Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit fa9e6f7

Browse filesBrowse files
mwainFishrock123
mwain
authored and
Fishrock123
committed
crypto: Allow GCM ciphers to have a longer IV length
GCM cipher IV length can be >=1 bytes. When not the default 12 bytes (96 bits) sets the IV length using `EVP_CIPHER_CTX_ctrl` with type `EVP_CTRL_GCM_SET_IVLEN` PR-URL: #6376 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
1 parent a4880b5 commit fa9e6f7
Copy full SHA for fa9e6f7

File tree

Expand file treeCollapse file tree

2 files changed

+315
-24
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+315
-24
lines changed
Open diff view settings
Collapse file

‎src/node_crypto.cc‎

Copy file name to clipboardExpand all lines: src/node_crypto.cc
+13-1Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3271,12 +3271,24 @@ void CipherBase::InitIv(const char* cipher_type,
32713271
/* OpenSSL versions up to 0.9.8l failed to return the correct
32723272
iv_length (0) for ECB ciphers */
32733273
if (EVP_CIPHER_iv_length(cipher_) != iv_len &&
3274-
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0)) {
3274+
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) &&
3275+
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE) && iv_len > 0) {
32753276
return env()->ThrowError("Invalid IV length");
32763277
}
3278+
32773279
EVP_CIPHER_CTX_init(&ctx_);
32783280
const bool encrypt = (kind_ == kCipher);
32793281
EVP_CipherInit_ex(&ctx_, cipher_, nullptr, nullptr, nullptr, encrypt);
3282+
3283+
/* Set IV length. Only required if GCM cipher and IV is not default iv. */
3284+
if (EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE &&
3285+
iv_len != EVP_CIPHER_iv_length(cipher_)) {
3286+
if (!EVP_CIPHER_CTX_ctrl(&ctx_, EVP_CTRL_GCM_SET_IVLEN, iv_len, nullptr)) {
3287+
EVP_CIPHER_CTX_cleanup(&ctx_);
3288+
return env()->ThrowError("Invalid IV length");
3289+
}
3290+
}
3291+
32803292
if (!EVP_CIPHER_CTX_set_key_length(&ctx_, key_len)) {
32813293
EVP_CIPHER_CTX_cleanup(&ctx_);
32823294
return env()->ThrowError("Invalid key length");

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.