-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
require('crypto') & DES inconsistent #9024
Comments
on an other machine (debian)
|
Extending the exemple to check the success rate i have :
|
Tempoary fix use : Success rate : 100% (100000 / 100000) But this is far from beeing satisfactory ..... |
|
'des' is ECB. Only CBC requires an IV, the parameters is here for good looks so that the toBuf() function do not throw an error. You may use new Buffer("000000000000000", "hex"); and you will have the exact same issue (i actually tried it before posting the issue on git hub) Beside, using des-ede (triple des encrypt/decrypt/encrypt) with key1 = key2 solves the issue |
I’m not an expert in crypto, so I can’t tell whether this is a problem in Node or not, but the passed IV does seem to be used (I get different but consistent results for different 8-byte IVs) for The valgrind outputs for the above scripts are about what you’d expect (
Tried it, and it worked (consistently) when adding one more |
Okay my bad, using new Buffer("0000000000000000", "hex") does solve the problem. |
That’s great to hear! (I’d still be interested to hear from anyone in @nodejs/crypto whether the out-of-bounds reads for zero-length IVs should be considered problematic…) |
Yeah, that seems like a bug. I'd expect a zero-sized IV to throw an 'invalid IV length' exception. |
Ah... /* OpenSSL versions up to 0.9.8l failed to return the correct
iv_length (0) for ECB ciphers */
if (EVP_CIPHER_iv_length(cipher_) != iv_len &&
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) &&
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE) && iv_len > 0) {
return env()->ThrowError("Invalid IV length");
} Guess we need to fix something there. |
Turns out that yes, the logic is faulty - there is a misplaced ) in there: diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 7ad6ece..5a89780 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -3261,7 +3261,7 @@ void CipherBase::InitIv(const char* cipher_type,
iv_length (0) for ECB ciphers */
if (EVP_CIPHER_iv_length(cipher_) != iv_len &&
!(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) &&
- !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE) && iv_len > 0) {
+ !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE && iv_len > 0)) {
return env()->ThrowError("Invalid IV length");
}
For posterity, openssl interprets "des" as DES-CBC, not DES-ECB. |
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: nodejs#9032 Refs: nodejs#6376 Refs: nodejs#9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: #9032 Refs: #6376 Refs: #9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: #9032 Refs: #6376 Refs: #9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: nodejs#9032 Refs: nodejs#6376 Refs: nodejs#9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: #9032 Refs: #6376 Refs: #9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM ciphers to have a longer IV length") from April 2016 where a misplaced parenthesis in a 'is ECB cipher?' check made it possible to use empty IVs with non-ECB ciphers. Also fix some exit bugs in test/parallel/test-crypto-authenticated.js that were introduced in commit 4a40832 ("test: cleanup IIFE tests") where removing the IFFEs made the test exit prematurely instead of just skipping subtests. PR-URL: #9032 Refs: #6376 Refs: #9024 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Hello,
I have an issue with the standard crypto package in node js.
The output do not always return the correct answer when using the DES algorithm.
Exemple :
result :
[iteration:0] key=0131517010204061 + data=1daae21c126127e4 => 959f39b6951d75e6
[iteration:1] key=0131517010204061 + data=1daae21c126127e4 => 959f39b6951d75e6
[iteration:2] key=0131517010204061 + data=1daae21c126127e4 => 959f39b6951d75e6
[iteration:3] key=0131517010204061 + data=1daae21c126127e4 => 959f39b6951d75e6
[iteration:4] key=0131517010204061 + data=1daae21c126127e4 => a3201c51a48d3df8
[iteration:5] key=0131517010204061 + data=1daae21c126127e4 => 959f39b6951d75e6
[iteration:6] key=0131517010204061 + data=1daae21c126127e4 => a3201c51a48d3df8
[iteration:7] key=0131517010204061 + data=1daae21c126127e4 => 7971aa42de5e626b
[iteration:8] key=0131517010204061 + data=1daae21c126127e4 => b37129ad8d2b91be
[iteration:9] key=0131517010204061 + data=1daae21c126127e4 => 959f39b6951d75e6
The text was updated successfully, but these errors were encountered: