Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 6562444

Browse filesBrowse files
mwainMyles Borins
mwain
authored and
Myles Borins
committed
crypto: allow GCM ciphers to have longer IV length
GCM cipher IV length can be >=1 bytes. When not the default 12 bytes (96 bits) sets the IV length using `EVP_CIPHER_CTX_ctrl` with type `EVP_CTRL_GCM_SET_IVLEN` PR-URL: #6376 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
1 parent e9ff0f8 commit 6562444
Copy full SHA for 6562444

File tree

Expand file treeCollapse file tree

2 files changed

+315
-24
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+315
-24
lines changed
Open diff view settings
Collapse file

‎src/node_crypto.cc‎

Copy file name to clipboardExpand all lines: src/node_crypto.cc
+13-1Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3028,12 +3028,24 @@ void CipherBase::InitIv(const char* cipher_type,
30283028
/* OpenSSL versions up to 0.9.8l failed to return the correct
30293029
iv_length (0) for ECB ciphers */
30303030
if (EVP_CIPHER_iv_length(cipher_) != iv_len &&
3031-
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0)) {
3031+
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) &&
3032+
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE) && iv_len > 0) {
30323033
return env()->ThrowError("Invalid IV length");
30333034
}
3035+
30343036
EVP_CIPHER_CTX_init(&ctx_);
30353037
const bool encrypt = (kind_ == kCipher);
30363038
EVP_CipherInit_ex(&ctx_, cipher_, nullptr, nullptr, nullptr, encrypt);
3039+
3040+
/* Set IV length. Only required if GCM cipher and IV is not default iv. */
3041+
if (EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE &&
3042+
iv_len != EVP_CIPHER_iv_length(cipher_)) {
3043+
if (!EVP_CIPHER_CTX_ctrl(&ctx_, EVP_CTRL_GCM_SET_IVLEN, iv_len, nullptr)) {
3044+
EVP_CIPHER_CTX_cleanup(&ctx_);
3045+
return env()->ThrowError("Invalid IV length");
3046+
}
3047+
}
3048+
30373049
if (!EVP_CIPHER_CTX_set_key_length(&ctx_, key_len)) {
30383050
EVP_CIPHER_CTX_cleanup(&ctx_);
30393051
return env()->ThrowError("Invalid key length");

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.