@@ -2622,7 +2622,7 @@ void CipherBase::New(const FunctionCallbackInfo<Value>& args) {
26222622void CipherBase::Init (const char * cipher_type,
26232623 const char * key_buf,
26242624 int key_buf_len,
2625- int auth_tag_len) {
2625+ unsigned int auth_tag_len) {
26262626 HandleScope scope (env ()->isolate ());
26272627
26282628#ifdef NODE_FIPS_MODE
@@ -2693,10 +2693,16 @@ void CipherBase::Init(const FunctionCallbackInfo<Value>& args) {
26932693 const node::Utf8Value cipher_type (args.GetIsolate (), args[0 ]);
26942694 const char * key_buf = Buffer::Data (args[1 ]);
26952695 ssize_t key_buf_len = Buffer::Length (args[1 ]);
2696- CHECK (args[ 2 ]-> IsInt32 ());
2696+
26972697 // Don't assign to cipher->auth_tag_len_ directly; the value might not
26982698 // represent a valid length at this point.
2699- int auth_tag_len = args[2 ].As <v8::Int32>()->Value ();
2699+ unsigned int auth_tag_len;
2700+ if (args[2 ]->IsUint32 ()) {
2701+ auth_tag_len = args[2 ].As <v8::Uint32>()->Value ();
2702+ } else {
2703+ CHECK (args[2 ]->IsInt32 () && args[2 ].As <v8::Int32>()->Value () == -1 );
2704+ auth_tag_len = kNoAuthTagLength ;
2705+ }
27002706
27012707 cipher->Init (*cipher_type, key_buf, key_buf_len, auth_tag_len);
27022708}
@@ -2707,7 +2713,7 @@ void CipherBase::InitIv(const char* cipher_type,
27072713 int key_len,
27082714 const char * iv,
27092715 int iv_len,
2710- int auth_tag_len) {
2716+ unsigned int auth_tag_len) {
27112717 HandleScope scope (env ()->isolate ());
27122718
27132719 const EVP_CIPHER* const cipher = EVP_get_cipherbyname (cipher_type);
@@ -2781,10 +2787,16 @@ void CipherBase::InitIv(const FunctionCallbackInfo<Value>& args) {
27812787 iv_buf = Buffer::Data (args[2 ]);
27822788 iv_len = Buffer::Length (args[2 ]);
27832789 }
2784- CHECK (args[ 3 ]-> IsInt32 ());
2790+
27852791 // Don't assign to cipher->auth_tag_len_ directly; the value might not
27862792 // represent a valid length at this point.
2787- int auth_tag_len = args[3 ].As <v8::Int32>()->Value ();
2793+ unsigned int auth_tag_len;
2794+ if (args[3 ]->IsUint32 ()) {
2795+ auth_tag_len = args[3 ].As <v8::Uint32>()->Value ();
2796+ } else {
2797+ CHECK (args[3 ]->IsInt32 () && args[3 ].As <v8::Int32>()->Value () == -1 );
2798+ auth_tag_len = kNoAuthTagLength ;
2799+ }
27882800
27892801 cipher->InitIv (*cipher_type, key_buf, key_len, iv_buf, iv_len, auth_tag_len);
27902802}
@@ -2795,7 +2807,7 @@ static bool IsValidGCMTagLength(unsigned int tag_len) {
27952807}
27962808
27972809bool CipherBase::InitAuthenticated (const char *cipher_type, int iv_len,
2798- int auth_tag_len) {
2810+ unsigned int auth_tag_len) {
27992811 CHECK (IsAuthenticatedMode ());
28002812
28012813 if (!EVP_CIPHER_CTX_ctrl (ctx_, EVP_CTRL_AEAD_SET_IVLEN, iv_len, nullptr )) {
@@ -2805,7 +2817,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
28052817
28062818 const int mode = EVP_CIPHER_CTX_mode (ctx_);
28072819 if (mode == EVP_CIPH_CCM_MODE) {
2808- if (auth_tag_len < 0 ) {
2820+ if (auth_tag_len == kNoAuthTagLength ) {
28092821 char msg[128 ];
28102822 snprintf (msg, sizeof (msg), " authTagLength required for %s"
28112823 env ()->ThrowError (msg);
@@ -2840,7 +2852,7 @@ bool CipherBase::InitAuthenticated(const char *cipher_type, int iv_len,
28402852 } else {
28412853 CHECK_EQ (mode, EVP_CIPH_GCM_MODE);
28422854
2843- if (auth_tag_len >= 0 ) {
2855+ if (auth_tag_len != kNoAuthTagLength ) {
28442856 if (!IsValidGCMTagLength (auth_tag_len)) {
28452857 char msg[50 ];
28462858 snprintf (msg, sizeof (msg),
0 commit comments