Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: do not allow multiple calls to setAuthTag #22931

Closed
wants to merge 1 commit into from
Closed

crypto: do not allow multiple calls to setAuthTag #22931

wants to merge 1 commit into from

Conversation

tniessen
Copy link
Member

Calling setAuthTag multiple times can result in hard to detect bugs since to the user, it is unclear which invocation actually affected OpenSSL. It also doesn't make sense to call the function multiple times since setAuthTag / getAuthTag is not a getter/setter pair.

cc @addaleax due to #22828 (comment), @nodejs/crypto, @nodejs/security-wg, @nodejs/tsc

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@tniessen
crypto: do not allow multiple calls to setAuthTag
624fe9d 
Calling setAuthTag multiple times can result in hard to detect bugs
since to the user, it is unclear which invocation actually affected
OpenSSL.
@tniessen tniessen added the semver-major PRs that contain breaking changes and should be released in the next major version. label Sep 18, 2018
@nodejs-github-bot
Copy link
Collaborator

@tniessen build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/925/pipeline

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Sep 18, 2018
@tniessen tniessen added this to the 11.0.0 milestone Sep 18, 2018
@tniessen
Copy link
Member Author

tniessen commented Sep 18, 2018
edited
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/17303/
Windows rebuild: https://ci.nodejs.org/job/node-test-commit-windows-fanned/20858/

@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 19, 2018
@tniessen
Copy link
Member Author

CI is green. Last chance for @nodejs/security-wg, @nodejs/crypto or @nodejs/tsc to weigh in.

@tniessen
Copy link
Member Author

Landed in 058c5b8, thanks for reviewing.

@tniessen tniessen closed this Sep 21, 2018
tniessen added a commit that referenced this pull request Sep 21, 2018
@tniessen
crypto: do not allow multiple calls to setAuthTag
058c5b8 
Calling setAuthTag multiple times can result in hard to detect bugs
since to the user, it is unclear which invocation actually affected
OpenSSL.

PR-URL: #22931
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
@tniessen tniessen removed the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jan 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@addaleax addaleax addaleax approved these changes

@ryzokuken ryzokuken ryzokuken approved these changes

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. semver-major PRs that contain breaking changes and should be released in the next major version.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tniessen @nodejs-github-bot @jasnell @addaleax @ryzokuken