diff options
author | Tobias Nießen <tniessen@tnie.de> | 2022-03-27 03:28:19 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-27 03:28:19 +0300 |
commit | 934a3aa28fdc8dd23701d642580b261f5f6c932b (patch) | |
tree | 81d1b5f1fb3a97b54f16cad3036aec6f4e823ff6 /src | |
parent | 6e5485135737094582cdda68664ab2354154a60c (diff) |
crypto: make authTagLength optional for CC20P1305
PR-URL: https://github.com/nodejs/node/pull/42427
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/crypto/crypto_cipher.cc | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc index 05acefb6011..f65b7c41bd9 100644 --- a/src/crypto/crypto_cipher.cc +++ b/src/crypto/crypto_cipher.cc @@ -571,9 +571,17 @@ bool CipherBase::InitAuthenticated( } } else { if (auth_tag_len == kNoAuthTagLength) { - THROW_ERR_CRYPTO_INVALID_AUTH_TAG( - env(), "authTagLength required for %s", cipher_type); - return false; + // We treat ChaCha20-Poly1305 specially. Like GCM, the authentication tag + // length defaults to 16 bytes when encrypting. Unlike GCM, the + // authentication tag length also defaults to 16 bytes when decrypting, + // whereas GCM would accept any valid authentication tag length. + if (EVP_CIPHER_CTX_nid(ctx_.get()) == NID_chacha20_poly1305) { + auth_tag_len = 16; + } else { + THROW_ERR_CRYPTO_INVALID_AUTH_TAG( + env(), "authTagLength required for %s", cipher_type); + return false; + } } // TODO(tniessen) Support CCM decryption in FIPS mode |