crypto: fix auth tag length error when mode != GCM (!42383) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/tniessen/fix-auth-tag-length-message-not-gcm into master Mar 17, 2022

The error message currently says that the authentication tag is invalid, while really the authentication tag length is invalid. This is particularly confusing when encrypting a message since no authentication tag exists at all until the operation is finalized. This change uses the same message for non-GCM ciphers that is used for GCM ciphers already.

Example:

crypto.createCipheriv('chacha20-poly1305', Buffer.alloc(32), Buffer.alloc(12), {
  authTagLength: 17
})

Before:

Uncaught TypeError: Invalid authentication tag
    at Cipheriv.createCipherBase (node:internal/crypto/cipher:116:19)
    at Cipheriv.createCipherWithIV (node:internal/crypto/cipher:135:3)
    at new Cipheriv (node:internal/crypto/cipher:243:3)
    at Object.createCipheriv (node:crypto:138:10) {
  code: 'ERR_CRYPTO_INVALID_AUTH_TAG'
}

With this change:

Uncaught TypeError: Invalid authentication tag length: 17
    at Cipheriv.createCipherBase (node:internal/crypto/cipher:116:19)
    at Cipheriv.createCipherWithIV (node:internal/crypto/cipher:135:3)
    at new Cipheriv (node:internal/crypto/cipher:243:3)
    at Object.createCipheriv (node:crypto:141:10) {
  code: 'ERR_CRYPTO_INVALID_AUTH_TAG'
}

Admin message

Admin message

crypto: fix auth tag length error when mode != GCM

Merge request reports