crypto: warn if counter mode used in createCipher (!13821) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/shigeki/ctr_warn into master Jun 20, 2017

crypto.createCipher() sets the fixed IV derived from password and it leads to a security risk of nonce reuse when counter mode is used. A warning is emitted when CTR, GCM or CCM is used in crypto.createCipher() to notify users to avoid nonce reuse.

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Affected core subsystem(s)

crypto

Fixes: #13801 (closed)

CC @bnoordhuis, @indutny

Admin message

Admin message

crypto: warn if counter mode used in createCipher

Checklist

Affected core subsystem(s)

Merge request reports