1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: use kNoAuthTagLength in InitAuthenticated

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/20225
Refs: https://github.com/nodejs/node/pull/20039
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
Tobias Nießen 2018-04-23 16:14:22 +02:00
parent 3152b7c0d3
commit 4809db9317
No known key found for this signature in database
GPG Key ID: 718207F8FD156B70
2 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/node_crypto.cc
View File

@ -2629,7 +2629,7 @@ void CipherBase::New(const FunctionCallbackInfo<Value>& args) {
void CipherBase::Init(const char* cipher_type, void CipherBase::Init(const char* cipher_type,
const char* key_buf, const char* key_buf,
int key_buf_len, int key_buf_len,
int auth_tag_len) { unsigned int auth_tag_len) {
HandleScope scope(env()->isolate()); HandleScope scope(env()->isolate());
#ifdef NODE_FIPS_MODE #ifdef NODE_FIPS_MODE
@ -2700,10 +2700,16 @@ void CipherBase::Init(const FunctionCallbackInfo<Value>& args) {
const node::Utf8Value cipher_type(args.GetIsolate(), args[0]); const node::Utf8Value cipher_type(args.GetIsolate(), args[0]);
const char* key_buf = Buffer::Data(args[1]); const char* key_buf = Buffer::Data(args[1]);
ssize_t key_buf_len = Buffer::Length(args[1]); ssize_t key_buf_len = Buffer::Length(args[1]);
CHECK(args[2]->IsInt32());
// Don't assign to cipher->auth_tag_len_ directly; the value might not // Don't assign to cipher->auth_tag_len_ directly; the value might not
// represent a valid length at this point. // represent a valid length at this point.
int auth_tag_len = args[2].As<v8::Int32>()->Value(); unsigned int auth_tag_len;
if (args[2]->IsUint32()) {
auth_tag_len = args[2].As<v8::Uint32>()->Value();
} else {
CHECK(args[2]->IsInt32() && args[2].As<v8::Int32>()->Value() == -1);
auth_tag_len = kNoAuthTagLength;
}
cipher->Init(*cipher_type, key_buf, key_buf_len, auth_tag_len); cipher->Init(*cipher_type, key_buf, key_buf_len, auth_tag_len);
} }
@ -2714,7 +2720,7 @@ void CipherBase::InitIv(const char* cipher_type,
int key_len, int key_len,
const char* iv, const char* iv,
int iv_len, int iv_len,
int auth_tag_len) { unsigned int auth_tag_len) {
HandleScope scope(env()->isolate()); HandleScope scope(env()->isolate());
const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type); const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
@ -2788,10 +2794,16 @@ void CipherBase::InitIv(const FunctionCallbackInfo<Value>& args) {
iv_buf = Buffer::Data(args[2]); iv_buf = Buffer::Data(args[2]);
iv_len = Buffer::Length(args[2]); iv_len = Buffer::Length(args[2]);
} }
CHECK(args[3]->IsInt32());
// Don't assign to cipher->auth_tag_len_ directly; the value might not // Don't assign to cipher->auth_tag_len_ directly; the value might not
// represent a valid length at this point. // represent a valid length at this point.
int auth_tag_len = args[3].As<v8::Int32>()->Value(); unsigned int auth_tag_len;
if (args[3]->IsUint32()) {
auth_tag_len = args[3].As<v8::Uint32>()->Value();
} else {
CHECK(args[3]->IsInt32() && args[3].As<v8::Int32>()->Value() == -1);
auth_tag_len = kNoAuthTagLength;
}
cipher->InitIv(*cipher_type, key_buf, key_len, iv_buf, iv_len, auth_tag_len); cipher->InitIv(*cipher_type, key_buf, key_len, iv_buf, iv_len, auth_tag_len);
} }
@ -2802,7 +2814,7 @@ static bool IsValidGCMTagLength(unsigned int tag_len) {
} }
bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len, bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
int auth_tag_len) { unsigned int auth_tag_len) {
CHECK(IsAuthenticatedMode()); CHECK(IsAuthenticatedMode());
// TODO(tniessen) Use EVP_CTRL_AEAD_SET_IVLEN when migrating to OpenSSL 1.1.0 // TODO(tniessen) Use EVP_CTRL_AEAD_SET_IVLEN when migrating to OpenSSL 1.1.0
@ -2815,7 +2827,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
const int mode = EVP_CIPHER_CTX_mode(ctx_); const int mode = EVP_CIPHER_CTX_mode(ctx_);
if (mode == EVP_CIPH_CCM_MODE) { if (mode == EVP_CIPH_CCM_MODE) {
if (auth_tag_len < 0) { if (auth_tag_len == kNoAuthTagLength) {
char msg[128]; char msg[128];
snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type); snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type);
env()->ThrowError(msg); env()->ThrowError(msg);
@ -2850,7 +2862,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
} else { } else {
CHECK_EQ(mode, EVP_CIPH_GCM_MODE); CHECK_EQ(mode, EVP_CIPH_GCM_MODE);
if (auth_tag_len >= 0) { if (auth_tag_len != kNoAuthTagLength) {
if (!IsValidGCMTagLength(auth_tag_len)) { if (!IsValidGCMTagLength(auth_tag_len)) {
char msg[50]; char msg[50];
snprintf(msg, sizeof(msg), snprintf(msg, sizeof(msg),

7
src/node_crypto.h
View File

@ -364,14 +364,15 @@ class CipherBase : public BaseObject {
void Init(const char* cipher_type, void Init(const char* cipher_type,
const char* key_buf, const char* key_buf,
int key_buf_len, int key_buf_len,
int auth_tag_len); unsigned int auth_tag_len);
void InitIv(const char* cipher_type, void InitIv(const char* cipher_type,
const char* key, const char* key,
int key_len, int key_len,
const char* iv, const char* iv,
int iv_len, int iv_len,
int auth_tag_len); unsigned int auth_tag_len);
bool InitAuthenticated(const char *cipher_type, int iv_len, int auth_tag_len); bool InitAuthenticated(const char *cipher_type, int iv_len,
unsigned int auth_tag_len);
bool CheckCCMMessageLength(int message_len); bool CheckCCMMessageLength(int message_len);
UpdateResult Update(const char* data, int len, unsigned char** out, UpdateResult Update(const char* data, int len, unsigned char** out,
int* out_len); int* out_len);