From bf752a1b1a424a5d6ce90d39668182e3cefd1037 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sun, 20 Mar 2022 13:18:52 +0100 Subject: [PATCH] crypto: fix auth tag length error when mode != GCM PR-URL: https://github.com/nodejs/node/pull/42383 Reviewed-By: Filip Skokan Reviewed-By: Luigi Pinca --- src/crypto/crypto_cipher.cc | 3 ++- test/parallel/test-crypto-authenticated.js | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc index 90a0c4d1fd0bf4..d6c6f0c4375aad 100644 --- a/src/crypto/crypto_cipher.cc +++ b/src/crypto/crypto_cipher.cc @@ -593,7 +593,8 @@ bool CipherBase::InitAuthenticated( // Tell OpenSSL about the desired length. if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_SET_TAG, auth_tag_len, nullptr)) { - THROW_ERR_CRYPTO_INVALID_AUTH_TAG(env()); + THROW_ERR_CRYPTO_INVALID_AUTH_TAG( + env(), "Invalid authentication tag length: %u", auth_tag_len); return false; } diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js index 21c5af6cfe3e5e..3749895769ffc9 100644 --- a/test/parallel/test-crypto-authenticated.js +++ b/test/parallel/test-crypto-authenticated.js @@ -44,7 +44,7 @@ const errMessages = { state: / state/, FIPS: /not supported in FIPS mode/, length: /Invalid initialization vector/, - authTagLength: /Invalid authentication tag/ + authTagLength: /Invalid authentication tag length/ }; const ciphers = crypto.getCiphers(); @@ -687,3 +687,17 @@ for (const test of TEST_CASES) { }); } } + +{ + const key = Buffer.alloc(32); + const iv = Buffer.alloc(12); + + for (const authTagLength of [0, 17]) { + assert.throws(() => { + crypto.createCipheriv('chacha20-poly1305', key, iv, { authTagLength }); + }, { + code: 'ERR_CRYPTO_INVALID_AUTH_TAG', + message: errMessages.authTagLength + }); + } +}