doc: improve CCM example by tniessen · Pull Request #27396 · nodejs/node
Applications should never attempt to use the deciphered message if authentication fails. In reality, this is usually not a problem since OpenSSL does not disclose the plaintext in this case, but it is still a design mistake and can lead to critical security problems in other cipher modes and implementations.
added
crypto
labels
Apr 24, 2019
danbev
added
the
author ready
label
Apr 30, 2019
tniessen
removed
the
author ready
label
May 6, 2019tniessen added a commit that referenced this pull request
May 6, 2019
Applications should never attempt to use the deciphered message if authentication fails. In reality, this is usually not a problem since OpenSSL does not disclose the plaintext in this case, but it is still a design mistake and can lead to critical security problems in other cipher modes and implementations. PR-URL: #27396 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com>
targos pushed a commit that referenced this pull request
May 9, 2019
Applications should never attempt to use the deciphered message if authentication fails. In reality, this is usually not a problem since OpenSSL does not disclose the plaintext in this case, but it is still a design mistake and can lead to critical security problems in other cipher modes and implementations. PR-URL: #27396 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters