File tree 1 file changed +6
-1
lines changed
1 file changed +6
-1
lines changed Original file line number Diff line number Diff line change @@ -419,6 +419,9 @@ The `decipher.setAAD()` method must be called before [`decipher.update()`][].
419
419
<!-- YAML
420
420
added: v1.0.0
421
421
changes:
422
+ - version: REPLACEME
423
+ pr-url: https://github.com/nodejs/node/pull/17825
424
+ description: This method now throws if the GCM tag length is invalid.
422
425
- version: v7.2.0
423
426
pr-url: https://github.com/nodejs/node/pull/9398
424
427
description: This method now returns a reference to `decipher`.
@@ -430,7 +433,9 @@ When using an authenticated encryption mode (only `GCM` and `CCM` are currently
430
433
supported), the ` decipher.setAuthTag() ` method is used to pass in the
431
434
received _ authentication tag_ . If no tag is provided, or if the cipher text
432
435
has been tampered with, [ ` decipher.final() ` ] [ ] will throw, indicating that the
433
- cipher text should be discarded due to failed authentication.
436
+ cipher text should be discarded due to failed authentication. If the tag length
437
+ is invalid according to [ NIST SP 800-38D] [ ] , ` decipher.setAuthTag() ` will throw
438
+ an error.
434
439
435
440
Note that this Node.js version does not verify the length of GCM authentication
436
441
tags. Such a check * must* be implemented by applications and is crucial to the
You can’t perform that action at this time.
0 commit comments