Skip to content

crypto: throw on invalid authentication tag length #17825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tniessen wants to merge 3 commits into from
Closed

crypto: throw on invalid authentication tag length #17825

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4f9fb30
crypto: throw on invalid authentication tag length
tniessen Dec 22, 2017
fe805b7
doc: note that setAuthTag throws on invalid length
tniessen Dec 28, 2017
2e68afc
doc: move support for invalid GCM tags to EOL
tniessen Apr 11, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
doc: note that setAuthTag throws on invalid length
  • Loading branch information
@tniessen
tniessen committed Apr 11, 2018
commit fe805b76a17dbf3d94b47bf72ec4f15af19052f6
7 changes: 6 additions & 1 deletion doc/api/crypto.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,9 @@ The `decipher.setAAD()` method must be called before [`decipher.update()`][].
<!-- YAML
added: v1.0.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/17825
description: This method now throws if the GCM tag length is invalid.
- version: v7.2.0
pr-url: https://github.com/nodejs/node/pull/9398
description: This method now returns a reference to `decipher`.
Expand All @@ -432,7 +435,9 @@ When using an authenticated encryption mode (only `GCM` is currently
supported), the `decipher.setAuthTag()` method is used to pass in the
received _authentication tag_. If no tag is provided, or if the cipher text
has been tampered with, [`decipher.final()`][] will throw, indicating that the
cipher text should be discarded due to failed authentication.
cipher text should be discarded due to failed authentication. If the tag length
is invalid according to [NIST SP 800-38D][], `decipher.setAuthTag()` will throw
an error.

Note that this Node.js version does not verify the length of GCM authentication
tags. Such a check *must* be implemented by applications and is crucial to the
Expand Down