-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: fix aes crash when tag length too small #38914
Conversation
false, | ||
[ 'encrypt', 'decrypt' ]) | ||
.then((k) => { | ||
assert.rejects(async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function does not need the async
keyword, and using it hides whether the exception is throw
n synchronously or the Promise
is actually rejected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmmmm, Chrome rejects this situation in Promise
. So shall we do reject
or throw
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
window.crypto.subtle.decrypt({name: 'AES-GCM', iv: new Uint8Array(12)}, k, new Uint8Array(0));
> Promise {<pending>}
Uncaught (in promise) DOMException: The provided data is too small
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe that the behavior is correct, and the test works, but it isn't as strict as it could be. assert.rejects
is fine, but the async
weakens the test:
function fnThatThrows() { throw new Error(); }
async function fnThatRejects() { throw new Error(); }
// With 'async':
assert.rejects(async () => fnThatRejects()); // passes
assert.rejects(async () => fnThatThrows()); // passes, but should not!
// Now remove the 'async' keyword:
assert.rejects(() => fnThatRejects()); // passes
assert.rejects(() => fnThatThrows()); // fails as it should
So I'd simply remove the async
keyword from the function declaration :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've resolved it.
Landed in 7a9635b |
This doesn't land cleanly on v14.x-staging. |
Refs: #38883