@@ -2629,7 +2629,7 @@ void CipherBase::New(const FunctionCallbackInfo<Value>& args) {
26292629void CipherBase::Init (const char * cipher_type,
26302630 const char * key_buf,
26312631 int key_buf_len,
2632- int auth_tag_len) {
2632+ unsigned int auth_tag_len) {
26332633 HandleScope scope (env ()->isolate ());
26342634
26352635#ifdef NODE_FIPS_MODE
@@ -2700,10 +2700,16 @@ void CipherBase::Init(const FunctionCallbackInfo<Value>& args) {
27002700 const node::Utf8Value cipher_type (args.GetIsolate (), args[0 ]);
27012701 const char * key_buf = Buffer::Data (args[1 ]);
27022702 ssize_t key_buf_len = Buffer::Length (args[1 ]);
2703- CHECK (args[ 2 ]-> IsInt32 ());
2703+
27042704 // Don't assign to cipher->auth_tag_len_ directly; the value might not
27052705 // represent a valid length at this point.
2706- int auth_tag_len = args[2 ].As <v8::Int32>()->Value ();
2706+ unsigned int auth_tag_len;
2707+ if (args[2 ]->IsUint32 ()) {
2708+ auth_tag_len = args[2 ].As <v8::Uint32>()->Value ();
2709+ } else {
2710+ CHECK (args[2 ]->IsInt32 () && args[2 ].As <v8::Int32>()->Value () == -1 );
2711+ auth_tag_len = kNoAuthTagLength ;
2712+ }
27072713
27082714 cipher->Init (*cipher_type, key_buf, key_buf_len, auth_tag_len);
27092715}
@@ -2714,7 +2720,7 @@ void CipherBase::InitIv(const char* cipher_type,
27142720 int key_len,
27152721 const char * iv,
27162722 int iv_len,
2717- int auth_tag_len) {
2723+ unsigned int auth_tag_len) {
27182724 HandleScope scope (env ()->isolate ());
27192725
27202726 const EVP_CIPHER* const cipher = EVP_get_cipherbyname (cipher_type);
@@ -2788,10 +2794,16 @@ void CipherBase::InitIv(const FunctionCallbackInfo<Value>& args) {
27882794 iv_buf = Buffer::Data (args[2 ]);
27892795 iv_len = Buffer::Length (args[2 ]);
27902796 }
2791- CHECK (args[ 3 ]-> IsInt32 ());
2797+
27922798 // Don't assign to cipher->auth_tag_len_ directly; the value might not
27932799 // represent a valid length at this point.
2794- int auth_tag_len = args[3 ].As <v8::Int32>()->Value ();
2800+ unsigned int auth_tag_len;
2801+ if (args[3 ]->IsUint32 ()) {
2802+ auth_tag_len = args[3 ].As <v8::Uint32>()->Value ();
2803+ } else {
2804+ CHECK (args[3 ]->IsInt32 () && args[3 ].As <v8::Int32>()->Value () == -1 );
2805+ auth_tag_len = kNoAuthTagLength ;
2806+ }
27952807
27962808 cipher->InitIv (*cipher_type, key_buf, key_len, iv_buf, iv_len, auth_tag_len);
27972809}
@@ -2802,7 +2814,7 @@ static bool IsValidGCMTagLength(unsigned int tag_len) {
28022814}
28032815
28042816bool CipherBase::InitAuthenticated (const char *cipher_type, int iv_len,
2805- int auth_tag_len) {
2817+ unsigned int auth_tag_len) {
28062818 CHECK (IsAuthenticatedMode ());
28072819
28082820 // TODO(tniessen) Use EVP_CTRL_AEAD_SET_IVLEN when migrating to OpenSSL 1.1.0
@@ -2815,7 +2827,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
28152827
28162828 const int mode = EVP_CIPHER_CTX_mode (ctx_);
28172829 if (mode == EVP_CIPH_CCM_MODE) {
2818- if (auth_tag_len < 0 ) {
2830+ if (auth_tag_len == kNoAuthTagLength ) {
28192831 char msg[128 ];
28202832 snprintf (msg, sizeof (msg), " authTagLength required for %s"
28212833 env ()->ThrowError (msg);
@@ -2850,7 +2862,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
28502862 } else {
28512863 CHECK_EQ (mode, EVP_CIPH_GCM_MODE);
28522864
2853- if (auth_tag_len >= 0 ) {
2865+ if (auth_tag_len != kNoAuthTagLength ) {
28542866 if (!IsValidGCMTagLength (auth_tag_len)) {
28552867 char msg[50 ];
28562868 snprintf (msg, sizeof (msg),
0 commit comments