crypto: move DEP0182 to runtime deprecation

tniessen · tniessen · commit 4584a10eaa86 · 2024-04-16T08:01:41.000Z
This introduces a runtime deprecation for using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. This behavior has been doc-only deprecated since 8f61b65. Refs: nodejs#52327 Refs: nodejs#52345
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
@@ -3078,10 +3078,9 @@ and initialization vector (`iv`).
 The `options` argument controls stream behavior and is optional except when a
 cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the
 `authTagLength` option is required and specifies the length of the
-authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength`
-option is not required but can be used to restrict accepted authentication tags
-to those with the specified length.
-For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
+authentication tag in bytes, see [CCM mode][].
+For AES-GCM and `chacha20-poly1305`, the `authTagLength` option defaults to 16
+bytes and must be set to a different value if a different length is used.
 
 The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
 recent OpenSSL releases, `openssl list -cipher-algorithms` will
diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md
@@ -3623,15 +3623,18 @@ Please use the [`crypto.createHmac()`][] method to create Hmac instances.
 
 <!-- YAML
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/52551
+    description: Runtime deprecation.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/52345
     description: Documentation-only deprecation.
 -->
 
-Type: Documentation-only (supports [`--pending-deprecation`][])
+Type: Runtime
 
 Applications that intend to use authentication tags that are shorter than the
-default authentication tag length should set the `authTagLength` option of the
+default authentication tag length must set the `authTagLength` option of the
 [`crypto.createDecipheriv()`][] function to the appropriate length.
 
 For ciphers in GCM mode, the [`decipher.setAuthTag()`][] function accepts
diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
@@ -698,8 +698,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
   }
 
   if (mode == EVP_CIPH_GCM_MODE && cipher->auth_tag_len_ == kNoAuthTagLength &&
-      tag_len != 16 && env->options()->pending_deprecation &&
-      env->EmitProcessEnvWarning()) {
+      tag_len != 16 && env->EmitProcessEnvWarning()) {
     if (ProcessEmitDeprecationWarning(
             env,
             "Using AES-GCM authentication tags of less than 128 bits without "
diff --git a/test/parallel/test-crypto-gcm-implicit-short-tag.js b/test/parallel/test-crypto-gcm-implicit-short-tag.js
@@ -1,4 +1,3 @@
-// Flags: --pending-deprecation
 'use strict';
 const common = require('../common');
 if (!common.hasCrypto)

Original file line number	Diff line number	Diff line change
`@@ -698,8 +698,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {`
`698`	`698`	`}`
`699`	`699`
`700`	`700`	`if (mode == EVP_CIPH_GCM_MODE && cipher->auth_tag_len_ == kNoAuthTagLength &&`
`701`		`- tag_len != 16 && env->options()->pending_deprecation &&`
`702`		`- env->EmitProcessEnvWarning()) {`
	`701`	`+ tag_len != 16 && env->EmitProcessEnvWarning()) {`
`703`	`702`	`if (ProcessEmitDeprecationWarning(`
`704`	`703`	`env,`
`705`	`704`	`"Using AES-GCM authentication tags of less than 128 bits without "`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-// Flags: --pending-deprecation`
`2`	`1`	`'use strict';`
`3`	`2`	`const common = require('../common');`
`4`	`3`	`if (!common.hasCrypto)`