crypto: warn on invalid authentication tag length #17566
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Using authentication tags of invalid length does not conform to NIST standards.
nodejs-github-bot
added
c++
|
cc @nodejs/crypto @willclarktech |
bnoordhuis
approved these changes
Dec 9, 2017
src/node_crypto.cc
Outdated
| @@ -3767,9 +3767,18 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) { | |||
| return args.GetReturnValue().Set(false); | |||
| } | |||
|
|
|||
| // FIXME(bnoordhuis) Throw when buffer length is not a valid tag size. | |||
| unsigned int tag_len = Buffer::Length(args[0]); | |||
| if (EVP_CIPHER_CTX_mode(cipher->ctx_) == EVP_CIPH_GCM_MODE) { | |||
There was a problem hiding this comment.
Superfluous, always true because of the cipher->IsAuthenticatedMode() check above.
There was a problem hiding this comment.
If we ever add support for other authenticated modes, IsAuthenticatedMode will be true even if the cipher mode is not GCM, and other modes might have different restrictions on the tag size. I can remove the check if you would like.
There was a problem hiding this comment.
We'd audit all IsAuthenticatedMode() call sites anyway in that case so that's not a problem.
|
One failure when using FIPS (output): |
|
FIPS mode caused a New CI: https://ci.nodejs.org/job/node-test-pull-request/12025/ |
|
Forgot to include GCM warnings when using FIPS this time, should be good now. New CI: https://ci.nodejs.org/job/node-test-pull-request/12026/ |
bnoordhuis
approved these changes
Dec 11, 2017
src/node_crypto.cc
Outdated
| @@ -3767,9 +3767,17 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) { | |||
| return args.GetReturnValue().Set(false); | |||
| } | |||
|
|
|||
| // FIXME(bnoordhuis) Throw when buffer length is not a valid tag size. | |||
| // Restrict GCM tag lengths according to NIST 800-38d, page 9 | |||
lpinca
approved these changes
Dec 11, 2017
jasnell
approved these changes
Dec 12, 2017
|
cc @sam-github @indutny @danbev @shigeki regarding #17566 (review) |
|
It has been almost two weeks, I would like to land this tomorrow unless someone objects. Update: No objections. Pre-land CI: https://ci.nodejs.org/job/node-test-pull-request/12260/ |
|
Landed in e565534 1a396bb (f4ab204...1a396bb). |
Merged
MylesBorins
added a commit
that referenced
this pull request
Feb 11, 2018
This LTS release comes with 109 commits, 17 of which are considered
Semver-Minor. This includes 32 which are doc related, 29 which are test
related, 8 which are build / tool related and 1 commit which updates
a dependency.
Notable Changes:
* console:
- added console.count() and console.clear() (James M Snell)
#12678
* crypto:
- expose ECDH class (Bryan English)
#8188
- added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas)
#10209
- warn on invalid authentication tag length (Tobias Nießen)
#17566
* deps:
- upgrade libuv to 1.16.1 (cjihrig)
#16835
* dgram:
- added socket.setMulticastInterface() (Will Young)
#7855
* http:
- add agent.keepSocketAlive and agent.reuseSocket as to allow
overridable keep-alive behavior of `Agent` (Fedor Indutny)
#13005
* lib:
- return this from net.Socket.end() (Sam Roberts)
#13481
* module:
- add builtinModules api that provides list of all builtin modules in
Node (Jon Moss)
#16386
* net:
- return this from getConnections() (Sam Roberts)
#13553
* promises:
- more robust stringification for unhandled rejections (Timothy Gu)
#13784
* repl:
- improve require() autocompletion (Alexey Orlenko)
#14409
* src:
- add openssl-system-ca-path configure option (Daniel Bevenius)
#16790
- add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius)
#12087
- add process.ppid (cjihrig)
#16839
* tls:
- accept `lookup` option for `tls.connect()` (Fedor Indutny)
#12839
* tools, build:
- a new macOS installer! (JP Wesselink)
#15179
* url:
- WHATWG URL api support (James M Snell)
#7448
* util:
- add %i and %f formatting specifiers (Roman Reiss)
#10308
PR-URL: #18342
MylesBorins
added a commit
that referenced
this pull request
Feb 12, 2018
This LTS release comes with 109 commits, 17 of which are considered
Semver-Minor. This includes 32 which are doc related, 29 which are test
related, 8 which are build / tool related and 1 commit which updates
a dependency.
Notable Changes:
* console:
- added console.count() and console.clear() (James M Snell)
#12678
* crypto:
- expose ECDH class (Bryan English)
#8188
- added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas)
#10209
- warn on invalid authentication tag length (Tobias Nießen)
#17566
* deps:
- upgrade libuv to 1.16.1 (cjihrig)
#16835
* dgram:
- added socket.setMulticastInterface() (Will Young)
#7855
* http:
- add agent.keepSocketAlive and agent.reuseSocket as to allow
overridable keep-alive behavior of `Agent` (Fedor Indutny)
#13005
* lib:
- return this from net.Socket.end() (Sam Roberts)
#13481
* module:
- add builtinModules api that provides list of all builtin modules in
Node (Jon Moss)
#16386
* net:
- return this from getConnections() (Sam Roberts)
#13553
* promises:
- more robust stringification for unhandled rejections (Timothy Gu)
#13784
* repl:
- improve require() autocompletion (Alexey Orlenko)
#14409
* src:
- add openssl-system-ca-path configure option (Daniel Bevenius)
#16790
- add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius)
#12087
- add process.ppid (cjihrig)
#16839
* tls:
- accept `lookup` option for `tls.connect()` (Fedor Indutny)
#12839
* tools, build:
- a new macOS installer! (JP Wesselink)
#15179
* url:
- WHATWG URL api support (James M Snell)
#7448
* util:
- add %i and %f formatting specifiers (Roman Reiss)
#10308
PR-URL: #18342
MylesBorins
added a commit
that referenced
this pull request
Feb 13, 2018
This LTS release comes with 109 commits, 17 of which are considered
Semver-Minor. This includes 32 which are doc related, 29 which are test
related, 8 which are build / tool related and 1 commit which updates
a dependency.
Notable Changes:
* console:
- added console.count() and console.clear() (James M Snell)
#12678
* crypto:
- expose ECDH class (Bryan English)
#8188
- added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas)
#10209
- warn on invalid authentication tag length (Tobias Nießen)
#17566
* deps:
- upgrade libuv to 1.16.1 (cjihrig)
#16835
* dgram:
- added socket.setMulticastInterface() (Will Young)
#7855
* http:
- add agent.keepSocketAlive and agent.reuseSocket as to allow
overridable keep-alive behavior of `Agent` (Fedor Indutny)
#13005
* lib:
- return this from net.Socket.end() (Sam Roberts)
#13481
* module:
- add builtinModules api that provides list of all builtin modules in
Node (Jon Moss)
#16386
* net:
- return this from getConnections() (Sam Roberts)
#13553
* promises:
- more robust stringification for unhandled rejections (Timothy Gu)
#13784
* repl:
- improve require() autocompletion (Alexey Orlenko)
#14409
* src:
- add openssl-system-ca-path configure option (Daniel Bevenius)
#16790
- add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius)
#12087
- add process.ppid (cjihrig)
#16839
* tls:
- accept `lookup` option for `tls.connect()` (Fedor Indutny)
#12839
* tools, build:
- a new macOS installer! (JP Wesselink)
#15179
* url:
- WHATWG URL api support (James M Snell)
#7448
* util:
- add %i and %f formatting specifiers (Roman Reiss)
#10308
PR-URL: #18342
MylesBorins
added a commit
that referenced
this pull request
Feb 13, 2018
This LTS release comes with 112 commits, 17 of which are considered
Semver-Minor. This includes 32 which are doc related, 30 which are test
related, 8 which are build / tool related and 1 commit which updates
a dependency.
Notable Changes:
* console:
- added console.count() and console.clear() (James M Snell)
#12678
* crypto:
- expose ECDH class (Bryan English)
#8188
- added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas)
#10209
- warn on invalid authentication tag length (Tobias Nießen)
#17566
* deps:
- upgrade libuv to 1.16.1 (cjihrig)
#16835
* dgram:
- added socket.setMulticastInterface() (Will Young)
#7855
* http:
- add agent.keepSocketAlive and agent.reuseSocket as to allow
overridable keep-alive behavior of `Agent` (Fedor Indutny)
#13005
* lib:
- return this from net.Socket.end() (Sam Roberts)
#13481
* module:
- add builtinModules api that provides list of all builtin modules in
Node (Jon Moss)
#16386
* net:
- return this from getConnections() (Sam Roberts)
#13553
* promises:
- more robust stringification for unhandled rejections (Timothy Gu)
#13784
* repl:
- improve require() autocompletion (Alexey Orlenko)
#14409
* src:
- add openssl-system-ca-path configure option (Daniel Bevenius)
#16790
- add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius)
#12087
- add process.ppid (cjihrig)
#16839
* tls:
- accept `lookup` option for `tls.connect()` (Fedor Indutny)
#12839
* tools, build:
- a new macOS installer! (JP Wesselink)
#15179
* url:
- WHATWG URL api support (James M Snell)
#7448
* util:
- add %i and %f formatting specifiers (Roman Reiss)
#10308
PR-URL: #18342
MylesBorins
added a commit
that referenced
this pull request
Feb 13, 2018
This LTS release comes with 112 commits, 17 of which are considered
Semver-Minor. This includes 32 which are doc related, 30 which are test
related, 8 which are build / tool related and 1 commit which updates
a dependency.
Notable Changes:
* console:
- added console.count() and console.clear() (James M Snell)
#12678
* crypto:
- expose ECDH class (Bryan English)
#8188
- added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas)
#10209
- warn on invalid authentication tag length (Tobias Nießen)
#17566
* deps:
- upgrade libuv to 1.16.1 (cjihrig)
#16835
* dgram:
- added socket.setMulticastInterface() (Will Young)
#7855
* http:
- add agent.keepSocketAlive and agent.reuseSocket as to allow
overridable keep-alive behavior of `Agent` (Fedor Indutny)
#13005
* lib:
- return this from net.Socket.end() (Sam Roberts)
#13481
* module:
- add builtinModules api that provides list of all builtin modules in
Node (Jon Moss)
#16386
* net:
- return this from getConnections() (Sam Roberts)
#13553
* promises:
- more robust stringification for unhandled rejections (Timothy Gu)
#13784
* repl:
- improve require() autocompletion (Alexey Orlenko)
#14409
* src:
- add openssl-system-ca-path configure option (Daniel Bevenius)
#16790
- add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius)
#12087
- add process.ppid (cjihrig)
#16839
* tls:
- accept `lookup` option for `tls.connect()` (Fedor Indutny)
#12839
* tools, build:
- a new macOS installer! (JP Wesselink)
#15179
* url:
- WHATWG URL api support (James M Snell)
#7448
* util:
- add %i and %f formatting specifiers (Roman Reiss)
#10308
PR-URL: #18342
gibfahn
added a commit
that referenced
this pull request
Mar 6, 2018
Notable changes: * deps: * update V8 to 6.2.414.46 (Michaël Zasso) [#16413](#16413) * revert ABI breaking changes in V8 6.2 (Anna Henningsen) [#16413](#16413) * upgrade libuv to 1.19.1 (cjihrig) [#18260](#18260) * re land npm 5.6.0 (Myles Borins) [#18625](#18625) * ICU 60 bump (Steven R. Loomis) [#16876](#16876) * crypto: * Support both OpenSSL 1.1.0 and 1.0.2 (David Benjamin) [#16130](#16130) * warn on invalid authentication tag length (Tobias Nießen) [#17566](#17566) * async_hooks: * update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) [#18004](#18004) * use typed array stack as fast path (Anna Henningsen) [#17780](#17780) * use scope for defaultTriggerAsyncId (Andreas Madsen) [#17273](#17273) * separate missing from default context (Andreas Madsen) [#17273](#17273) * rename initTriggerId (Andreas Madsen) [#17273](#17273) * deprecate undocumented API (Andreas Madsen) [#16972](#16972) * add destroy event for gced AsyncResources (Sebastian Mayr) [#16998](#16998) * add trace events to async_hooks (Andreas Madsen) [#15538](#15538) * set HTTPParser trigger to socket (Andreas Madsen) [#18003](#18003) * add provider types for net server (Andreas Madsen) [#17157](#17157) * n-api: * add helper for addons to get the event loop (Anna Henningsen) [#17109](#17109) * cli: * add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) [#16495](#16495) * console: * add support for console.debug (Benjamin Zaslavsky) [#17033](#17033) * module: * add builtinModules (Jon Moss) [#16386](#16386) * replace default paths in require.resolve() (cjihrig) [#17113](#17113) * src: * add helper for addons to get the event loop (Anna Henningsen) [#17109](#17109) * add process.ppid (cjihrig) [#16839](#16839) * http: * support generic `Duplex` streams (Anna Henningsen) [#16267](#16267) * add rawPacket in err of `clientError` event (XadillaX) [#17672](#17672) * better support for IPv6 addresses (Mattias Holmlund) [#14772](#14772) * net: * remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) [#17662](#17662) * process: * fix reading zero-length env vars on win32 (Anna Henningsen) [#18463](#18463) * tls: * unconsume stream on destroy (Anna Henningsen) [#17478](#17478) * process: * improve unhandled rejection message (Madara Uchiha) [#17158](#17158) * stream: * remove usage of *State.highWaterMark (Calvin Metcalf) [#12860](#12860) * trace_events: * add executionAsyncId to init events (Andreas Madsen) [#17196](#17196) PR-URL: #18336
gibfahn
added a commit
that referenced
this pull request
Mar 7, 2018
Notable changes: * deps: * update V8 to 6.2.414.46 (Michaël Zasso) [#16413](#16413) * revert ABI breaking changes in V8 6.2 (Anna Henningsen) [#16413](#16413) * upgrade libuv to 1.19.1 (cjihrig) [#18260](#18260) * re land npm 5.6.0 (Myles Borins) [#18625](#18625) * ICU 60 bump (Steven R. Loomis) [#16876](#16876) * crypto: * Support both OpenSSL 1.1.0 and 1.0.2 (David Benjamin) [#16130](#16130) * warn on invalid authentication tag length (Tobias Nießen) [#17566](#17566) * async_hooks: * update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) [#18004](#18004) * use typed array stack as fast path (Anna Henningsen) [#17780](#17780) * use scope for defaultTriggerAsyncId (Andreas Madsen) [#17273](#17273) * separate missing from default context (Andreas Madsen) [#17273](#17273) * rename initTriggerId (Andreas Madsen) [#17273](#17273) * deprecate undocumented API (Andreas Madsen) [#16972](#16972) * add destroy event for gced AsyncResources (Sebastian Mayr) [#16998](#16998) * add trace events to async_hooks (Andreas Madsen) [#15538](#15538) * set HTTPParser trigger to socket (Andreas Madsen) [#18003](#18003) * add provider types for net server (Andreas Madsen) [#17157](#17157) * n-api: * add helper for addons to get the event loop (Anna Henningsen) [#17109](#17109) * cli: * add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) [#16495](#16495) * console: * add support for console.debug (Benjamin Zaslavsky) [#17033](#17033) * module: * add builtinModules (Jon Moss) [#16386](#16386) * replace default paths in require.resolve() (cjihrig) [#17113](#17113) * src: * add helper for addons to get the event loop (Anna Henningsen) [#17109](#17109) * add process.ppid (cjihrig) [#16839](#16839) * http: * support generic `Duplex` streams (Anna Henningsen) [#16267](#16267) * add rawPacket in err of `clientError` event (XadillaX) [#17672](#17672) * better support for IPv6 addresses (Mattias Holmlund) [#14772](#14772) * net: * remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) [#17662](#17662) * process: * fix reading zero-length env vars on win32 (Anna Henningsen) [#18463](#18463) * tls: * unconsume stream on destroy (Anna Henningsen) [#17478](#17478) * process: * improve unhandled rejection message (Madara Uchiha) [#17158](#17158) * stream: * remove usage of *State.highWaterMark (Calvin Metcalf) [#12860](#12860) * trace_events: * add executionAsyncId to init events (Andreas Madsen) [#17196](#17196) PR-URL: #18336
MayaLekova
pushed a commit
to MayaLekova/node
that referenced
this pull request
May 8, 2018
This LTS release comes with 112 commits, 17 of which are considered
Semver-Minor. This includes 32 which are doc related, 30 which are test
related, 8 which are build / tool related and 1 commit which updates
a dependency.
Notable Changes:
* console:
- added console.count() and console.clear() (James M Snell)
nodejs#12678
* crypto:
- expose ECDH class (Bryan English)
nodejs#8188
- added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas)
nodejs#10209
- warn on invalid authentication tag length (Tobias Nießen)
nodejs#17566
* deps:
- upgrade libuv to 1.16.1 (cjihrig)
nodejs#16835
* dgram:
- added socket.setMulticastInterface() (Will Young)
nodejs#7855
* http:
- add agent.keepSocketAlive and agent.reuseSocket as to allow
overridable keep-alive behavior of `Agent` (Fedor Indutny)
nodejs#13005
* lib:
- return this from net.Socket.end() (Sam Roberts)
nodejs#13481
* module:
- add builtinModules api that provides list of all builtin modules in
Node (Jon Moss)
nodejs#16386
* net:
- return this from getConnections() (Sam Roberts)
nodejs#13553
* promises:
- more robust stringification for unhandled rejections (Timothy Gu)
nodejs#13784
* repl:
- improve require() autocompletion (Alexey Orlenko)
nodejs#14409
* src:
- add openssl-system-ca-path configure option (Daniel Bevenius)
nodejs#16790
- add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius)
nodejs#12087
- add process.ppid (cjihrig)
nodejs#16839
* tls:
- accept `lookup` option for `tls.connect()` (Fedor Indutny)
nodejs#12839
* tools, build:
- a new macOS installer! (JP Wesselink)
nodejs#15179
* url:
- WHATWG URL api support (James M Snell)
nodejs#7448
* util:
- add %i and %f formatting specifiers (Roman Reiss)
nodejs#10308
PR-URL: nodejs#18342
MayaLekova
pushed a commit
to MayaLekova/node
that referenced
this pull request
May 8, 2018
Notable changes: * deps: * update V8 to 6.2.414.46 (Michaël Zasso) [nodejs#16413](nodejs#16413) * revert ABI breaking changes in V8 6.2 (Anna Henningsen) [nodejs#16413](nodejs#16413) * upgrade libuv to 1.19.1 (cjihrig) [nodejs#18260](nodejs#18260) * re land npm 5.6.0 (Myles Borins) [nodejs#18625](nodejs#18625) * ICU 60 bump (Steven R. Loomis) [nodejs#16876](nodejs#16876) * crypto: * Support both OpenSSL 1.1.0 and 1.0.2 (David Benjamin) [nodejs#16130](nodejs#16130) * warn on invalid authentication tag length (Tobias Nießen) [nodejs#17566](nodejs#17566) * async_hooks: * update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) [nodejs#18004](nodejs#18004) * use typed array stack as fast path (Anna Henningsen) [nodejs#17780](nodejs#17780) * use scope for defaultTriggerAsyncId (Andreas Madsen) [nodejs#17273](nodejs#17273) * separate missing from default context (Andreas Madsen) [nodejs#17273](nodejs#17273) * rename initTriggerId (Andreas Madsen) [nodejs#17273](nodejs#17273) * deprecate undocumented API (Andreas Madsen) [nodejs#16972](nodejs#16972) * add destroy event for gced AsyncResources (Sebastian Mayr) [nodejs#16998](nodejs#16998) * add trace events to async_hooks (Andreas Madsen) [nodejs#15538](nodejs#15538) * set HTTPParser trigger to socket (Andreas Madsen) [nodejs#18003](nodejs#18003) * add provider types for net server (Andreas Madsen) [nodejs#17157](nodejs#17157) * n-api: * add helper for addons to get the event loop (Anna Henningsen) [nodejs#17109](nodejs#17109) * cli: * add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) [nodejs#16495](nodejs#16495) * console: * add support for console.debug (Benjamin Zaslavsky) [nodejs#17033](nodejs#17033) * module: * add builtinModules (Jon Moss) [nodejs#16386](nodejs#16386) * replace default paths in require.resolve() (cjihrig) [nodejs#17113](nodejs#17113) * src: * add helper for addons to get the event loop (Anna Henningsen) [nodejs#17109](nodejs#17109) * add process.ppid (cjihrig) [nodejs#16839](nodejs#16839) * http: * support generic `Duplex` streams (Anna Henningsen) [nodejs#16267](nodejs#16267) * add rawPacket in err of `clientError` event (XadillaX) [nodejs#17672](nodejs#17672) * better support for IPv6 addresses (Mattias Holmlund) [nodejs#14772](nodejs#14772) * net: * remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) [nodejs#17662](nodejs#17662) * process: * fix reading zero-length env vars on win32 (Anna Henningsen) [nodejs#18463](nodejs#18463) * tls: * unconsume stream on destroy (Anna Henningsen) [nodejs#17478](nodejs#17478) * process: * improve unhandled rejection message (Madara Uchiha) [nodejs#17158](nodejs#17158) * stream: * remove usage of *State.highWaterMark (Calvin Metcalf) [nodejs#12860](nodejs#12860) * trace_events: * add executionAsyncId to init events (Andreas Madsen) [nodejs#17196](nodejs#17196) PR-URL: nodejs#18336
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
From NIST SP 800-38d, page 9:
Ultimately, we should throw an error in this case, but as that is a semver-major change (as explained in #17523 (comment)), this PR logs a warning. If we decide to land this, I will open a separate PR with the semver-major change.
Refs #17523
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAffected core subsystem(s)
crypto