mirrors/nodejs
mirrors/nodejs
0
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Code Issues Releases Activity
6ebdb69472
nodejs/doc/api
History
David Benjamin 6ebdb69472
crypto: fix Node_SignFinal 
PR #11705 switched Node away from using using OpenSSL's legacy EVP_Sign*
and EVP_Verify* APIs. Instead, it computes a hash normally via
EVP_Digest* and then uses EVP_PKEY_sign and EVP_PKEY_verify to verify
the hash directly. This change corrects two problems:

1. The documentation still recommends the signature algorithm EVP_MD
   names of OpenSSL's legacy APIs. OpenSSL has since moved away from
   thosee, which is why ECDSA was strangely inconsistent. (This is why
   "ecdsa-with-SHA256" was missing.)

2. Node_SignFinal copied some code from EVP_SignFinal's internals. This
   is problematic for OpenSSL 1.1.0 and is missing a critical check
   that prevents pkey->pkey.ptr from being cast to the wrong type.

To resolve this, remove the non-EVP_PKEY_sign codepath. This codepath is
no longer necessary. PR #11705's verify half was already assuming all
EVP_PKEYs supported EVP_PKEY_sign and EVP_PKEY_verify. Also, in the
documentation, point users towards using hash function names which are
more consisent. This avoids an ECDSA special-case and some strangeness
around RSA-PSS ("RSA-SHA256" is the OpenSSL name of the
sha256WithRSAEncryption OID which is not used for RSA-PSS).

PR-URL: https://github.com/nodejs/node/pull/15024
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2017-09-11 00:18:02 -03:00
..
_toc.md doc: add ESM doc to _toc.md and all.md 2017-09-08 06:34:47 +03:00
addons.md test,doc: make module name match gyp target name 2017-09-10 00:15:49 +03:00
all.md doc: add ESM doc to _toc.md and all.md 2017-09-08 06:34:47 +03:00
assert.md assert: use SameValueZero in deepStrictEqual 2017-09-05 08:15:33 -03:00
async_hooks.md
buffer.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
child_process.md doc,lib,src,test: strip executable bits off files 2017-09-01 10:09:41 -07:00
cli.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
cluster.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
console.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
crypto.md crypto: fix Node_SignFinal 2017-09-11 00:18:02 -03:00
debugger.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
deprecations.md intl: unexpose Intl.v8BreakIterator 2017-09-10 22:00:25 +02:00
dgram.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
dns.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
documentation.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
domain.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
errors.md doc: fix Error property markdown level 2017-09-09 16:44:58 -03:00
esm.md module: Allow runMain to be ESM 2017-09-07 15:18:32 -05:00
events.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
fs.md fs: add fs.copyFile{Sync} 2017-09-08 00:08:04 -04:00
globals.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
http2.md doc: readFileSync instead of fs.readFileSync 2017-09-01 17:14:21 -04:00
http.md net: multiple listen() events fail silently 2017-09-04 12:41:54 +02:00
https.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
index.md
inspector.md
intl.md doc: environmental->environment & NodeJS->Node.js 2017-08-24 15:17:29 -07:00
modules.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
n-api.md n-api: implement napi_run_script 2017-09-10 02:13:29 +03:00
net.md net: multiple listen() events fail silently 2017-09-04 12:41:54 +02:00
os.md src: add support to pass flags to dlopen 2017-09-08 17:14:03 -04:00
path.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
perf_hooks.md doc,lib,src,test: strip executable bits off files 2017-09-01 10:09:41 -07:00
process.md src: add support to pass flags to dlopen 2017-09-08 17:14:03 -04:00
punycode.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
querystring.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
readline.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
repl.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
stream.md doc: document bytes to chars after setEncoding 2017-09-07 23:22:12 -03:00
string_decoder.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
synopsis.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
timers.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
tls.md tls: multiple PFX in createSecureContext 2017-09-07 21:48:46 -03:00
tracing.md
tty.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
url.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
util.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
v8.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
vm.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00
zlib.md doc: add links to alternative versions of doc 2017-08-28 11:17:08 +02:00