crypto: move DEP0182 to runtime deprecation

This introduces a runtime deprecation for using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. This behavior has been doc-only deprecated since 8f61b658de. Refs: https://github.com/nodejs/node/issues/52327 Refs: https://github.com/nodejs/node/pull/52345 PR-URL: https://github.com/nodejs/node/pull/52552 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
2025-08-15 13:48:44 +02:00 · 2024-04-23 16:38:06 +02:00 · 2024-04-23 16:38:06 +02:00 · ff826069a8
commit ff826069a8
parent 6f738b3a1a
4 changed files with 9 additions and 9 deletions
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@ -3078,10 +3078,9 @@ and initialization vector (`iv`).
 The `options` argument controls stream behavior and is optional except when a
 cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the
 `authTagLength` option is required and specifies the length of the
-authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength`
-option is not required but can be used to restrict accepted authentication tags
-to those with the specified length.
-For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
+authentication tag in bytes, see [CCM mode][].
+For AES-GCM and `chacha20-poly1305`, the `authTagLength` option defaults to 16
+bytes and must be set to a different value if a different length is used.

 The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
 recent OpenSSL releases, `openssl list -cipher-algorithms` will
--- a/doc/api/deprecations.md
+++ b/doc/api/deprecations.md
@ -3623,15 +3623,18 @@ Please use the [`crypto.createHmac()`][] method to create Hmac instances.

 <!-- YAML
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/52552
+    description: Runtime deprecation.
  - version: REPLACEME
    pr-url: https://github.com/nodejs/node/pull/52345
    description: Documentation-only deprecation.
 -->

-Type: Documentation-only (supports [`--pending-deprecation`][])
+Type: Runtime

 Applications that intend to use authentication tags that are shorter than the
-default authentication tag length should set the `authTagLength` option of the
+default authentication tag length must set the `authTagLength` option of the
 [`crypto.createDecipheriv()`][] function to the appropriate length.

 For ciphers in GCM mode, the [`decipher.setAuthTag()`][] function accepts
--- a/src/crypto/crypto_cipher.cc
+++ b/src/crypto/crypto_cipher.cc
@ -698,8 +698,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
  }

  if (mode == EVP_CIPH_GCM_MODE && cipher->auth_tag_len_ == kNoAuthTagLength &&
-      tag_len != 16 && env->options()->pending_deprecation &&
-      env->EmitProcessEnvWarning()) {
+      tag_len != 16 && env->EmitProcessEnvWarning()) {
    if (ProcessEmitDeprecationWarning(
            env,
            "Using AES-GCM authentication tags of less than 128 bits without "
--- a/test/parallel/test-crypto-gcm-implicit-short-tag.js
+++ b/test/parallel/test-crypto-gcm-implicit-short-tag.js
@ -1,4 +1,3 @@
-// Flags: --pending-deprecation
 'use strict';
 const common = require('../common');
 if (!common.hasCrypto)