From 4ccf5c03dc9ca52ce43f1eb369a449b375d8918e Mon Sep 17 00:00:00 2001
From: Ciro Spaciari <ciro.spaciari@gmail.com>
Date: Wed, 9 Apr 2025 16:50:08 -0700
Subject: [PATCH] fix(crypto) fix  `setAAD` undefined checks (#18905)

---
 .../bindings/node/crypto/JSCipherPrototype.cpp | 18 ++++++++++--------
 test/js/node/crypto/node-crypto.test.js        | 17 +++++++++++++++++
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/src/bun.js/bindings/node/crypto/JSCipherPrototype.cpp b/src/bun.js/bindings/node/crypto/JSCipherPrototype.cpp
index 79e4f85cc0..9ce33a4847 100644
--- a/src/bun.js/bindings/node/crypto/JSCipherPrototype.cpp
+++ b/src/bun.js/bindings/node/crypto/JSCipherPrototype.cpp
@@ -323,18 +323,20 @@ JSC_DEFINE_HOST_FUNCTION(jsCipherSetAAD, (JSC::JSGlobalObject * globalObject, JS
         encodingValue = optionsValue.get(globalObject, Identifier::fromString(vm, "encoding"_s));
         RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
 
-        V::validateString(scope, globalObject, encodingValue, "options.encoding"_s);
-        RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
+        if (!encodingValue.isUndefinedOrNull()) {
+            V::validateString(scope, globalObject, encodingValue, "options.encoding"_s);
+            RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
+        }
 
         JSValue plaintextLengthValue = optionsValue.get(globalObject, Identifier::fromString(vm, "plaintextLength"_s));
         RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
+        if (!plaintextLengthValue.isUndefinedOrNull()) {
+            std::optional<int32_t> maybePlaintextLength = plaintextLengthValue.tryGetAsInt32();
+            if (!maybePlaintextLength || *maybePlaintextLength < 0) {
+                return ERR::INVALID_ARG_VALUE(scope, globalObject, "options.plaintextLength"_s, plaintextLengthValue);
+            }
 
-        double plaintextLengthNumber = plaintextLengthValue.toNumber(globalObject);
-        RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
-
-        plaintextLength = JSC::toInt32(plaintextLengthNumber);
-        if (plaintextLengthNumber != plaintextLength) {
-            return ERR::INVALID_ARG_VALUE(scope, globalObject, "options.plaintextLength"_s, plaintextLengthValue);
+            plaintextLength = *maybePlaintextLength;
         }
     }
 
diff --git a/test/js/node/crypto/node-crypto.test.js b/test/js/node/crypto/node-crypto.test.js
index 7c7a80f244..5e0f2e1943 100644
--- a/test/js/node/crypto/node-crypto.test.js
+++ b/test/js/node/crypto/node-crypto.test.js
@@ -695,3 +695,20 @@ it("verifyError should not be on the prototype of DiffieHellman and DiffieHellma
   // DH_generate_parameters_ex
   expect(dhg.verifyError).toBe(8);
 });
+it("cipher.setAAD should not throw if encoding or plaintextLength is undefined #18700", () => {
+  const key = crypto.randomBytes(32);
+  const iv = crypto.randomBytes(16);
+  expect(() => {
+    const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+    cipher.setAAD("0123456789abcdef0123456789abcdef", {
+      encoding: undefined,
+    });
+  }).not.toThrow();
+
+  expect(() => {
+    const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+    cipher.setAAD("0123456789abcdef0123456789abcdef", {
+      plaintextLength: undefined,
+    });
+  }).not.toThrow();
+});