Skip to content

Commit

Permalink
crypto: fix auth tag length error when mode != GCM
Browse files Browse the repository at this point in the history
PR-URL: #42383
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
  • Loading branch information
tniessen authored and bengl committed Mar 21, 2022
1 parent db83c4d commit f48c3ba
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
3 changes: 2 additions & 1 deletion src/crypto/crypto_cipher.cc
Original file line number Diff line number Diff line change
Expand Up @@ -593,7 +593,8 @@ bool CipherBase::InitAuthenticated(
// Tell OpenSSL about the desired length.
if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_SET_TAG, auth_tag_len,
nullptr)) {
THROW_ERR_CRYPTO_INVALID_AUTH_TAG(env());
THROW_ERR_CRYPTO_INVALID_AUTH_TAG(
env(), "Invalid authentication tag length: %u", auth_tag_len);
return false;
}

Expand Down
16 changes: 15 additions & 1 deletion test/parallel/test-crypto-authenticated.js
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ const errMessages = {
state: / state/,
FIPS: /not supported in FIPS mode/,
length: /Invalid initialization vector/,
authTagLength: /Invalid authentication tag/
authTagLength: /Invalid authentication tag length/
};

const ciphers = crypto.getCiphers();
Expand Down Expand Up @@ -687,3 +687,17 @@ for (const test of TEST_CASES) {
});
}
}

{
const key = Buffer.alloc(32);
const iv = Buffer.alloc(12);

for (const authTagLength of [0, 17]) {
assert.throws(() => {
crypto.createCipheriv('chacha20-poly1305', key, iv, { authTagLength });
}, {
code: 'ERR_CRYPTO_INVALID_AUTH_TAG',
message: errMessages.authTagLength
});
}
}

0 comments on commit f48c3ba

Please sign in to comment.