crypto: throw on invalid authentication tag length

tniessen · jasnell · commit d81a7b4baae3 · 2018-04-14T10:50:47.000-07:00
Refs: #17523 PR-URL: #17825 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -2912,11 +2912,10 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
   const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_);
   if (mode == EVP_CIPH_GCM_MODE) {
     if (tag_len > 16 || (tag_len < 12 && tag_len != 8 && tag_len != 4)) {
-      char msg[125];
+      char msg[50];
       snprintf(msg, sizeof(msg),
-          "Permitting authentication tag lengths of %u bytes is deprecated. "
-          "Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.", tag_len);
-      ProcessEmitDeprecationWarning(cipher->env(), msg, "DEP0090");
+          "Invalid GCM authentication tag length: %u", tag_len);
+      return cipher->env()->ThrowError(msg);
     }
   }
 
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
@@ -534,13 +534,8 @@ const expectedWarnings = common.hasFipsCrypto ?
     ['Use Cipheriv for counter mode of aes-256-ccm', common.noWarnCode]
   ];
 
-const expectedDeprecationWarnings = [0, 1, 2, 6, 9, 10, 11, 17]
-  .map((i) => [`Permitting authentication tag lengths of ${i} bytes is ` +
-            'deprecated. Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.',
-               'DEP0090']);
-
-expectedDeprecationWarnings.push(['crypto.DEFAULT_ENCODING is deprecated.',
-                                  'DEP0091']);
+const expectedDeprecationWarnings = ['crypto.DEFAULT_ENCODING is deprecated.',
+                                     'DEP0091'];
 
 common.expectWarning({
   Warning: expectedWarnings,
@@ -719,13 +714,18 @@ for (const test of TEST_CASES) {
 }
 
 // GCM only supports specific authentication tag lengths, invalid lengths should
-// produce warnings.
+// throw.
 {
-  for (const length of [0, 1, 2, 4, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17]) {
-    const decrypt = crypto.createDecipheriv('aes-256-gcm',
-                                            'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
-                                            'qkuZpJWCewa6Szih');
-    decrypt.setAuthTag(Buffer.from('1'.repeat(length)));
+  for (const length of [0, 1, 2, 6, 9, 10, 11, 17]) {
+    common.expectsError(() => {
+      const decrypt = crypto.createDecipheriv('aes-128-gcm',
+                                              'FxLKsqdmv0E9xrQh',
+                                              'qkuZpJWCewa6Szih');
+      decrypt.setAuthTag(Buffer.from('1'.repeat(length)));
+    }, {
+      type: Error,
+      message: `Invalid GCM authentication tag length: ${length}`
+    });
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -2912,11 +2912,10 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {`
`2912`	`2912`	`const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_);`
`2913`	`2913`	`if (mode == EVP_CIPH_GCM_MODE) {`
`2914`	`2914`	`if (tag_len > 16 \|\| (tag_len < 12 && tag_len != 8 && tag_len != 4)) {`
`2915`		`- char msg[125];`
	`2915`	`+ char msg[50];`
`2916`	`2916`	`snprintf(msg, sizeof(msg),`
`2917`		`- "Permitting authentication tag lengths of %u bytes is deprecated. "`
`2918`		`- "Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.", tag_len);`
`2919`		`- ProcessEmitDeprecationWarning(cipher->env(), msg, "DEP0090");`
	`2917`	`+ "Invalid GCM authentication tag length: %u", tag_len);`
	`2918`	`+ return cipher->env()->ThrowError(msg);`
`2920`	`2919`	`}`
`2921`	`2920`	`}`
`2922`	`2921`