diff options
author | Tobias Nießen <tniessen@tnie.de> | 2018-09-18 14:14:50 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2018-09-21 11:40:35 +0200 |
commit | 058c5b81cdbabe8989a194ba5d388f4c230f4af6 (patch) | |
tree | 0ddb8aebf76c79696c5af68d19d9cd9fb6f68d79 /src | |
parent | 56493bf1ebfab3ec102fe017f30fa4f81ba6a256 (diff) | |
download | android-node-v8-058c5b81cdbabe8989a194ba5d388f4c230f4af6.tar.gz android-node-v8-058c5b81cdbabe8989a194ba5d388f4c230f4af6.tar.bz2 android-node-v8-058c5b81cdbabe8989a194ba5d388f4c230f4af6.zip |
crypto: do not allow multiple calls to setAuthTag
Calling setAuthTag multiple times can result in hard to detect bugs
since to the user, it is unclear which invocation actually affected
OpenSSL.
PR-URL: https://github.com/nodejs/node/pull/22931
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/node_crypto.cc | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 47e0ba5349..4cf3ac5652 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2894,14 +2894,11 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) { if (!cipher->ctx_ || !cipher->IsAuthenticatedMode() || - cipher->kind_ != kDecipher) { + cipher->kind_ != kDecipher || + cipher->auth_tag_state_ != kAuthTagUnknown) { return args.GetReturnValue().Set(false); } - // TODO(tniessen): Throw if the authentication tag has already been set. - if (cipher->auth_tag_state_ == kAuthTagPassedToOpenSSL) - return args.GetReturnValue().Set(true); - unsigned int tag_len = Buffer::Length(args[0]); const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_.get()); bool is_valid; |