Skip to content

(v6.x backport) crypto: warn on invalid authentication tag length#18347

Closed
tniessen wants to merge 2 commits intonodejs:v6.x-stagingfrom
tniessen:backport-17566-to-v6.x
Closed

(v6.x backport) crypto: warn on invalid authentication tag length#18347
tniessen wants to merge 2 commits intonodejs:v6.x-stagingfrom
tniessen:backport-17566-to-v6.x

Conversation

@tniessen
Copy link
Member

@tniessen tniessen commented Jan 24, 2018

Manual backport of #17566 to v6.x.

@tniessen
test: use valid authentication tag length
9da580c 
Using authentication tags of invalid length does not conform to NIST
standards.

PR-URL: nodejs#17566
Refs: nodejs#17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@tniessen
crypto: warn on invalid authentication tag length
3d57549 
PR-URL: nodejs#17566
Refs: nodejs#17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. v6.x labels Jan 24, 2018
@tniessen tniessen mentioned this pull request Jan 24, 2018
Closed
4 tasks
@MylesBorins
Copy link
Contributor

MylesBorins commented Feb 5, 2018

CI: https://ci.nodejs.org/job/node-test-pull-request/12950/

@MylesBorins
Copy link
Contributor

MylesBorins commented Feb 7, 2018

So I'm thinking that this maybe should have been semver-minor on v9.x... as such we maybe shouldn't land this in v6.x or v8.x for now. It might make sense to revisit in a later semver-minor, but we had already disqualified minors from v6.4.0

@gibfahn should we back this out of v8.x?

@tniessen
Copy link
Member Author

tniessen commented Feb 7, 2018

@MylesBorins I don't have a strong opinion here, but this and #18376 are probably the only things we can do to prevent users from exposing themselves to inauthentic messages, so I would suggest to backport as soon as possible. cc @bnoordhuis

@MylesBorins
Copy link
Contributor

MylesBorins commented Feb 10, 2018
edited
Loading

landed in 076ca9f...7ed3e85

MylesBorins pushed a commit that referenced this pull request Feb 10, 2018
@tniessen @MylesBorins
test: use valid authentication tag length
21c2fab 
Using authentication tags of invalid length does not conform to NIST
standards.

Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this pull request Feb 10, 2018
@tniessen @MylesBorins
crypto: warn on invalid authentication tag length
7ed3e85 
Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this pull request Feb 11, 2018
@tniessen @MylesBorins
test: use valid authentication tag length
e1bd969 
Using authentication tags of invalid length does not conform to NIST
standards.

Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this pull request Feb 11, 2018
@tniessen @MylesBorins
crypto: warn on invalid authentication tag length
b661570 
Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this pull request Feb 12, 2018
@tniessen @MylesBorins
test: use valid authentication tag length
d28fae8 
Using authentication tags of invalid length does not conform to NIST
standards.

Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this pull request Feb 12, 2018
@tniessen @MylesBorins
crypto: warn on invalid authentication tag length
5bdb18e 
Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this pull request Feb 13, 2018
@tniessen @MylesBorins
test: use valid authentication tag length
734ce67 
Using authentication tags of invalid length does not conform to NIST
standards.

Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this pull request Feb 13, 2018
@tniessen @MylesBorins
crypto: warn on invalid authentication tag length
691cd5a 
Backport-PR-URL: #18347
PR-URL: #17566
Refs: #17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@MylesBorins MylesBorins

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tniessen @MylesBorins @nodejs-github-bot