1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: use kNoAuthTagLength in InitAuthenticated

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/20225
Refs: https://github.com/nodejs/node/pull/20039
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
Tobias Nießen 2018-04-23 16:14:22 +02:00
parent 3152b7c0d3
commit 4809db9317
No known key found for this signature in database
GPG Key ID: 718207F8FD156B70
2 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/node_crypto.cc
View File

@ -2629,7 +2629,7 @@ void CipherBase::New(const FunctionCallbackInfo<Value>& args) {
void CipherBase::Init(const char* cipher_type,
const char* key_buf,
int key_buf_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
HandleScope scope(env()->isolate());
#ifdef NODE_FIPS_MODE
@ -2700,10 +2700,16 @@ void CipherBase::Init(const FunctionCallbackInfo<Value>& args) {
const node::Utf8Value cipher_type(args.GetIsolate(), args[0]);
const char* key_buf = Buffer::Data(args[1]);
ssize_t key_buf_len = Buffer::Length(args[1]);
CHECK(args[2]->IsInt32());
// Don't assign to cipher->auth_tag_len_ directly; the value might not
// represent a valid length at this point.
int auth_tag_len = args[2].As<v8::Int32>()->Value();
unsigned int auth_tag_len;
if (args[2]->IsUint32()) {
auth_tag_len = args[2].As<v8::Uint32>()->Value();
} else {
CHECK(args[2]->IsInt32() && args[2].As<v8::Int32>()->Value() == -1);
auth_tag_len = kNoAuthTagLength;
}
cipher->Init(*cipher_type, key_buf, key_buf_len, auth_tag_len);
}
@ -2714,7 +2720,7 @@ void CipherBase::InitIv(const char* cipher_type,
int key_len,
const char* iv,
int iv_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
HandleScope scope(env()->isolate());
const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
@ -2788,10 +2794,16 @@ void CipherBase::InitIv(const FunctionCallbackInfo<Value>& args) {
iv_buf = Buffer::Data(args[2]);
iv_len = Buffer::Length(args[2]);
}
CHECK(args[3]->IsInt32());
// Don't assign to cipher->auth_tag_len_ directly; the value might not
// represent a valid length at this point.
int auth_tag_len = args[3].As<v8::Int32>()->Value();
unsigned int auth_tag_len;
if (args[3]->IsUint32()) {
auth_tag_len = args[3].As<v8::Uint32>()->Value();
} else {
CHECK(args[3]->IsInt32() && args[3].As<v8::Int32>()->Value() == -1);
auth_tag_len = kNoAuthTagLength;
}
cipher->InitIv(*cipher_type, key_buf, key_len, iv_buf, iv_len, auth_tag_len);
}
@ -2802,7 +2814,7 @@ static bool IsValidGCMTagLength(unsigned int tag_len) {
}
bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
int auth_tag_len) {
unsigned int auth_tag_len) {
CHECK(IsAuthenticatedMode());
// TODO(tniessen) Use EVP_CTRL_AEAD_SET_IVLEN when migrating to OpenSSL 1.1.0
@ -2815,7 +2827,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
const int mode = EVP_CIPHER_CTX_mode(ctx_);
if (mode == EVP_CIPH_CCM_MODE) {
if (auth_tag_len < 0) {
if (auth_tag_len == kNoAuthTagLength) {
char msg[128];
snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type);
env()->ThrowError(msg);
@ -2850,7 +2862,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
} else {
CHECK_EQ(mode, EVP_CIPH_GCM_MODE);
if (auth_tag_len >= 0) {
if (auth_tag_len != kNoAuthTagLength) {
if (!IsValidGCMTagLength(auth_tag_len)) {
char msg[50];
snprintf(msg, sizeof(msg),

7
src/node_crypto.h
View File

@ -364,14 +364,15 @@ class CipherBase : public BaseObject {
void Init(const char* cipher_type,
const char* key_buf,
int key_buf_len,
int auth_tag_len);
unsigned int auth_tag_len);
void InitIv(const char* cipher_type,
const char* key,
int key_len,
const char* iv,
int iv_len,
int auth_tag_len);
bool InitAuthenticated(const char *cipher_type, int iv_len, int auth_tag_len);
unsigned int auth_tag_len);
bool InitAuthenticated(const char *cipher_type, int iv_len,
unsigned int auth_tag_len);
bool CheckCCMMessageLength(int message_len);
UpdateResult Update(const char* data, int len, unsigned char** out,
int* out_len);