crypto: make authTagLength optional for CC20P1305

PR-URL: https://github.com/nodejs/node/pull/42427 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
author: Tobias Nießen <tniessen@tnie.de> 2022-03-27 03:28:19 +0300
committer: GitHub <noreply@github.com> 2022-03-27 03:28:19 +0300
commit: 934a3aa28fdc8dd23701d642580b261f5f6c932b (patch)
tree: 81d1b5f1fb3a97b54f16cad3036aec6f4e823ff6 /src
parent: 6e5485135737094582cdda68664ab2354154a60c (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
index 05acefb6011..f65b7c41bd9 100644
--- a/src/crypto/crypto_cipher.cc
+++ b/src/crypto/crypto_cipher.cc
@@ -571,9 +571,17 @@ bool CipherBase::InitAuthenticated(
     }
   } else {
     if (auth_tag_len == kNoAuthTagLength) {
-      THROW_ERR_CRYPTO_INVALID_AUTH_TAG(
-        env(), "authTagLength required for %s", cipher_type);
-      return false;
+      // We treat ChaCha20-Poly1305 specially. Like GCM, the authentication tag
+      // length defaults to 16 bytes when encrypting. Unlike GCM, the
+      // authentication tag length also defaults to 16 bytes when decrypting,
+      // whereas GCM would accept any valid authentication tag length.
+      if (EVP_CIPHER_CTX_nid(ctx_.get()) == NID_chacha20_poly1305) {
+        auth_tag_len = 16;
+      } else {
+        THROW_ERR_CRYPTO_INVALID_AUTH_TAG(
+          env(), "authTagLength required for %s", cipher_type);
+        return false;
+      }
     }
 
     // TODO(tniessen) Support CCM decryption in FIPS mode
author	Tobias Nießen <tniessen@tnie.de>	2022-03-27 03:28:19 +0300
committer	GitHub <noreply@github.com>	2022-03-27 03:28:19 +0300
commit	934a3aa28fdc8dd23701d642580b261f5f6c932b (patch)
tree	81d1b5f1fb3a97b54f16cad3036aec6f4e823ff6 /src
parent	6e5485135737094582cdda68664ab2354154a60c (diff)