Skip to content

crypto: do not allow multiple calls to setAuthTag#22931

Closed
tniessen wants to merge 1 commit intonodejs:masterfrom
tniessen:crypto-throw-multiple-setauthtag
Closed

crypto: do not allow multiple calls to setAuthTag#22931
tniessen wants to merge 1 commit intonodejs:masterfrom
tniessen:crypto-throw-multiple-setauthtag

Conversation

@tniessen
Copy link
Member

@tniessen tniessen commented Sep 18, 2018

Calling setAuthTag multiple times can result in hard to detect bugs since to the user, it is unclear which invocation actually affected OpenSSL. It also doesn't make sense to call the function multiple times since setAuthTag / getAuthTag is not a getter/setter pair.

cc @addaleax due to #22828 (comment), @nodejs/crypto, @nodejs/security-wg, @nodejs/tsc

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@tniessen
crypto: do not allow multiple calls to setAuthTag
624fe9d 
Calling setAuthTag multiple times can result in hard to detect bugs
since to the user, it is unclear which invocation actually affected
OpenSSL.
@tniessen tniessen added the semver-major PRs that contain breaking changes and should be released in the next major version. label Sep 18, 2018
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 18, 2018

@tniessen build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/925/pipeline

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Sep 18, 2018
@tniessen tniessen added this to the 11.0.0 milestone Sep 18, 2018
@tniessen
Copy link
Member Author

tniessen commented Sep 18, 2018
edited
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/17303/
Windows rebuild: https://ci.nodejs.org/job/node-test-commit-windows-fanned/20858/

@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 19, 2018
@tniessen
Copy link
Member Author

tniessen commented Sep 20, 2018

CI is green. Last chance for @nodejs/security-wg, @nodejs/crypto or @nodejs/tsc to weigh in.

@tniessen
Copy link
Member Author

tniessen commented Sep 21, 2018

Landed in 058c5b8, thanks for reviewing.

@tniessen tniessen closed this Sep 21, 2018
tniessen added a commit that referenced this pull request Sep 21, 2018
@tniessen
crypto: do not allow multiple calls to setAuthTag
058c5b8 
Calling setAuthTag multiple times can result in hard to detect bugs
since to the user, it is unclear which invocation actually affected
OpenSSL.

PR-URL: #22931
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
@tniessen tniessen removed the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jan 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

@addaleax addaleax addaleax approved these changes

+1 more reviewer

@ryzokuken ryzokuken ryzokuken approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. semver-major PRs that contain breaking changes and should be released in the next major version.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@tniessen @nodejs-github-bot @jasnell @addaleax @ryzokuken