Skip to content

crypto: forward auth tag to OpenSSL immediately #58547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 3, 2025
Merged

crypto: forward auth tag to OpenSSL immediately #58547

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 12 additions & 37 deletions src/crypto/crypto_cipher.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,9 +514,9 @@ void CipherBase::GetAuthTag(const FunctionCallbackInfo<Value>& args) {
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.This());

// Only callable after Final and if encrypting.
if (cipher->ctx_ ||
cipher->kind_ != kCipher ||
cipher->auth_tag_len_ == kNoAuthTagLength) {
if (cipher->ctx_ || cipher->kind_ != kCipher ||
cipher->auth_tag_len_ == kNoAuthTagLength ||
cipher->auth_tag_state_ != kAuthTagComputed) {
return;
}

Expand Down Expand Up @@ -577,29 +577,16 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
}

cipher->auth_tag_len_ = tag_len;
cipher->auth_tag_state_ = kAuthTagKnown;
CHECK_LE(cipher->auth_tag_len_, sizeof(cipher->auth_tag_));
CHECK_LE(cipher->auth_tag_len_, ncrypto::Cipher::MAX_AUTH_TAG_LENGTH);

memset(cipher->auth_tag_, 0, sizeof(cipher->auth_tag_));
auth_tag.CopyTo(cipher->auth_tag_, cipher->auth_tag_len_);
if (!cipher->ctx_.setAeadTag({auth_tag.data(), cipher->auth_tag_len_})) {
return args.GetReturnValue().Set(false);
}
cipher->auth_tag_state_ = kAuthTagSetByUser;

args.GetReturnValue().Set(true);
}

bool CipherBase::MaybePassAuthTagToOpenSSL() {
if (auth_tag_state_ == kAuthTagKnown) {
ncrypto::Buffer<const char> buffer{
.data = auth_tag_,
.len = auth_tag_len_,
};
if (!ctx_.setAeadTag(buffer)) {
return false;
}
auth_tag_state_ = kAuthTagPassedToOpenSSL;
}
return true;
}

bool CipherBase::SetAAD(
const ArrayBufferOrViewContents<unsigned char>& data,
int plaintext_len) {
Expand All @@ -622,10 +609,6 @@ bool CipherBase::SetAAD(
return false;
}

if (kind_ == kDecipher && !MaybePassAuthTagToOpenSSL()) {
return false;
}

ncrypto::Buffer<const unsigned char> buffer{
.data = nullptr,
.len = static_cast<size_t>(plaintext_len),
Expand Down Expand Up @@ -670,12 +653,6 @@ CipherBase::UpdateResult CipherBase::Update(
return kErrorMessageSize;
}

// Pass the authentication tag to OpenSSL if possible. This will only happen
// once, usually on the first update.
if (kind_ == kDecipher && IsAuthenticatedMode()) {
CHECK(MaybePassAuthTagToOpenSSL());
}

const int block_size = ctx_.getBlockSize();
CHECK_GT(block_size, 0);
if (len + block_size > INT_MAX) return kErrorState;
Expand Down Expand Up @@ -777,16 +754,11 @@ bool CipherBase::Final(std::unique_ptr<BackingStore>* out) {
static_cast<size_t>(ctx_.getBlockSize()),
BackingStoreInitializationMode::kUninitialized);

if (kind_ == kDecipher &&
Cipher::FromCtx(ctx_).isSupportedAuthenticatedMode()) {
MaybePassAuthTagToOpenSSL();
}

#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
// OpenSSL v1.x doesn't verify the presence of the auth tag so do
// it ourselves, see https://github.com/nodejs/node/issues/45874.
if (kind_ == kDecipher && ctx_.isChaCha20Poly1305() &&
auth_tag_state_ != kAuthTagPassedToOpenSSL) {
auth_tag_state_ != kAuthTagSetByUser) {
return false;
}
#endif
Expand Down Expand Up @@ -824,6 +796,9 @@ bool CipherBase::Final(std::unique_ptr<BackingStore>* out) {
}
ok = ctx_.getAeadTag(auth_tag_len_,
reinterpret_cast<unsigned char*>(auth_tag_));
if (ok) {
auth_tag_state_ = kAuthTagComputed;
}
}
}

Expand Down
10 changes: 4 additions & 6 deletions src/crypto/crypto_cipher.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ class CipherBase : public BaseObject {
};
enum AuthTagState {
kAuthTagUnknown,
kAuthTagKnown,
kAuthTagPassedToOpenSSL
kAuthTagSetByUser,
kAuthTagComputed,
};
static const unsigned kNoAuthTagLength = static_cast<unsigned>(-1);

Expand All @@ -64,10 +64,8 @@ class CipherBase : public BaseObject {
bool SetAutoPadding(bool auto_padding);

bool IsAuthenticatedMode() const;
bool SetAAD(
const ArrayBufferOrViewContents<unsigned char>& data,
int plaintext_len);
bool MaybePassAuthTagToOpenSSL();
bool SetAAD(const ArrayBufferOrViewContents<unsigned char>& data,
int plaintext_len);

static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
static void Update(const v8::FunctionCallbackInfo<v8::Value>& args);
Expand Down
Loading