diff options
author | Tobias Nießen <tniessen@tnie.de> | 2018-09-13 00:48:35 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2018-09-18 12:55:07 +0200 |
commit | a9e7369b117f857f24ed67ece1f212b4b605c584 (patch) | |
tree | ddab0a1f53b55061f28665e57565b83784cb7b65 /src/node_crypto.h | |
parent | 47a0d041d1f8b53a0cb6a9188b15557241d5fd45 (diff) | |
download | node-new-a9e7369b117f857f24ed67ece1f212b4b605c584.tar.gz |
crypto: fix edge case in authenticated encryption
Restricting the authentication tag length and calling update or
setAAD before setAuthTag caused an incorrect authentication tag to
be passed to OpenSSL: The auth_tag_len_ field was already set, so
the implementation assumed that the tag itself was known as well.
PR-URL: https://github.com/nodejs/node/pull/22828
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Diffstat (limited to 'src/node_crypto.h')
-rw-r--r-- | src/node_crypto.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/node_crypto.h b/src/node_crypto.h index 86aa3ba4ba..1a93ae7a47 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -363,6 +363,11 @@ class CipherBase : public BaseObject { kErrorMessageSize, kErrorState }; + enum AuthTagState { + kAuthTagUnknown, + kAuthTagKnown, + kAuthTagPassedToOpenSSL + }; static const unsigned kNoAuthTagLength = static_cast<unsigned>(-1); void Init(const char* cipher_type, @@ -404,7 +409,7 @@ class CipherBase : public BaseObject { : BaseObject(env, wrap), ctx_(nullptr), kind_(kind), - auth_tag_set_(false), + auth_tag_state_(kAuthTagUnknown), auth_tag_len_(kNoAuthTagLength), pending_auth_failed_(false) { MakeWeak(); @@ -413,7 +418,7 @@ class CipherBase : public BaseObject { private: DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> ctx_; const CipherKind kind_; - bool auth_tag_set_; + AuthTagState auth_tag_state_; unsigned int auth_tag_len_; char auth_tag_[EVP_GCM_TLS_TAG_LEN]; bool pending_auth_failed_; |