[Pkg-openssl-devel] Bug#768681: nodejs: FTBFS in jessie: tests failures

[William Bonnet]

Hi Kurt

> I think not returning which error occurred is actually intentional,
since you might
> leak that information and turn it into a padding oracle.

> But I'll check what the others thinks

Thanks for the feedback.

I have thought of the padding oracle attack, but since all others errors
have a distinct return code, having no return code would be close to
having the proper return code, since it can happen in only this case.

Well at least that's my understanding, and since i'm not a crypto guy
I'm really interested in the answer from the real experts :)

Kind regards,

-- 
William                             http://www.wbonnet.net

http://france.debian.net            Association Debian France
http://www.opencsw.org              Community SoftWare for Solaris