Skip to content

crypto: forward auth tag to OpenSSL immediately #58547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

crypto: forward auth tag to OpenSSL immediately #58547

wants to merge 1 commit into from

Conversation

tniessen
Copy link
Member

@tniessen tniessen commented Jun 1, 2025
edited
Loading

This change simplifies the C++ AEAD implementation. Instead of storing the authentication tag when the user calls setAuthTag() and passing it to OpenSSL later in MaybePassAuthTagToOpenSSL(), the modified code forwards it to OpenSSL from within setAuthTag() already, removing the need to store it.

For clarity, I have also renamed the possible AuthTagState values to better reflect the actual state of the authentication tag.

I assume that we did not originally do this due to issues with some old versions of OpenSSL when reordering certain function calls, but even with the recent additions I made to the relevant test (namely, 1ef9923 and 53944c4), it seems to pass in both OpenSSL 3 and OpenSSL 1.1.1 with this simplification.

@tniessen
crypto: forward auth tag to OpenSSL immediately
bcc7996 
This change simplifies the AEAD implementation. Instead of storing the
authentication tag when the user calls `setAuthTag()` and passing it to
OpenSSL later in `MaybePassAuthTagToOpenSSL()`, the modified code
forwards it to OpenSSL from within `setAuthTag()` already, removing the
need to store it.

For clarity, I have also renamed the possible `AuthTagState` values to
better reflect the actual state of the authentication tag.

I assume that we did not originally do this due to issues with some
old versions of OpenSSL when reordering certain function calls, but even
with the recent additions I made to the relevant test (namely,
1ef9923 and
53944c4), it seems to pass in both
OpenSSL 3 and OpenSSL 1.1.1 with this simplification.
@tniessen tniessen added crypto Issues and PRs related to the crypto subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. labels Jun 1, 2025
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added the needs-ci PRs that need a full CI run. label Jun 1, 2025
@codecov Codecov
Copy link

codecov bot commented Jun 1, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 60.00000% with 4 lines in your changes missing coverage. Please review.

Project coverage is 90.22%. Comparing base (f497881) to head (bcc7996).
Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_cipher.cc 60.00% 1 Missing and 3 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #58547      +/-   ##
==========================================
- Coverage   90.23%   90.22%   -0.01%     
==========================================
  Files         635      635              
  Lines      187580   187557      -23     
  Branches    36860    36852       -8     
==========================================
- Hits       169265   169226      -39     
+ Misses      11101    11095       -6     
- Partials     7214     7236      +22
Files with missing lines Coverage Δ
src/crypto/crypto_cipher.h 60.00% <ø> (ø)
src/crypto/crypto_cipher.cc 76.86% <60.00%> (-0.17%) ⬇️

... and 26 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/67222/

@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jun 1, 2025
@tniessen tniessen added the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@panva panva panva approved these changes

@jasnell jasnell jasnell approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. commit-queue Add this label to land a pull request using GitHub Actions. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tniessen @nodejs-github-bot @panva @jasnell