Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: use kNoAuthTagLength in InitAuthenticated #20225

Closed
wants to merge 3 commits into from
Closed

crypto: use kNoAuthTagLength in InitAuthenticated #20225

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c9126f1
crypto: use kNoAuthTagLength in InitAuthenticated
tniessen Apr 23, 2018
217b606
fixup! crypto: use kNoAuthTagLength in InitAuthenticated
tniessen Apr 24, 2018
ab028e4
crypto: add using directives for v8::Int32, Uint32
tniessen Apr 24, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 21 additions & 9 deletions src/node_crypto.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2629,7 +2629,7 @@ void CipherBase::New(const FunctionCallbackInfo<Value>& args) {
void CipherBase::Init(const char* cipher_type,
const char* key_buf,
int key_buf_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
HandleScope scope(env()->isolate());

#ifdef NODE_FIPS_MODE
Expand Down Expand Up @@ -2700,10 +2700,16 @@ void CipherBase::Init(const FunctionCallbackInfo<Value>& args) {
const node::Utf8Value cipher_type(args.GetIsolate(), args[0]);
const char* key_buf = Buffer::Data(args[1]);
ssize_t key_buf_len = Buffer::Length(args[1]);
CHECK(args[2]->IsInt32());

// Don't assign to cipher->auth_tag_len_ directly; the value might not
// represent a valid length at this point.
int auth_tag_len = args[2].As<v8::Int32>()->Value();
unsigned int auth_tag_len;
if (args[2]->IsUint32()) {
auth_tag_len = args[2]->Uint32Value();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you use the overload that takes a Local<Context> or use the args[2].As<Uint32>()->Value() idiom?

} else {
CHECK(args[2]->IsInt32() && args[2]->Int32Value() == -1);
auth_tag_len = kNoAuthTagLength;
}

cipher->Init(*cipher_type, key_buf, key_buf_len, auth_tag_len);
}
Expand All @@ -2714,7 +2720,7 @@ void CipherBase::InitIv(const char* cipher_type,
int key_len,
const char* iv,
int iv_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
HandleScope scope(env()->isolate());

const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
Expand Down Expand Up @@ -2788,10 +2794,16 @@ void CipherBase::InitIv(const FunctionCallbackInfo<Value>& args) {
iv_buf = Buffer::Data(args[2]);
iv_len = Buffer::Length(args[2]);
}
CHECK(args[3]->IsInt32());

// Don't assign to cipher->auth_tag_len_ directly; the value might not
// represent a valid length at this point.
int auth_tag_len = args[3].As<v8::Int32>()->Value();
unsigned int auth_tag_len;
if (args[3]->IsUint32()) {
auth_tag_len = args[3]->Uint32Value();
} else {
CHECK(args[3]->IsInt32() && args[3]->Int32Value() == -1);
auth_tag_len = kNoAuthTagLength;
}

cipher->InitIv(*cipher_type, key_buf, key_len, iv_buf, iv_len, auth_tag_len);
}
Expand All @@ -2802,7 +2814,7 @@ static bool IsValidGCMTagLength(unsigned int tag_len) {
}

bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
CHECK(IsAuthenticatedMode());

// TODO(tniessen) Use EVP_CTRL_AEAD_SET_IVLEN when migrating to OpenSSL 1.1.0
Expand All @@ -2815,7 +2827,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,

const int mode = EVP_CIPHER_CTX_mode(ctx_);
if (mode == EVP_CIPH_CCM_MODE) {
if (auth_tag_len < 0) {
if (auth_tag_len == kNoAuthTagLength) {
char msg[128];
snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type);
env()->ThrowError(msg);
Expand Down Expand Up @@ -2850,7 +2862,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
} else {
CHECK_EQ(mode, EVP_CIPH_GCM_MODE);

if (auth_tag_len >= 0) {
if (auth_tag_len != kNoAuthTagLength) {
if (!IsValidGCMTagLength(auth_tag_len)) {
char msg[50];
snprintf(msg, sizeof(msg),
Expand Down
7 changes: 4 additions & 3 deletions src/node_crypto.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,14 +364,15 @@ class CipherBase : public BaseObject {
void Init(const char* cipher_type,
const char* key_buf,
int key_buf_len,
int auth_tag_len);
unsigned int auth_tag_len);
void InitIv(const char* cipher_type,
const char* key,
int key_len,
const char* iv,
int iv_len,
int auth_tag_len);
bool InitAuthenticated(const char *cipher_type, int iv_len, int auth_tag_len);
unsigned int auth_tag_len);
bool InitAuthenticated(const char *cipher_type, int iv_len,
unsigned int auth_tag_len);
bool CheckCCMMessageLength(int message_len);
UpdateResult Update(const char* data, int len, unsigned char** out,
int* out_len);
Expand Down