Skip to content

Commit

Permalink
crypto: allow GCM ciphers to have longer IV length
Browse files Browse the repository at this point in the history
GCM cipher IV length can be >=1 bytes.
When not the default 12 bytes (96 bits) sets the IV length using
`EVP_CIPHER_CTX_ctrl` with type `EVP_CTRL_GCM_SET_IVLEN`

PR-URL: #6376
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
  • Loading branch information
mwain authored and Myles Borins committed Jul 14, 2016
1 parent e9ff0f8 commit 6562444
Show file tree
Hide file tree
Showing 2 changed files with 315 additions and 24 deletions.
14 changes: 13 additions & 1 deletion src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -3028,12 +3028,24 @@ void CipherBase::InitIv(const char* cipher_type,
/* OpenSSL versions up to 0.9.8l failed to return the correct
iv_length (0) for ECB ciphers */
if (EVP_CIPHER_iv_length(cipher_) != iv_len &&
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0)) {
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) &&
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE) && iv_len > 0) {
return env()->ThrowError("Invalid IV length");
}

EVP_CIPHER_CTX_init(&ctx_);
const bool encrypt = (kind_ == kCipher);
EVP_CipherInit_ex(&ctx_, cipher_, nullptr, nullptr, nullptr, encrypt);

/* Set IV length. Only required if GCM cipher and IV is not default iv. */
if (EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE &&
iv_len != EVP_CIPHER_iv_length(cipher_)) {
if (!EVP_CIPHER_CTX_ctrl(&ctx_, EVP_CTRL_GCM_SET_IVLEN, iv_len, nullptr)) {
EVP_CIPHER_CTX_cleanup(&ctx_);
return env()->ThrowError("Invalid IV length");
}
}

if (!EVP_CIPHER_CTX_set_key_length(&ctx_, key_len)) {
EVP_CIPHER_CTX_cleanup(&ctx_);
return env()->ThrowError("Invalid key length");
Expand Down
Loading

0 comments on commit 6562444

Please sign in to comment.