Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: throw in setAuthTag on invalid length #20040

Closed

Conversation

tniessen
Copy link
Member

@tniessen tniessen commented Apr 15, 2018

The current implementation performs limited checks only and silently ignores superfluous bytes of the authentication tag. This change makes setAuthTag throw when

  • the user-specified authTagLength does not match the actual tag length, especially when the authentication tag is longer than 16 bytes, and when
  • the mode is GCM, no authTagLength option has been specified and the tag length is not a valid GCM tag length.

This change makes the conditional assignment in SetAuthTag unnecessary,
which is replaced with a CHECK.

Refs: #17825

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Apr 15, 2018
@tniessen
Copy link
Member Author

@mscdex
Copy link
Contributor

mscdex commented Apr 15, 2018

/cc @nodejs/crypto

@yhwang

This comment has been minimized.

Copy link
Member

@yhwang yhwang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tniessen

This comment has been minimized.

@yhwang

This comment has been minimized.

@tniessen

This comment has been minimized.

@yhwang

This comment has been minimized.

@tniessen

This comment has been minimized.

@yhwang

This comment has been minimized.

@tniessen

This comment has been minimized.

@yhwang
Copy link
Member

yhwang commented Apr 18, 2018

but I guess we should throw here, which would make this a breaking change.

+1 for throwing an exception.

and yes, old implementation truncate the authtag......

@BridgeAR
Copy link
Member

Is this ready to land?

@tniessen
Copy link
Member Author

@BridgeAR No, I missed an edge case which @yhwang discovered, so this could cause a regression. The only solution seems to be to throw an error if the input value is too long, I will update the PR as soon as I have the time to do so.

Copy link
Member

@richardlau richardlau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mscdex mscdex added the wip Issues and PRs that are still a work in progress. label May 8, 2018
@tniessen tniessen force-pushed the crypto-dont-limit-tag-by-sizeof branch from 4dad3dc to 18611c6 Compare May 21, 2018 11:26
@tniessen tniessen changed the title crypto: remove conditional assignment in setAuthTag crypto: throw in setAuthTag on invalid length May 21, 2018
The current implementation performs limited checks only and silently
ignores superfluous bytes of the authentication tag. This change makes
setAuthTag throw when
- the user-specified authTagLength does not match the actual tag length,
  especially when the authentication tag is longer than 16 bytes, and
  when
- the mode is GCM, no authTagLength option has been specified and the
  tag length is not a valid GCM tag length.

This change makes the conditional assignment in SetAuthTag unnecessary,
which is replaced with a CHECK.

Refs: nodejs#17825
@tniessen tniessen force-pushed the crypto-dont-limit-tag-by-sizeof branch from 18611c6 to 00cf4aa Compare May 23, 2018 17:22
@tniessen tniessen added the semver-major PRs that contain breaking changes and should be released in the next major version. label May 23, 2018
@tniessen tniessen removed the wip Issues and PRs that are still a work in progress. label May 23, 2018
@tniessen
Copy link
Member Author

tniessen commented May 23, 2018

This patch turned out completely different than I had originally planned, but it still goes into the correct direction in my opinion. Please take another look.

As this change is now semver-major anyway, I also unified related error messages.

I also took the liberty of marking the discussion of the old change as "Outdated", I can't find the issue about when to use that feature. Feel free to unhide the discussion if this was incorrect.

@tniessen tniessen requested a review from a team May 26, 2018 13:27
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM at a quick glance.

@tniessen
Copy link
Member Author

New CI: https://ci.nodejs.org/job/node-test-pull-request/15168/

I know that most of the TSC is probably travelling right now, but still pinging @nodejs/tsc as this is a semver-major change now. Also @richardlau due to his blocking review.

@tniessen
Copy link
Member Author

Only failure seems to be infra-related:

/var/folders/dr/m8hrvy3d71172187rtx7vm380000gp/T/jenkins12712608435428624123.sh: line 6: /Users/iojs/Library/Python/2.7/bin/tap2junit: No such file or directory

Here's CitGM: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/1446/

@Trott
Copy link
Member

Trott commented May 31, 2018

Re-running node-test-commit-osx: https://ci.nodejs.org/job/node-test-commit-osx/18957/

tniessen added a commit that referenced this pull request Jun 1, 2018
The current implementation performs limited checks only and silently
ignores superfluous bytes of the authentication tag. This change makes
setAuthTag throw when
- the user-specified authTagLength does not match the actual tag length,
  especially when the authentication tag is longer than 16 bytes, and
  when
- the mode is GCM, no authTagLength option has been specified and the
  tag length is not a valid GCM tag length.

This change makes the conditional assignment in SetAuthTag unnecessary,
which is replaced with a CHECK.

Refs: #17825

PR-URL: #20040
Reviewed-By: Daniel Bevenius <[email protected]>
Reviewed-By: Yihong Wang <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@tniessen
Copy link
Member Author

tniessen commented Jun 1, 2018

CitGM looks good as far as I can tell. Landed in faf449c.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. semver-major PRs that contain breaking changes and should be released in the next major version.
Projects
None yet
Development

Successfully merging this pull request may close these issues.