Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: improve CCM example #27396

Closed
wants to merge 2 commits into from
Closed

doc: improve CCM example #27396

wants to merge 2 commits into from

Conversation

tniessen
Copy link
Member

Applications should never attempt to use the deciphered message if authentication fails. In reality, this is usually not a problem since OpenSSL does not disclose the plaintext in this case, but it is still a design mistake and can lead to critical security problems in other cipher modes and implementations.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • documentation is changed or added
  • commit message follows commit guidelines

@tniessen
doc: improve CCM example
059255a 
Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.
@nodejs-github-bot
Copy link
Collaborator

Lite-CI: https://ci.nodejs.org/job/node-test-pull-request-lite-pipeline/3357

@nodejs-github-bot nodejs-github-bot added crypto Issues and PRs related to the crypto subsystem. doc Issues and PRs related to the documentations. labels Apr 24, 2019
bnoordhuis
bnoordhuis reviewed Apr 25, 2019
View reviewed changes
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree the example can be improved but doing too much work inside the try block isn't something we should promote in our docs. I would have written it like this:

let ex;
try {
  deciper.final();
} catch (err) {
  ex = err;
}

if (ex)
  console.error('Authentication failed.');
else
  console.log(receivedPlaintext);

Or:

let ok = false;
try {
  decipher.final();
  ok = true;
} catch (err) {
  console.error('Authentication failed.');
}

if (ok) console.log(receivedPlaintext);

@tniessen
Copy link
Member Author

@bnoordhuis I agree that doing it in the try block is not the best way to do it. However, I believe there is a slightly simpler way. How about using process.exit or return? Or setting receivedPlaintext to undefined on error?

sam-github
sam-github approved these changes Apr 25, 2019
View reviewed changes
doc/api/crypto.md Show resolved Hide resolved
@bnoordhuis
Copy link
Member

How about using process.exit or return? Or setting receivedPlaintext to undefined on error?

Sounds good.

@danbev danbev added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 30, 2019
@tniessen
Copy link
Member Author

tniessen commented May 6, 2019

Landed in 153c101, thanks for reviewing!

@tniessen tniessen closed this May 6, 2019
@tniessen tniessen removed the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 6, 2019
tniessen added a commit that referenced this pull request May 6, 2019
@tniessen
doc: improve CCM example
153c101 
Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.

PR-URL: #27396
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
targos pushed a commit that referenced this pull request May 9, 2019
@tniessen @targos
doc: improve CCM example
c0cdf30 
Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.

PR-URL: #27396
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@BridgeAR BridgeAR mentioned this pull request May 21, 2019
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sam-github sam-github sam-github approved these changes

@benjamingr benjamingr benjamingr approved these changes

@Trott Trott Trott approved these changes

@bnoordhuis bnoordhuis bnoordhuis approved these changes

Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. doc Issues and PRs related to the documentations.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@tniessen @nodejs-github-bot @bnoordhuis @sam-github @Trott @benjamingr @danbev