Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: fix crash in CCM mode without data #38102

Closed
wants to merge 2 commits into from
Closed

crypto: fix crash in CCM mode without data #38102

wants to merge 2 commits into from

Conversation

tniessen
Copy link
Member

@tniessen tniessen commented Apr 5, 2021

OpenSSL requires calling the update function exactly once in CCM mode, and EVP_CTRL_AEAD_GET_TAG will fail if that doesn't happen. We do protect against calling the update function too many times, but calling it zero times isn't really a valid use case, so we never checked that.

Fixes: #38035

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Apr 5, 2021
@tniessen tniessen removed the needs-ci PRs that need a full CI run. label Apr 6, 2021
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@jasnell jasnell added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 6, 2021
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@richardlau
Copy link
Member

We've only just enabled testing against a dynamically linked OpenSSL 3 (nodejs/build#2584). The parallel/test-crypto-keygen failure is being addressed by #38136 but the parallel/test-crypto-authenticated is new to this PR.

@tniessen
Copy link
Member Author

tniessen commented Apr 7, 2021

@richardlau Right, seems like the error code needs to be conditional here as well... (I guess that also means that we cannot upgrade to OpenSSL 3 in a semver-minor release.)

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/37303/

tniessen added a commit that referenced this pull request Apr 8, 2021
@tniessen
crypto: fix crash in CCM mode without data
dfe3f95 
Fixes: #38035

PR-URL: #38102
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
@tniessen
Copy link
Member Author

tniessen commented Apr 8, 2021

Landed in dfe3f95, thanks for reviewing.

@tniessen tniessen closed this Apr 8, 2021
@BethGriggs BethGriggs mentioned this pull request Apr 12, 2021
Merged
@tniessen tniessen deleted the crypto-fix-crash-ccm-without-data branch October 7, 2021 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cjihrig cjihrig cjihrig approved these changes

@addaleax addaleax addaleax approved these changes

@jasnell jasnell jasnell approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"cipher.final()" results in an abort
7 participants
@tniessen @nodejs-github-bot @richardlau @jasnell @addaleax @cjihrig @targos