Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: fix faulty logic in iv size check #9032

Merged
merged 1 commit into from
Oct 17, 2016

Conversation

bnoordhuis
Copy link
Member

Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.

Refs: #6376
Refs: #9024

R=@nodejs/crypto @addaleax

@bnoordhuis bnoordhuis added crypto Issues and PRs related to the crypto subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. labels Oct 11, 2016
@nodejs-github-bot nodejs-github-bot added the c++ Issues and PRs that require attention from people who are familiar with C++. label Oct 11, 2016
Copy link
Member

@indutny indutny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bnoordhuis
Copy link
Member Author

@@ -3261,7 +3261,7 @@ void CipherBase::InitIv(const char* cipher_type,
iv_length (0) for ECB ciphers */
if (EVP_CIPHER_iv_length(cipher_) != iv_len &&
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) &&
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seeing the above comment in regard of the openssl bug, the issue of ECB mode has already resolved in openssl/openssl@97fe2b4 so that we no longer need to check the iv length of ECB mode.

@@ -3261,7 +3261,7 @@ void CipherBase::InitIv(const char* cipher_type,
iv_length (0) for ECB ciphers */
if (EVP_CIPHER_iv_length(cipher_) != iv_len &&
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) &&
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE) && iv_len > 0) {
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE && iv_len > 0)) {
return env()->ThrowError("Invalid IV length");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could not figure out the reason why the GCM test of zero length of iv_len in test-crypto-authenticated.js has passed. There seems two reasons. One is the test has a bug to skip some tests due to checking test.password and i>0 but iv_len in GCM can be checked in the following EVP_CIPHER_CTX_ctrl(&ctx_, EVP_CTRL_GCM_SET_IVLEN, iv_len, nullptr).
I think the fix of test-crypto-authenticated.js as in https://gist.github.com/shigeki/afc23ecef12006777b668a2b8a24b044 is also needed.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh, good point. I'll investigate.

@bnoordhuis
Copy link
Member Author

Good catch, @shigeki. I think I got it now, PTAL.

Copy link
Contributor

@shigeki shigeki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very fine. I'd like to have another LGTM from @indutny too.

@shigeki
Copy link
Contributor

shigeki commented Oct 12, 2016

A new CI is running on https://ci.nodejs.org/job/node-test-pull-request/4492/

Copy link
Member

@indutny indutny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

const int expected_iv_len = EVP_CIPHER_iv_length(cipher_);
const bool is_gcm_mode = (EVP_CIPH_GCM_MODE == EVP_CIPHER_mode(cipher_));

if (is_gcm_mode == false && iv_len != expected_iv_len) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

!is_gcm_mode?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Believe it or not, I chose not to use that because !i is not very distinct in some fonts.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh gosh!

@bnoordhuis
Copy link
Member Author

One genuine failure on the FIPS buildbot, probably DES is not allowed in FIPS mode, but what is up with the freebsd and smartos buildbots? Lots of seemingly random flakes and not just in this run.

@bnoordhuis
Copy link
Member Author

Now with FIPS fix-ups: https://ci.nodejs.org/job/node-test-pull-request/4493/

Copy link
Member

@indutny indutny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if CI is green.

const int expected_iv_len = EVP_CIPHER_iv_length(cipher_);
const bool is_gcm_mode = (EVP_CIPH_GCM_MODE == EVP_CIPHER_mode(cipher_));

if (is_gcm_mode == false && iv_len != expected_iv_len) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh gosh!

@MylesBorins
Copy link
Contributor

@bnoordhuis I've been noticing all sorts of flakes on BSD + smartos last 48 hours

@bnoordhuis
Copy link
Member Author

One more FIPS fix-up: https://ci.nodejs.org/job/node-test-pull-request/4498/

Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.

Also fix some exit bugs in test/parallel/test-crypto-authenticated.js
that were introduced in commit 4a40832 ("test: cleanup IIFE tests")
where removing the IFFEs made the test exit prematurely instead of just
skipping subtests.

PR-URL: nodejs#9032
Refs: nodejs#6376
Refs: nodejs#9024
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
@bnoordhuis bnoordhuis closed this Oct 17, 2016
@bnoordhuis bnoordhuis deleted the fix9024 branch October 17, 2016 15:08
@bnoordhuis bnoordhuis merged commit 6ef6d42 into nodejs:master Oct 17, 2016
jasnell pushed a commit that referenced this pull request Oct 17, 2016
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.

Also fix some exit bugs in test/parallel/test-crypto-authenticated.js
that were introduced in commit 4a40832 ("test: cleanup IIFE tests")
where removing the IFFEs made the test exit prematurely instead of just
skipping subtests.

PR-URL: #9032
Refs: #6376
Refs: #9024
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
MylesBorins pushed a commit that referenced this pull request Nov 11, 2016
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.

Also fix some exit bugs in test/parallel/test-crypto-authenticated.js
that were introduced in commit 4a40832 ("test: cleanup IIFE tests")
where removing the IFFEs made the test exit prematurely instead of just
skipping subtests.

PR-URL: #9032
Refs: #6376
Refs: #9024
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
@MylesBorins
Copy link
Contributor

@bnoordhuis this lands cleanly on v6.x but not on v4.x. Would you be willing to manually backport?

sam-github pushed a commit to sam-github/node that referenced this pull request Nov 18, 2016
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.

Also fix some exit bugs in test/parallel/test-crypto-authenticated.js
that were introduced in commit 4a40832 ("test: cleanup IIFE tests")
where removing the IFFEs made the test exit prematurely instead of just
skipping subtests.

PR-URL: nodejs#9032
Refs: nodejs#6376
Refs: nodejs#9024
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
@sam-github
Copy link
Contributor

@thealphanerd I'm not sure where you are accumulating back-ports, I was thinking there might be a v4.xxx-proposal, so maybe you already have this. Anyhow, I back-ported as an exercise https://github.com/sam-github/node/commits/v4-pr/9032

@bnoordhuis if you didn't back-port already, PTAL at above.

@MylesBorins
Copy link
Contributor

@sam-github would you be willing to send that backport to v4.x as a PR so it can be appropriately reviewed?

Thanks for taking the time to do it!

@sam-github
Copy link
Contributor

@thealphanerd #9686, is there any way to list all the PRs that target 4.x?

@addaleax
Copy link
Member

is there any way to list all the PRs that target 4.x?

https://github.com/nodejs/node/pulls?q=is%3Aopen+label%3Av4.x+is%3Apr might come close?

@MylesBorins
Copy link
Contributor

@sam-github currently all pr's that target v4.x should have the v4.x label

There are also commits to be audited such as well as commits that have the lts-watch-v4.x label but are closed. There are also commits in master that have not been labelled the need to be audited

Feel free to ping me outside github if you wanna chat more in depth about the process

@sam-github
Copy link
Contributor

@thealphanerd Thanks, I think I got the gist, target -staging, label with the target version.

MylesBorins pushed a commit that referenced this pull request Nov 22, 2016
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.

Also fix some exit bugs in test/parallel/test-crypto-authenticated.js
that were introduced in commit 4a40832 ("test: cleanup IIFE tests")
where removing the IFFEs made the test exit prematurely instead of just
skipping subtests.

PR-URL: #9032
Refs: #6376
Refs: #9024
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
MylesBorins pushed a commit that referenced this pull request Nov 22, 2016
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.

Also fix some exit bugs in test/parallel/test-crypto-authenticated.js
that were introduced in commit 4a40832 ("test: cleanup IIFE tests")
where removing the IFFEs made the test exit prematurely instead of just
skipping subtests.

PR-URL: #9032
Refs: #6376
Refs: #9024
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
This was referenced Nov 22, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants