crypto: fix crash in CCM mode without data (!38102) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/tniessen/crypto-fix-crash-ccm-without-data into master Apr 05, 2021

OpenSSL requires calling the update function exactly once in CCM mode, and EVP_CTRL_AEAD_GET_TAG will fail if that doesn't happen. We do protect against calling the update function too many times, but calling it zero times isn't really a valid use case, so we never checked that.

Fixes: https://github.com/nodejs/node/issues/38035

Admin message

Admin message

crypto: fix crash in CCM mode without data

Merge request reports