Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: improve CCM example #27396

Closed
wants to merge 2 commits into from

Conversation

@tniessen
Copy link
Member

commented Apr 24, 2019

Applications should never attempt to use the deciphered message if authentication fails. In reality, this is usually not a problem since OpenSSL does not disclose the plaintext in this case, but it is still a design mistake and can lead to critical security problems in other cipher modes and implementations.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • documentation is changed or added
  • commit message follows commit guidelines
doc: improve CCM example
Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.
@nodejs-github-bot

This comment has been minimized.

@bnoordhuis
Copy link
Member

left a comment

I agree the example can be improved but doing too much work inside the try block isn't something we should promote in our docs. I would have written it like this:

let ex;
try {
  deciper.final();
} catch (err) {
  ex = err;
}

if (ex)
  console.error('Authentication failed.');
else
  console.log(receivedPlaintext);

Or:

let ok = false;
try {
  decipher.final();
  ok = true;
} catch (err) {
  console.error('Authentication failed.');
}

if (ok) console.log(receivedPlaintext);
@tniessen

This comment has been minimized.

Copy link
Member Author

commented Apr 25, 2019

@bnoordhuis I agree that doing it in the try block is not the best way to do it. However, I believe there is a slightly simpler way. How about using process.exit or return? Or setting receivedPlaintext to undefined on error?

doc/api/crypto.md Show resolved Hide resolved
@bnoordhuis

This comment has been minimized.

Copy link
Member

commented Apr 25, 2019

How about using process.exit or return? Or setting receivedPlaintext to undefined on error?

Sounds good.

@danbev danbev added the author ready label Apr 30, 2019

@Trott
Trott approved these changes Apr 30, 2019
@tniessen

This comment has been minimized.

Copy link
Member Author

commented May 6, 2019

Landed in 153c101, thanks for reviewing!

@tniessen tniessen closed this May 6, 2019

@tniessen tniessen removed the author ready label May 6, 2019

tniessen added a commit that referenced this pull request May 6, 2019
doc: improve CCM example
Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.

PR-URL: #27396
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
targos added a commit that referenced this pull request May 9, 2019
doc: improve CCM example
Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.

PR-URL: #27396
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@BridgeAR BridgeAR referenced this pull request May 21, 2019
4 of 4 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.