Skip to content

(v6.x backport) crypto: warn on invalid authentication tag length #18347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

(v6.x backport) crypto: warn on invalid authentication tag length #18347

wants to merge 2 commits into from

Conversation

@tniessen
Copy link
Member

@tniessen tniessen commented Jan 24, 2018

Manual backport of #17566 to v6.x.

@tniessen
test: use valid authentication tag length
9da580c 
Using authentication tags of invalid length does not conform to NIST
standards.

PR-URL: nodejs#17566
Refs: nodejs#17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@tniessen
crypto: warn on invalid authentication tag length
3d57549 
PR-URL: nodejs#17566
Refs: nodejs#17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. v6.x labels Jan 24, 2018
@tniessen tniessen mentioned this pull request Jan 24, 2018
Closed
4 tasks
@MylesBorins
Copy link
Contributor

MylesBorins commented Feb 5, 2018

CI: https://ci.nodejs.org/job/node-test-pull-request/12950/

@MylesBorins
Copy link
Contributor

MylesBorins commented Feb 7, 2018

So I'm thinking that this maybe should have been semver-minor on v9.x... as such we maybe shouldn't land this in v6.x or v8.x for now. It might make sense to revisit in a later semver-minor, but we had already disqualified minors from v6.4.0

@gibfahn should we back this out of v8.x?

@tniessen
Copy link
Member Author

tniessen commented Feb 7, 2018

@MylesBorins I don't have a strong opinion here, but this and #18376 are probably the only things we can do to prevent users from exposing themselves to inauthentic messages, so I would suggest to backport as soon as possible. cc @bnoordhuis

@MylesBorins
Copy link
Contributor

MylesBorins commented Feb 10, 2018
edited
Loading

landed in 076ca9f...7ed3e85

MylesBorins pushed a commit that referenced this pull request Feb 10, 2018
@tniessen @MylesBorins
test: use valid authentication tag length
21c2fab 
Using authentication tags of invalid length does not conform to NIST
standards.

Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request Feb 10, 2018
@tniessen @MylesBorins
crypto: warn on invalid authentication tag length
7ed3e85 
Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request Feb 11, 2018
@tniessen @MylesBorins
test: use valid authentication tag length
e1bd969 
Using authentication tags of invalid length does not conform to NIST
standards.

Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request Feb 11, 2018
@tniessen @MylesBorins
crypto: warn on invalid authentication tag length
b661570 
Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request Feb 12, 2018
@tniessen @MylesBorins
test: use valid authentication tag length
d28fae8 
Using authentication tags of invalid length does not conform to NIST
standards.

Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request Feb 12, 2018
@tniessen @MylesBorins
crypto: warn on invalid authentication tag length
5bdb18e 
Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request Feb 13, 2018
@tniessen @MylesBorins
test: use valid authentication tag length
734ce67 
Using authentication tags of invalid length does not conform to NIST
standards.

Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
MylesBorins pushed a commit that referenced this pull request Feb 13, 2018
@tniessen @MylesBorins
crypto: warn on invalid authentication tag length
691cd5a 
Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@MylesBorins MylesBorins

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tniessen @MylesBorins @nodejs-github-bot