From ff826069a89f3ab883f38ae08ce629d139d7c3b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 23 Apr 2024 16:38:06 +0200 Subject: [PATCH] crypto: move DEP0182 to runtime deprecation This introduces a runtime deprecation for using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. This behavior has been doc-only deprecated since 8f61b658de1e440839a076d3e5337193af960239. Refs: https://github.com/nodejs/node/issues/52327 Refs: https://github.com/nodejs/node/pull/52345 PR-URL: https://github.com/nodejs/node/pull/52552 Reviewed-By: Marco Ippolito Reviewed-By: Benjamin Gruenbaum Reviewed-By: Yagiz Nizipli Reviewed-By: Filip Skokan Reviewed-By: Rafael Gonzaga --- doc/api/crypto.md | 7 +++---- doc/api/deprecations.md | 7 +++++-- src/crypto/crypto_cipher.cc | 3 +-- test/parallel/test-crypto-gcm-implicit-short-tag.js | 1 - 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 44a4e249759b3a..57ce4d08911722 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -3078,10 +3078,9 @@ and initialization vector (`iv`). The `options` argument controls stream behavior and is optional except when a cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the -authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength` -option is not required but can be used to restrict accepted authentication tags -to those with the specified length. -For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes. +authentication tag in bytes, see [CCM mode][]. +For AES-GCM and `chacha20-poly1305`, the `authTagLength` option defaults to 16 +bytes and must be set to a different value if a different length is used. The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On recent OpenSSL releases, `openssl list -cipher-algorithms` will diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 75e3468a9c9129..1846797cbd8cb4 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -3623,15 +3623,18 @@ Please use the [`crypto.createHmac()`][] method to create Hmac instances. -Type: Documentation-only (supports [`--pending-deprecation`][]) +Type: Runtime Applications that intend to use authentication tags that are shorter than the -default authentication tag length should set the `authTagLength` option of the +default authentication tag length must set the `authTagLength` option of the [`crypto.createDecipheriv()`][] function to the appropriate length. For ciphers in GCM mode, the [`decipher.setAuthTag()`][] function accepts diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc index 94e2957cadec16..76a2d25709a1f7 100644 --- a/src/crypto/crypto_cipher.cc +++ b/src/crypto/crypto_cipher.cc @@ -698,8 +698,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { } if (mode == EVP_CIPH_GCM_MODE && cipher->auth_tag_len_ == kNoAuthTagLength && - tag_len != 16 && env->options()->pending_deprecation && - env->EmitProcessEnvWarning()) { + tag_len != 16 && env->EmitProcessEnvWarning()) { if (ProcessEmitDeprecationWarning( env, "Using AES-GCM authentication tags of less than 128 bits without " diff --git a/test/parallel/test-crypto-gcm-implicit-short-tag.js b/test/parallel/test-crypto-gcm-implicit-short-tag.js index 0776506bb63523..79647f00857ee6 100644 --- a/test/parallel/test-crypto-gcm-implicit-short-tag.js +++ b/test/parallel/test-crypto-gcm-implicit-short-tag.js @@ -1,4 +1,3 @@ -// Flags: --pending-deprecation 'use strict'; const common = require('../common'); if (!common.hasCrypto)