0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Commit Graph

131 Commits

Author SHA1 Message Date
James M Snell
9f74184e98 crypto: upgrade pbkdf2 without digest to an error
Commit a1163582 added a deprecation warning when pbkdf2 was called without an
explicit `digest` argument. This was because the default digest is `sha1`,
which is not-recommended from a security point of view. This upgrades it
to a runtime error when `digest` is undefined per the plan discussed in
the original issue.

Ref: a1163582c5

PR-URL: https://github.com/nodejs/node/pull/11305
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
2017-02-13 11:04:51 -08:00
James M Snell
5de3cf099c lib: add static identifier codes for all deprecations
Assigns a static identifier code to all runtime and documentation
only deprecations. The identifier code is included in the emitted
DeprecationWarning.

Also adds a deprecations.md to the API docs to provide a central
location where deprecation codes can be referenced and explained.

PR-URL: https://github.com/nodejs/node/pull/10116
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Michal Zasso <targos@protonmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
2017-01-30 11:11:57 -08:00
Jackson Tian
69674f4d3e lib: remove unnecessary parameter for assertCrypto()
The `exports` parameter is unnecessary.

PR-URL: https://github.com/nodejs/node/pull/10834
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <sam@strongloop.com>
2017-01-18 11:13:18 +08:00
Rich Trott
022b53c9de lib: refactor crypto cipher/hash/curve getters
* refactor internal util.filterDuplicateStrings() to eliminate unused
  code paths
* `.indexOf()` -> `.includes()` in test
* more concise arrow functions

PR-URL: https://github.com/nodejs/node/pull/10682
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michal Zasso <targos@protonmail.com>
2017-01-10 10:48:59 -08:00
Kirill Fomichev
6b86ecc007
crypto: return this in setAuthTag/setAAD
Allow method chaining as with setAutoPadding and other methods.

PR-URL: https://github.com/nodejs/node/pull/9398
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <sam@strongloop.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-11-20 01:16:26 +01:00
solebox
6f05de4d89
crypto: naming anonymous functions
Ref: https://github.com/nodejs/node/issues/8913
PR-URL: https://github.com/nodejs/node/pull/8993
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
2016-10-15 21:11:49 +02:00
not-an-aardvark
079acccb56 crypto: add crypto.timingSafeEqual()
Reinstate crypto.timingSafeEqual() which was reverted due to test
issues. The flaky test issues are resolved in this new changeset.

PR-URL: https://github.com/nodejs/node/pull/8304
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
2016-09-07 16:29:41 -07:00
atstojanov
a6f7b13d02
crypto: fix getDecoder() encoding check
Normalize the encoding in getDecoder() before using it. Fixes an
AssertionError: "Cannot change encoding" when encoding is "ucs2",
"ucs-2" or "utf-16le"

Fixes: https://github.com/nodejs/node/issues/8236
PR-URL: https://github.com/nodejs/node/pull/8301
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-09-04 18:39:43 +02:00
James M Snell
0764bc4711 Revert "crypto: add crypto.timingSafeEqual"
This reverts commit 0fc5e0dcd9.

Additional testing indicates that there may still be timing issues
with this implementation. Revert in order to give more time for
testing before this goes out into a release...

Refs: https://github.com/nodejs/node/pull/8040
Refs: https://github.com/nodejs/node/pull/8203
PR-URL: https://github.com/nodejs/node/pull/8225
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2016-08-23 10:52:32 -07:00
not-an-aardvark
0fc5e0dcd9 crypto: add crypto.timingSafeEqual
PR-URL: https://github.com/nodejs/node/pull/8040
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
2016-08-19 19:36:05 -07:00
James M Snell
6be73feaeb crypto,tls: perf improvements for crypto and tls getCiphers
Improve performance of crypto.getCiphers, getHashes, getCurves
and tls.getCiphers by consolidating filterDuplicates logic, adding
caching of output, and streamlining filterDuplicates implementation.

Benchmarks:

crypto.getCiphers n=1    v6.2.1 = 2559.3, new = 15890 ...... -83.89%
crypto.getCiphers n=5000 v6.2.1 = 3516.3, new = 24203000 ... -99.99%

tls.getCiphers    n=1    v6.2.1 = 3405.3, new = 14877 ...... -77.11%
tls.getCiphers    n=5000 v6.2.1 = 6074.4, new = 24202000 ... -99.97%

PR-URL: https://github.com/nodejs/node/pull/7225
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
2016-06-21 10:03:08 -07:00
James M Snell
dcccbfdc79 src: refactor require('constants')
The require('constants') module is currently undocumented and mashes
together unrelated constants. This refactors the require('constants')
in favor of distinct os.constants, fs.constants, and crypto.constants
that are specific to the modules for which they are relevant. The
next step is to document those within the specific modules.

PR-URL: https://github.com/nodejs/node/pull/6534
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com>
2016-05-17 11:05:18 -07:00
James M Snell
f293d0b0c8 lib: replace legacy uses of __defineGetter__
Minor clean up. There are still some places in core that use
the legacy __defineGetter__ syntax. This updates most of those.

PR-URL: https://github.com/nodejs/node/pull/6768
Reviewed-By: Rich Trott <rtrott@gmail.com>
2016-05-16 17:01:34 -07:00
Rich Trott
296bfd239c crypto: fix error in deprecation message
The deprecation message for `crypto.Credentials` says to use
`tls.createSecureContext` but the correct property to use is
`tls.SecureContext()`.

Fix the deprecation message and add a test that checks the mappings of
deprecated properties and their warning messages.

PR-URL: https://github.com/nodejs/node/pull/6344
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-04-28 10:57:49 -07:00
James M Snell
f429fe1b88 crypto: fail early when loading crypto without openssl
Fail early in require('crypto'), require('tls'),
require('https'), etc when crypto is not available
(rather than depending on an internal try/catch).

Add documentation for detecting when crypto is not available.

PR-URL: https://github.com/nodejs/node/pull/5611
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2016-03-23 10:34:40 -07:00
James M Snell
85ab4a5f12 buffer: add .from(), .alloc() and .allocUnsafe()
Several changes:

* Soft-Deprecate Buffer() constructors
* Add `Buffer.from()`, `Buffer.alloc()`, and `Buffer.allocUnsafe()`
* Add `--zero-fill-buffers` command line option
* Add byteOffset and length to `new Buffer(arrayBuffer)` constructor
* buffer.fill('') previously had no effect, now zero-fills
* Update the docs

PR-URL: https://github.com/nodejs/node/pull/4682
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
2016-03-16 08:34:02 -07:00
Alexander Makarenko
a37401e061 crypto: simplify Certificate class bindings
Replace Certificate C++ class with simple functions. Update
crypto.Certificate methods accordingly.

PR-URL: https://github.com/nodejs/node/pull/5382
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2016-03-05 12:29:46 +01:00
Fedor Indutny
b010c87164 crypto, string_bytes: treat buffer str as utf8
Do not treat crypto inputs as `binary` strings, convert them to Buffers
using `new Buffer(..., 'utf8')`, or using newly updated StringBytes
APIs.

PR-URL: https://github.com/nodejs/node/pull/5522
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
2016-03-02 21:25:04 +03:00
Stefan Budeanu
7c48cb5601 crypto: Improve control of FIPS mode
Default to FIPS off even in FIPS builds.
Add JS API to check and control FIPS mode.
Add command line arguments to force FIPS on/off.
Respect OPENSSL_CONF variable and read the config.
Add testing for new features.

Fixes: https://github.com/nodejs/node/issues/3819
PR-URL: https://github.com/nodejs/node/pull/5181
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com>
2016-02-25 15:06:41 -05:00
Tom Gallacher
a1163582c5 crypto: pbkdf2 deprecate digest overload.
As per #3292, this PR introduces a deprecation notice about removing
the 'default digest' overload which currently defaults to the soon
to be defunct SHA1 digest.

Instead it should be left up to the documentation and implementor to
suggest a suitable digest function.

Ref: https://github.com/nodejs/node/pull/3292
PR-URL: https://github.com/nodejs/node/pull/4047
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
2016-01-23 02:26:28 +09:00
micnic
20285ad177 lib: Consistent error messages in all modules
This commit fixes some error messages that are not consistent with
some general rules which most of the error messages follow.

PR-URL: https://github.com/nodejs/node/pull/3374
Reviewed-By: Roman Reiss <me@silverwind.io>
2015-11-09 20:08:36 +01:00
Brendan Ashworth
c70c7781e3 streams: refactor LazyTransform to internal/
This commit refactors LazyTransform from the crypto implementation
(lib/crypto.js) into an internal module (not publicy accessible) in
internal/streams/lazy_transform.js. This promotes a more modular core
design and removes code bloat in crypto, as LazyTransform didn't
specifically have anything to do with cryptography, but rather a fast
way to support two APIs on a stream.

PR-URL: https://github.com/nodejs/node/pull/2566
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
2015-09-14 19:58:04 -07:00
Sakthipriyan Vairamani
9cd44bb2b6 util: prepend '(node) ' to deprecation messages
Changes included in this commit are

   1. Making the deprecation messages consistent. The messages will be in
      the following format

           x is deprecated. Use y instead.

      If there is no alternative for `x`, then the ` Use y instead.` part
      will not be there in the message.

   2. All the internal deprecation messages are printed with the prefix
      `(node) `, except when the `--trace-deprecation` flag is set.

Fixes: https://github.com/nodejs/io.js/issues/1883
PR-URL: https://github.com/nodejs/io.js/pull/1892
Reviewed-By: Roman Reiss <me@silverwind.io>
2015-07-03 16:32:29 +02:00
Roman Reiss
fb8811d95e lib,test: fix whitespace issues
PR-URL: https://github.com/nodejs/io.js/pull/1971
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-15 16:37:37 +02:00
Roman Reiss
b5b8ff117c lib: don't use global Buffer
Port of https://github.com/joyent/node/pull/8603

The race condition present in the original PR didn't occur, so no
workaround was needed.

PR-URL: https://github.com/nodejs/io.js/pull/1794
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
2015-06-11 20:24:44 +02:00
Brian White
38d1afc24d crypto: add getCurves() to get supported ECs
PR-URL: https://github.com/nodejs/io.js/pull/1914
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-08 12:35:41 -04:00
Yosuke Furukawa
19ffb5cf1c lib: fix eslint styles
PR-URL: https://github.com/iojs/io.js/pull/1539
Fixes: https://github.com/iojs/io.js/issues/1253
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
2015-05-09 12:10:02 +09:00
Mayhem
1832743e18 lib: add missing new for errors lib/*.js
Not including `new` adds a useless frame and removes a potentially
useful frame.

PR-URL: https://github.com/iojs/io.js/pull/1246
Reviewed-By: Petka Antonov <petka_antonov@hotmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
2015-03-24 12:42:15 -07:00
Calvin Metcalf
6561274d23 crypto: support passwords in publicEncrypt
Private keys may be used along with publicEncrypt since the private key
includes the public one.  This adds the ability to use encrypted private
keys which previously threw an error.  This commit also makes sure the
user exposed functions have names.

PR-URL: https://github.com/iojs/io.js/pull/626
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-02-02 23:21:49 +01:00
cjihrig
6ac8bdc0ab lib: reduce util.is*() usage
Many of the util.is*() methods used to check data types
simply compare against a single value or the result of
typeof. This commit replaces calls to these methods with
equivalent checks. This commit does not touch calls to the
more complex methods (isRegExp(), isDate(), etc.).

Fixes: https://github.com/iojs/io.js/issues/607
PR-URL: https://github.com/iojs/io.js/pull/647
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-31 23:47:29 -05:00
Calvin Metcalf
90ddb46d52 crypto: remove use of this._readableState
Per #445 this removes a reference to this._readableState in hash._flush. It was
used to get the encoding on the readable side to pass to the writable side but
omitting it just causes the stream to handle the encoding issues.

PR-URL: https://github.com/iojs/io.js/pull/610
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
2015-01-28 17:20:54 +03:00
Fedor Indutny
87e62bd4c8 crypto: implement privateEncrypt/publicDecrypt
PR-URL: https://github.com/iojs/io.js/pull/625
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Fix iojs/io.js#477
2015-01-28 02:02:52 +03:00
Calvin Metcalf
e5e598060e lib,src: make pseudoRandomBytes alias randomBytes
Previously pseudoRandomBytes worked similarly to randomBytes but in the
event of insufficient entropy would silently return non-secure values.

As of f68a116, the entropy pool blocks if there is insufficient entropy
instead of giving an error so there is now no longer a case where
pseudoRandomBytes would act differently than randomBytes.

Docs are updated to remove pseudoRandomBytes and to clarify that
randomBytes now does block instead of erring when entropy is low.

PR-URL: https://github.com/iojs/io.js/pull/557
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-01-22 23:08:36 +01:00
cjihrig
804e7aa9ab lib: use const to define constants
This commit replaces a number of var statements throughout
the lib code with const statements.

PR-URL: https://github.com/iojs/io.js/pull/541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-21 16:21:31 -05:00
isaacs
3e1b1dd4a9 Remove excessive copyright/license boilerplate
The copyright and license notice is already in the LICENSE file.  There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
2015-01-12 15:30:28 -08:00
Calvin Metcalf
ce56dccb99 crypto: allow creation of GCM ciphers with createCipher
Sets the authenticated encryption specific methods ([set|get]AuthTag and setAAD)
on the Cipher prototype not just the Cipheriv prototype.

Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/joyent/node/pull/8711
2014-11-25 18:53:35 +03:00
Ben Noordhuis
21130c7d6f lib: turn on strict mode
Turn on strict mode for the files in the lib/ directory.  It helps
catch bugs and can have a positive effect on performance.

PR-URL: https://github.com/node-forward/node/pull/64
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-11-22 17:23:30 +01:00
Trevor Norris
1a4a189578 crypto: createDiffieHellman throw for bad args
Previously crypto.createDiffieHellman() would fail silently when a bad
argument was passed for prime/prime_length. Now throws TypeError.

Fixes: https://github.com/joyent/node/issues/8480
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
2014-10-08 15:38:46 -07:00
Fedor Indutny
6e453fad87 crypto: introduce ECDH 2014-08-29 00:27:09 +04:00
Fedor Indutny
6adf3ecebb crypto: allow padding in RSA methods
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
2014-08-27 00:24:57 +04:00
seishun
42bda05af8 crypto: add RSA encryption
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-08-11 22:00:34 +04:00
Nicholas Vavilov
5344d0c103 crypto, zlib: replace _binding with _handle
Also include whitespace fixes to appease jslint.

Signed-off-by: Trevor Norris <trev.norris@gmail.com>
2014-05-07 16:31:00 -07:00
Fedor Indutny
5d2aef17ee
crypto: move createCredentials to tls
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.

fix #7249
2014-03-29 12:01:43 +04:00
Timothy J Fontaine
b444392a98 Merge remote-tracking branch 'upstream/v0.10'
Conflicts:
	src/node.cc
	src/node.js
	test/message/max_tick_depth_trace.out
2014-03-10 16:50:00 -07:00
Fedor Indutny
f0d870501e crypto: do not lowercase cipher/hash names
`crypto.getCiphers()` and `crypto.getHashes()` should prefer lower-case
variants of names, but should not introduce them.

fix #7282
2014-03-11 01:08:43 +04:00
Brian White
31ce34887f crypto: allow setting add'l authenticated data 2014-03-04 12:42:03 +04:00
Maxwell Krohn
a22a2d8656 tls: stop NodeBIO::Gets from reading off end of buffer
NodeBIO::Gets was reading off the end of a buffer if it
didn't find a "\n" before the EOF.  This behavior
was causing X509 certificates passed to `https.Agent`
via the "ca" option to be silently discarded. It also
was causing improper parsing of certs and keys
passed to https.Agent, but those problems were worked
around in cdde9a3.

Backed out workaround in `lib/crypto.js` from ccde9a3,
which now isn't needed.  But keep the test introduced
in that commit, which tests properly for this
bug.

This bug was first introduced in a58f93f

Gist containing test code, bisection log, and notes:
   https://gist.github.com/maxtaco/9211605
2014-02-26 17:33:10 +04:00
Brian White
a226be4f76 crypto: allow custom generator for DiffieHellman 2014-02-18 15:49:23 +04:00
Ben Noordhuis
74d9aa49d5 crypto: support custom pbkdf2 digest methods
Make the HMAC digest method configurable.  Update crypto.pbkdf2() and
crypto.pbkdf2Sync() to take an extra, optional digest argument.

Before this commit, SHA-1 (admittedly the most common method) was used
exclusively.

Fixes #6553.
2014-01-22 15:58:07 +04:00
Fedor Indutny
cdde9a386a crypto: add newline to cert and key if not present
After one of OpenSSL updates we have stopped accepting PEM private keys
and certificates that doesn't end with a newline (`\n`) character.
Handle this regression in `crypto.js` to make less trouble to our users.

fix #6892
2014-01-22 02:42:04 +04:00