From bf6f6326d1c46c0aca5935c061449c1692c7de1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Mon, 15 Apr 2024 21:57:32 +0000
Subject: [PATCH] crypto: move DEP0182 to runtime deprecation

This introduces a runtime deprecation for using GCM authentication tags
that are shorter than the cipher's block size, unless the user
specified the authTagLength option. This behavior has been doc-only
deprecated since 8f61b658de1e440839a076d3e5337193af960239.

Refs: https://github.com/nodejs/node/issues/52327
Refs: https://github.com/nodejs/node/pull/52345
---
 doc/api/crypto.md                                   | 7 +++----
 doc/api/deprecations.md                             | 7 +++++--
 src/crypto/crypto_cipher.cc                         | 3 +--
 test/parallel/test-crypto-gcm-implicit-short-tag.js | 1 -
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index 44a4e249759b3a..57ce4d08911722 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -3078,10 +3078,9 @@ and initialization vector (`iv`).
 The `options` argument controls stream behavior and is optional except when a
 cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the
 `authTagLength` option is required and specifies the length of the
-authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength`
-option is not required but can be used to restrict accepted authentication tags
-to those with the specified length.
-For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
+authentication tag in bytes, see [CCM mode][].
+For AES-GCM and `chacha20-poly1305`, the `authTagLength` option defaults to 16
+bytes and must be set to a different value if a different length is used.
 
 The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
 recent OpenSSL releases, `openssl list -cipher-algorithms` will
diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md
index 75e3468a9c9129..1846797cbd8cb4 100644
--- a/doc/api/deprecations.md
+++ b/doc/api/deprecations.md
@@ -3623,15 +3623,18 @@ Please use the [`crypto.createHmac()`][] method to create Hmac instances.
 
 <!-- YAML
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/52552
+    description: Runtime deprecation.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/52345
     description: Documentation-only deprecation.
 -->
 
-Type: Documentation-only (supports [`--pending-deprecation`][])
+Type: Runtime
 
 Applications that intend to use authentication tags that are shorter than the
-default authentication tag length should set the `authTagLength` option of the
+default authentication tag length must set the `authTagLength` option of the
 [`crypto.createDecipheriv()`][] function to the appropriate length.
 
 For ciphers in GCM mode, the [`decipher.setAuthTag()`][] function accepts
diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
index 94e2957cadec16..76a2d25709a1f7 100644
--- a/src/crypto/crypto_cipher.cc
+++ b/src/crypto/crypto_cipher.cc
@@ -698,8 +698,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
   }
 
   if (mode == EVP_CIPH_GCM_MODE && cipher->auth_tag_len_ == kNoAuthTagLength &&
-      tag_len != 16 && env->options()->pending_deprecation &&
-      env->EmitProcessEnvWarning()) {
+      tag_len != 16 && env->EmitProcessEnvWarning()) {
     if (ProcessEmitDeprecationWarning(
             env,
             "Using AES-GCM authentication tags of less than 128 bits without "
diff --git a/test/parallel/test-crypto-gcm-implicit-short-tag.js b/test/parallel/test-crypto-gcm-implicit-short-tag.js
index 0776506bb63523..79647f00857ee6 100644
--- a/test/parallel/test-crypto-gcm-implicit-short-tag.js
+++ b/test/parallel/test-crypto-gcm-implicit-short-tag.js
@@ -1,4 +1,3 @@
-// Flags: --pending-deprecation
 'use strict';
 const common = require('../common');
 if (!common.hasCrypto)