an attempt to make the behavior of setAuthTag match the
documentation: In GCM mode, it can be called at any time before
invoking final, even after the last call to update.

Fixes: #22421

PR-URL: #22538
Reviewed-By: Anna Henningsen <[email protected]>
targos pushed a commit that referenced this pull request Sep 3, 2018
@tniessen @targos
crypto: improve setAuthTag
c47c79e 
This is an attempt to make the behavior of setAuthTag match the
documentation: In GCM mode, it can be called at any time before
invoking final, even after the last call to update.

Fixes: #22421

PR-URL: #22538
Reviewed-By: Anna Henningsen <[email protected]>
@targos targos mentioned this pull request Sep 5, 2018
Merged
targos pushed a commit that referenced this pull request Sep 6, 2018
@tniessen @targos
crypto: improve setAuthTag
34ffb06 
This is an attempt to make the behavior of setAuthTag match the
documentation: In GCM mode, it can be called at any time before
invoking final, even after the last call to update.

Fixes: #22421

PR-URL: #22538
Reviewed-By: Anna Henningsen <[email protected]>
This was referenced Sep 6, 2018
Closed
Closed
@tniessen tniessen removed the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 12, 2018
@tniessen tniessen mentioned this pull request Sep 12, 2018
Closed
3 tasks
@tniessen tniessen mentioned this pull request Sep 23, 2018
Closed
3 tasks
seebees added a commit to seebees/aws-encryption-sdk-javascript that referenced this pull request Aug 28, 2019
@seebees
fix: Zero length frames in old version of Node
b80ac4e 
resolves aws#199

In Node.js versions 10.9 and older will fail to decrypt if decipher.update is not called.
nodejs/node#22538 fixes this.

If the content is empty, push an empty buffer.
@seebees seebees mentioned this pull request Aug 28, 2019
Merged
1 task
seebees added a commit to aws/aws-encryption-sdk-javascript that referenced this pull request Sep 9, 2019
@seebees
fix: Zero length frames in old version of Node (#202)
c50dfa1 
resolves #199

In Node.js versions 10.9 and older will fail to decrypt if decipher.update is not called.
nodejs/node#22538 fixes this.

If the content is empty, push an empty buffer.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@addaleax addaleax addaleax approved these changes

@bnoordhuis bnoordhuis Awaiting requested review from bnoordhuis

@ChALkeR ChALkeR Awaiting requested review from ChALkeR

@joyeecheung joyeecheung Awaiting requested review from joyeecheung

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

crypto Decipher: setAuthTag() must be called before update()
4 participants
@tniessen @nodejs-github-bot @BridgeAR @addaleax