crypto: warn on invalid authentication tag length (!17566) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/tniessen/warn-auth-tag-length into master Dec 09, 2017

From NIST SP 800-38d, page 9:

The bit length of the tag, denoted t, is a security parameter [...]. In general, t may be any one of the following five values: 128, 120, 112, 104, or 96. For certain applications, t may be 64 or 32 [...].

An implementation shall not support values for t that are different from the seven choices in the preceding paragraph. An implementation may restrict its support to as few as one of these values.

Ultimately, we should throw an error in this case, but as that is a semver-major change (as explained in https://github.com/nodejs/node/issues/17523#issuecomment-350085946), this PR logs a warning. If we decide to land this, I will open a separate PR with the semver-major change.

Refs https://github.com/nodejs/node/issues/17523

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Affected core subsystem(s)

crypto

Admin message

Admin message

crypto: warn on invalid authentication tag length

Checklist

Affected core subsystem(s)

Merge request reports