crypto: do not allow multiple calls to setAuthTag (!22931) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/tniessen/crypto-throw-multiple-setauthtag into master Sep 18, 2018

Calling setAuthTag multiple times can result in hard to detect bugs since to the user, it is unclear which invocation actually affected OpenSSL. It also doesn't make sense to call the function multiple times since setAuthTag / getAuthTag is not a getter/setter pair.

cc @addaleax due to https://github.com/nodejs/node/pull/22828#discussion_r217304564, @nodejs/crypto, @nodejs/security-wg, @nodejs/tsc

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Admin message

Admin message

crypto: do not allow multiple calls to setAuthTag

Checklist

Merge request reports