crypto: allow GCM ciphers to have longer IV length

GCM cipher IV length can be >=1 bytes.
When not the default 12 bytes (96 bits) sets the IV length using
`EVP_CIPHER_CTX_ctrl` with type `EVP_CTRL_GCM_SET_IVLEN`

PR-URL: #6376
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>

Author: mwain

src/node_crypto.cc

@@ -3028,12 +3028,24 @@ void CipherBase::InitIv(const char* cipher_type,
   /* OpenSSL versions up to 0.9.8l failed to return the correct
      iv_length (0) for ECB ciphers */
   if (EVP_CIPHER_iv_length(cipher_) != iv_len &&
-      !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0)) {
+      !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_ECB_MODE && iv_len == 0) &&
+      !(EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE) && iv_len > 0) {
     return env()->ThrowError("Invalid IV length");
   }
+
   EVP_CIPHER_CTX_init(&ctx_);
   const bool encrypt = (kind_ == kCipher);
   EVP_CipherInit_ex(&ctx_, cipher_, nullptr, nullptr, nullptr, encrypt);
+
+  /* Set IV length. Only required if GCM cipher and IV is not default iv. */
+  if (EVP_CIPHER_mode(cipher_) == EVP_CIPH_GCM_MODE &&
+      iv_len != EVP_CIPHER_iv_length(cipher_)) {
+    if (!EVP_CIPHER_CTX_ctrl(&ctx_, EVP_CTRL_GCM_SET_IVLEN, iv_len, nullptr)) {
+      EVP_CIPHER_CTX_cleanup(&ctx_);
+      return env()->ThrowError("Invalid IV length");
+    }
+  }
+
   if (!EVP_CIPHER_CTX_set_key_length(&ctx_, key_len)) {
     EVP_CIPHER_CTX_cleanup(&ctx_);
     return env()->ThrowError("Invalid key length");