Skip to content

crypto: fix crash in CCM mode without data#38102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tniessen wants to merge 2 commits into from
Closed

crypto: fix crash in CCM mode without data #38102

tniessen wants to merge 2 commits into from

Conversation

@tniessen
Copy link
Member

@tniessentniessen commented Apr 5, 2021

OpenSSL requires calling the update function exactly once in CCM mode, and EVP_CTRL_AEAD_GET_TAG will fail if that doesn't happen. We do protect against calling the update function too many times, but calling it zero times isn't really a valid use case, so we never checked that.

Fixes: #38035

@nodejs-github-botnodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Apr 5, 2021
@tniessentniessen removed the needs-ci PRs that need a full CI run. label Apr 6, 2021
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@jasnelljasnell added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 6, 2021
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@richardlau
Copy link
Member

richardlau commented Apr 7, 2021

We've only just enabled testing against a dynamically linked OpenSSL 3 (nodejs/build#2584). The parallel/test-crypto-keygen failure is being addressed by #38136 but the parallel/test-crypto-authenticated is new to this PR.

@tniessen
Copy link
MemberAuthor

tniessen commented Apr 7, 2021

@richardlau Right, seems like the error code needs to be conditional here as well... (I guess that also means that we cannot upgrade to OpenSSL 3 in a semver-minor release.)

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Apr 8, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/37303/

tniessen added a commit that referenced this pull request Apr 8, 2021
@tniessen
crypto: fix crash in CCM mode without data
dfe3f95
Fixes: #38035 PR-URL: #38102 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]>
@tniessen
Copy link
MemberAuthor

tniessen commented Apr 8, 2021

Landed in dfe3f95, thanks for reviewing.

@tniessentniessen closed this Apr 8, 2021
@BethGriggsBethGriggs mentioned this pull request Apr 12, 2021
Merged
@tniessentniessen deleted the crypto-fix-crash-ccm-without-data branch October 7, 2021 16:51
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnelljasnelljasnell approved these changes

@addaleaxaddaleaxaddaleax approved these changes

@cjihrigcjihrigcjihrig approved these changes

Assignees

No one assigned

Labels

author readyPRs that have at least one approval, no pending requests for changes, and a CI started.c++Issues and PRs that require attention from people who are familiar with C++.cryptoIssues and PRs related to the crypto subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"cipher.final()" results in an abort

7 participants

@tniessen@nodejs-github-bot@richardlau@jasnell@addaleax@cjihrig@targos