Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: do not allow multiple calls to setAuthTag #22931

Closed

Conversation

tniessen
Copy link
Member

Calling setAuthTag multiple times can result in hard to detect bugs since to the user, it is unclear which invocation actually affected OpenSSL. It also doesn't make sense to call the function multiple times since setAuthTag / getAuthTag is not a getter/setter pair.

cc @addaleax due to #22828 (comment), @nodejs/crypto, @nodejs/security-wg, @nodejs/tsc

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

Calling setAuthTag multiple times can result in hard to detect bugs
since to the user, it is unclear which invocation actually affected
OpenSSL.
@tniessen tniessen added the semver-major PRs that contain breaking changes and should be released in the next major version. label Sep 18, 2018
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Sep 18, 2018
@tniessen tniessen added this to the 11.0.0 milestone Sep 18, 2018
@tniessen
Copy link
Member Author

tniessen commented Sep 18, 2018

@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 19, 2018
@tniessen
Copy link
Member Author

CI is green. Last chance for @nodejs/security-wg, @nodejs/crypto or @nodejs/tsc to weigh in.

@tniessen
Copy link
Member Author

Landed in 058c5b8, thanks for reviewing.

@tniessen tniessen closed this Sep 21, 2018
tniessen added a commit that referenced this pull request Sep 21, 2018
Calling setAuthTag multiple times can result in hard to detect bugs
since to the user, it is unclear which invocation actually affected
OpenSSL.

PR-URL: #22931
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
@tniessen tniessen removed the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jan 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. semver-major PRs that contain breaking changes and should be released in the next major version.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants