crypto: move DEP0182 to End-of-Life

This commit moves support for implicitly short GCM authentication tags
to End-of-Life status, thus requiring applications to explicitly specify
the `authTagLength` for authentication tags shorter than 128 bits.

There is quite a bit of refactoring to be done in the C++ source code.
This commit does not do that; instead, it implements a minimal change
only in order to avoid excessive divergence across git branches due to
this being a semver-major change.

Fixes: #52327
Refs: #17523

Author: tniessen

doc/api/crypto.md

@@ -925,6 +925,11 @@ When passing a string as the `buffer`, please consider
 <!-- YAML
 added: v1.0.0
 changes:
+  - version: REPLACEME
+    pr-url: ???
+    description: Using GCM tag lengths other than 128 bits without specifying
+                 the `authTagLength` option when creating `decipher` is not
+                 allowed anymore.
   - version:
     - v22.0.0
     - v20.13.0

doc/api/deprecations.md

@@ -3992,6 +3992,9 @@ Please use the [`crypto.createHmac()`][] method to create Hmac instances.
 
 <!-- YAML
 changes:
+  - version: REPLACEME
+    pr-url: ???
+    description: End-of-Life.
   - version: v23.0.0
     pr-url: https://github.com/nodejs/node/pull/52552
     description: Runtime deprecation.
@@ -4006,9 +4009,10 @@ Applications that intend to use authentication tags that are shorter than the
 default authentication tag length must set the `authTagLength` option of the
 [`crypto.createDecipheriv()`][] function to the appropriate length.
 
-For ciphers in GCM mode, the [`decipher.setAuthTag()`][] function accepts
-authentication tags of any valid length (see [DEP0090](#DEP0090)). This behavior
-is deprecated to better align with recommendations per [NIST SP 800-38D][].
+For ciphers in GCM mode, the [`decipher.setAuthTag()`][] function used to accept
+authentication tags of any valid length (see also [DEP0090](#DEP0090)). This
+permissive behavior has been removed to better align with recommendations per
+[NIST SP 800-38D][].
 
 ### DEP0183: OpenSSL engine-based APIs
 

src/crypto/crypto_cipher.cc

@@ -554,23 +554,14 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
     is_valid = cipher->auth_tag_len_ == tag_len;
   }
 
-  if (!is_valid) {
+  // TODO(tniessen): refactor this check.
+  if (!is_valid ||
+      (cipher->ctx_.isGcmMode() && cipher->auth_tag_len_ == kNoAuthTagLength &&
+       tag_len != EVP_GCM_TLS_TAG_LEN)) {
     return THROW_ERR_CRYPTO_INVALID_AUTH_TAG(
       env, "Invalid authentication tag length: %u", tag_len);
   }
 
-  if (cipher->ctx_.isGcmMode() && cipher->auth_tag_len_ == kNoAuthTagLength &&
-      tag_len != EVP_GCM_TLS_TAG_LEN && env->EmitProcessEnvWarning()) {
-    if (ProcessEmitDeprecationWarning(
-            env,
-            "Using AES-GCM authentication tags of less than 128 bits without "
-            "specifying the authTagLength option when initializing decryption "
-            "is deprecated.",
-            "DEP0182")
-            .IsNothing())
-      return;
-  }
-
   cipher->auth_tag_len_ = tag_len;
   CHECK_LE(cipher->auth_tag_len_, ncrypto::Cipher::MAX_AUTH_TAG_LENGTH);
 

test/parallel/test-crypto-gcm-implicit-short-tag.js

@@ -3,18 +3,16 @@ const common = require('../common');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
+const assert = require('assert');
 const { createDecipheriv, randomBytes } = require('crypto');
 
-common.expectWarning({
-  DeprecationWarning: [
-    ['Using AES-GCM authentication tags of less than 128 bits without ' +
-     'specifying the authTagLength option when initializing decryption is ' +
-     'deprecated.',
-     'DEP0182'],
-  ]
-});
-
 const key = randomBytes(32);
 const iv = randomBytes(16);
-const tag = randomBytes(12);
-createDecipheriv('aes-256-gcm', key, iv).setAuthTag(tag);
+for (let tagLength = 0; tagLength < 16; tagLength++) {
+  const tag = randomBytes(tagLength);
+  assert.throws(() => {
+    createDecipheriv('aes-256-gcm', key, iv).setAuthTag(tag);
+  }, {
+    message: `Invalid authentication tag length: ${tagLength}`,
+  });
+}