Skip to content

crypto: disable ciphers not supported by EVP#43532

Open
AdamMajer wants to merge 1 commit intonodejs:mainfrom
AdamMajer:cipher_blacklist
Open

crypto: disable ciphers not supported by EVP#43532
AdamMajer wants to merge 1 commit intonodejs:mainfrom
AdamMajer:cipher_blacklist

Conversation

@AdamMajer
Copy link
Contributor

@AdamMajer AdamMajer commented Jun 22, 2022

OpenSSL lists certain ciphers as not conforming with the standard
EVP AEAD interface and these ciphers should be avoided,

aes-128-cbc-hmac-sha1
aes-128-cbc-hmac-sha256
aes-256-cbc-hmac-sha1
aes-256-cbc-hmac-sha256

While experimenting with these, the cipher text produced by Node
for aes-128-cbc-hmac-sha1 does not differ from cipher text
produced by aes-128-cbc meaning that the HMAC is not automatically
taken into account. Since there is no facility to set the HMAC key
in Node, it's best to have these disabled when using crypto.Cipher
as all usage is wrong by definition.

Fixes: #43040
Reference: https://www.openssl.org/docs/man1.1.1/man3/EVP_aes_128_cbc_hmac_sha1.html

@AdamMajer
crypto: disable ciphers not supported by EVP
57f0194 
OpenSSL lists certain ciphers as not conforming with the standard
EVP AEAD interface and these ciphers should be avoided,

    aes-128-cbc-hmac-sha1
    aes-128-cbc-hmac-sha256
    aes-256-cbc-hmac-sha1
    aes-256-cbc-hmac-sha256

While experimenting with these, the cipher text produced by Node
for `aes-128-cbc-hmac-sha1` does not differ from cipher text
produced by `aes-128-cbc` meaning that the HMAC is not automatically
taken into account. Since there is no facility to set the HMAC key
in Node, it's best to have these disabled when using crypto.Cipher
as all usage is wrong by definition.

Fixes: nodejs#43040
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jun 22, 2022

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added crypto Issues and PRs related to the crypto subsystem. errors Issues and PRs related to JavaScript errors originated in Node.js core. needs-ci PRs that need a full CI run. labels Jun 22, 2022
bnoordhuis
bnoordhuis reviewed Jun 22, 2022
View reviewed changes
lib/internal/crypto/cipher.js
}

function createCipherBase(cipher, credential, options, decipher, iv) {
switch (cipher.toLowerCase()) {
Copy link
Member

@bnoordhuis bnoordhuis Jun 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a toLowerCase() function in lib/tls.js. It'd be better to move that to some shared file and use that because the prototype method is locale sensitive and vulnerable to prototype pollution.

@bnoordhuis
Copy link
Member

bnoordhuis commented Aug 3, 2023

@AdamMajer do you plan on updating this PR?

@AdamMajer
Copy link
Contributor Author

AdamMajer commented Aug 7, 2023 via email

@JonasDoe
Copy link

JonasDoe commented Jan 19, 2026

Hey, any updates on this? It seems rather important to avoid misuse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bnoordhuis bnoordhuis bnoordhuis left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

crypto Issues and PRs related to the crypto subsystem. errors Issues and PRs related to JavaScript errors originated in Node.js core. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AES-256-CBC-HMAC-SHA256 and similar ciphers are not recognized as authenticated ciphers

4 participants

@AdamMajer @nodejs-github-bot @bnoordhuis @JonasDoe