crypto: fix faulty logic in iv size check #9032
Conversation
bnoordhuis
added
crypto
nodejs-github-bot
added
the
c++
| @@ -3261,7 +3261,7 @@ void CipherBase::InitIv(const char* cipher_type, | |||
| iv_length (0) for ECB ciphers */ | |||
| if (EVP_CIPHER_iv_length(cipher_) != iv_len && | |||
| !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) && | |||
There was a problem hiding this comment.
Seeing the above comment in regard of the openssl bug, the issue of ECB mode has already resolved in openssl/openssl@97fe2b4 so that we no longer need to check the iv length of ECB mode.
| @@ -3261,7 +3261,7 @@ void CipherBase::InitIv(const char* cipher_type, | |||
| iv_length (0) for ECB ciphers */ | |||
| if (EVP_CIPHER_iv_length(cipher_) != iv_len && | |||
| !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) && | |||
| !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE) && iv_len > 0) { | |||
| !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE && iv_len > 0)) { | |||
| return env()->ThrowError("Invalid IV length"); | |||
There was a problem hiding this comment.
I could not figure out the reason why the GCM test of zero length of iv_len in test-crypto-authenticated.js has passed. There seems two reasons. One is the test has a bug to skip some tests due to checking test.password and i>0 but iv_len in GCM can be checked in the following EVP_CIPHER_CTX_ctrl(&ctx_, EVP_CTRL_GCM_SET_IVLEN, iv_len, nullptr).
I think the fix of test-crypto-authenticated.js as in https://gist.github.com/shigeki/afc23ecef12006777b668a2b8a24b044 is also needed.
There was a problem hiding this comment.
Huh, good point. I'll investigate.
|
Good catch, @shigeki. I think I got it now, PTAL. |
|
A new CI is running on https://ci.nodejs.org/job/node-test-pull-request/4492/ |
| const int expected_iv_len = EVP_CIPHER_iv_length(cipher_); | ||
| const bool is_gcm_mode = (EVP_CIPH_GCM_MODE == EVP_CIPHER_mode(cipher_)); | ||
|
|
||
| if (is_gcm_mode == false && iv_len != expected_iv_len) { |
There was a problem hiding this comment.
Believe it or not, I chose not to use that because !i is not very distinct in some fonts.
|
One genuine failure on the FIPS buildbot, probably DES is not allowed in FIPS mode, but what is up with the freebsd and smartos buildbots? Lots of seemingly random flakes and not just in this run. |
|
Now with FIPS fix-ups: https://ci.nodejs.org/job/node-test-pull-request/4493/ |
| const int expected_iv_len = EVP_CIPHER_iv_length(cipher_); | ||
| const bool is_gcm_mode = (EVP_CIPH_GCM_MODE == EVP_CIPHER_mode(cipher_)); | ||
|
|
||
| if (is_gcm_mode == false && iv_len != expected_iv_len) { |
|
@bnoordhuis I've been noticing all sorts of flakes on BSD + smartos last 48 hours |
|
One more FIPS fix-up: https://ci.nodejs.org/job/node-test-pull-request/4498/ |
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: nodejs#9032 Refs: nodejs#6376 Refs: nodejs#9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: #9032 Refs: #6376 Refs: #9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: #9032 Refs: #6376 Refs: #9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
|
@bnoordhuis this lands cleanly on v6.x but not on v4.x. Would you be willing to manually backport? |
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: nodejs#9032 Refs: nodejs#6376 Refs: nodejs#9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
|
@thealphanerd I'm not sure where you are accumulating back-ports, I was thinking there might be a v4.xxx-proposal, so maybe you already have this. Anyhow, I back-ported as an exercise https://github.com/sam-github/node/commits/v4-pr/9032 @bnoordhuis if you didn't back-port already, PTAL at above. |
|
@sam-github would you be willing to send that backport to v4.x as a PR so it can be appropriately reviewed? Thanks for taking the time to do it! |
|
@thealphanerd #9686, is there any way to list all the PRs that target 4.x? |
https://github.com/nodejs/node/pulls?q=is%3Aopen+label%3Av4.x+is%3Apr might come close? |
|
@sam-github currently all pr's that target v4.x should have the v4.x label There are also commits to be audited such as well as commits that have the lts-watch-v4.x label but are closed. There are also commits in master that have not been labelled the need to be audited Feel free to ping me outside github if you wanna chat more in depth about the process |
|
@thealphanerd Thanks, I think I got the gist, target -staging, label with the target version. |
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: #9032 Refs: #6376 Refs: #9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: #9032 Refs: #6376 Refs: #9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.
Refs: #6376
Refs: #9024
R=@nodejs/crypto @addaleax