summaryrefslogtreecommitdiff
path: root/src/node_crypto.cc
Commit message (Collapse)AuthorAgeFilesLines
* src, test: fixup after v8 updateFedor Indutny2014-10-081-10/+4
| | | | | | | | | | | | | Because of behavior change of some V8 APIs (they mostly became more strict), following modules needed to be fixed: * crypto: duplicate prototype methods are not allowed anymore * contextify: some TryCatch trickery, the binding was using it incorrectly * util: maximum call stack error is now crashing in a different place Reviewed-By: Trevor Norris <trevnorris@gmail.com> PR-URL: https://github.com/joyent/node/pull/8476
* crypto: export externals to internal structsFedor Indutny2014-09-231-0/+32
| | | | Export External getters for a internal structs: SSL, SSL_CTX.
* crypto: never store pointer to conn in SSL_CTXFedor Indutny2014-09-181-21/+15
| | | | | | | | | SSL_CTX is shared between multiple connections and is not a right place to store per-connection data. fix #8348 Reviewed-By: Trevor Norris
* crypto: clarify RandomBytes() error msgMickael van der Beek2014-09-171-1/+1
| | | | Reviewed-by: Trevor Norris <trev.norris@gmail.com>
* tls: fix encoding in certificate-related functionsAdam Lippai2014-09-151-8/+15
| | | | | | | | | Strings are treated as UTF8 instead of one-byte strings when names are processed and when OpenSSL's ..._print functions are used. This commit fixes simple/test-tls-peer-certificate-encoding test. fix #8366
* crypto: use less memory for storing keysFedor Indutny2014-09-031-12/+3
| | | | | Use `BIO_new_mem_buf` where possible to reduce memory usage and initialization costs.
* crypto: unsigned value can't be negativeBrian White2014-09-021-2/+2
| | | | Reviewed-By: Fedor Indutny <fedor@indutny.com>
* crypto: avoid memory leakBrian White2014-09-021-1/+2
| | | | Reviewed-By: Fedor Indutny <fedor@indutny.com>
* tls, crypto: add DHE supportShigeki Ohtsu2014-08-291-0/+32
| | | | | | | | In case of an invalid DH parameter file, it is sliently discarded. To use auto DH parameter in a server and DHE key length check in a client, we need to wait for the next release of OpenSSL-1.0.2. Reviewed-By: Fedor Indutny <fedor@indutny.com>
* crypto: introduce ECDHFedor Indutny2014-08-291-0/+219
|
* crypto: allow padding in RSA methodsFedor Indutny2014-08-271-2/+7
| | | | Reviewed-By: Trevor Norris <trevnorris@gmail.com>
* crypto: fix memory leak in Connection::NewFedor Indutny2014-08-231-1/+0
| | | | | | | Do not create `SSL` instance twice, `SSL_new` is called from `SSLBase` constructor anyway. Reviewed-By: Fedor Indutny <fedor@indutny.com>
* crypto: add RSA encryptionseishun2014-08-111-0/+146
| | | | Reviewed-By: Fedor Indutny <fedor@indutny.com>
* Merge remote-tracking branch 'upstream/v0.10'Timothy J Fontaine2014-06-101-17/+17
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: AUTHORS ChangeLog deps/v8/src/api.cc deps/v8/src/unicode-inl.h deps/v8/src/unicode.h lib/_stream_readable.js lib/http.js src/cares_wrap.cc src/node.cc src/node_crypto.cc src/node_dtrace.cc src/node_file.cc src/node_stat_watcher.cc src/node_version.h src/process_wrap.cc src/string_bytes.cc src/string_bytes.h src/udp_wrap.cc src/util.h test/simple/test-buffer.js test/simple/test-stream2-compatibility.js
| * src: replace usage of String::Utf8ValueTimothy J Fontaine2014-06-061-15/+16
| | | | | | | | | | v8::String::Utf8Value previously could allow invalid surrogates when interpreting values.
| * crypto: improve memory usageAlexis Campailla2014-05-161-3/+7
| | | | | | | | | | | | | | | | | | ClientHelloParser used to contain an 18k buffer that was kept around for the life of the connection, even though it was not needed in many situations. I changed it to be deallocated when it's determined to be no longer needed. Signed-off-by: Fedor Indutny <fedor@indutny.com>
* | src: replace CONTAINER_OF with type-safe functionBen Noordhuis2014-05-301-10/+6
| | | | | | | | | | | | | | Replace the CONTAINER_OF macro with a template function that is as type-safe as a reinterpret_cast<> of an arbitrary pointer can be made. Signed-off-by: Fedor Indutny <fedor@indutny.com>
* | crypto: improve error messagesIngmar Runge2014-04-291-22/+21
| | | | | | | | | | | | | | | | | | | | | | | | 1) ThrowCryptoTypeErrors was not actually used for type-related errors. Removed it. 2) For AEAD modes, OpenSSL does not set any internal error information if Final does not complete suc- cessfully. Therefore, "TypeError:error:00000000:l ib(0):func(0):reason(0)" would be the error mess- age. Use a default message for these cases. Signed-off-by: Fedor Indutny <fedor@indutny.com>
* | crypto: fix a couple of VC++ warningsRasmus Christian Pedersen2014-04-291-2/+2
| | | | | | | | Signed-off-by: Fedor Indutny <fedor@indutny.com>
* | crypto: fix memory leak in CipherBase::FinalFedor Indutny2014-04-231-0/+1
| | | | | | | | | | | | fix #7497 Signed-off-by: Fedor Indutny <fedor@indutny.com>
* | crypto: work around OpenSSL oddnessFedor Indutny2014-04-221-5/+9
| | | | | | | | | | | | | | OpenSSL behaves oddly: on client `cert_chain` contains the `peer_certificate`, but on server it doesn't. Signed-off-by: Fedor Indutny <fedor@indutny.com>
* | src: lint after OCSP commitsFedor Indutny2014-04-181-2/+2
| |
* | tls: `getPeerCertificate(detailed)`Fedor Indutny2014-04-181-136/+246
| | | | | | | | | | Add `raw` property to certificate, add mode to output full certificate chain.
* | tls: support OCSP on client and serverFedor Indutny2014-04-181-6/+164
| |
* | node: add signature to SET_PROTOTYPE_METHODC. Scott Ananian2014-04-021-72/+72
| | | | | | | | | | | | | | | | | | | | This prevents segfaults when a native method is reassigned to a different object (which corrupts args.This()). When unwrapping, clients should use args.Holder() instead of args.This(). Closes #6690. Signed-off-by: Trevor Norris <trev.norris@gmail.com>
* | crypto: move `createCredentials` to tlsFedor Indutny2014-03-291-1/+1
| | | | | | | | | | | | | | | | Move `createCredentials` to `tls` module and rename it to `createSecureContext`. Make it use default values from `tls` module: `DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`. fix #7249
* | crypto: fix lintFedor Indutny2014-03-261-1/+3
| |
* | Merge remote-tracking branch 'origin/v0.10'Fedor Indutny2014-03-261-0/+37
|\ \ | |/ | | | | | | | | | | Conflicts: src/node.cc src/node_crypto.cc src/node_crypto.h
| * src: ensure that openssl's PRNG is fully seededBen Noordhuis2014-03-261-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG. The entropy pool starts out empty and needs to fill up before the PRNG can be used securely. OpenSSL normally fills the pool automatically but not when someone starts generating random numbers before the pool is full: in that case OpenSSL keeps lowering the entropy estimate to thwart attackers trying to guess the initial state of the PRNG. When that happens, we wait until enough entropy is available, something that normally should never take longer than a few milliseconds. Fixes #7338.
| * src: seed V8's random number generator at startupBen Noordhuis2014-03-261-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The default entropy source is /dev/urandom on UNIX platforms, which is okay but we can do better by seeding it from OpenSSL's entropy pool. On Windows we can certainly do better; on that platform, V8 seeds the random number generator using only the current system time. Fixes #6250. NB: This is a back-port of commit 7ac2391 from the master branch that for some reason never got back-ported to the v0.10 branch. The default on UNIX platforms in v0.10 is different and arguably worse than it is with master: if no entropy source is provided, V8 3.14 calls srandom() with a xor of the PID and the current time in microseconds. That means that on systems with a coarse system clock, the initial state of the PRNG may be easily guessable. The situation on Windows is even more dire because there the PRNG is seeded with only the current time... in milliseconds.
* | src: don't call DecodeWrite() on BuffersBen Noordhuis2014-03-161-28/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't call DecodeWrite() with a Buffer as its argument because it in turn calls StringBytes::Write() and that method expects a Local<String>. "Why then does that function take a Local<Value>?" I hear you ask. Good question but I don't have the answer. I added a CHECK for good measure and what do you know, all of a sudden a large number of crypto tests started failing. Calling DecodeWrite(BINARY) on a buffer is nonsensical anyway: if you want the contents of the buffer, just copy out the data, there is no need to decode it - and that's exactly what this commit does. Fixes a great many instances of the following run-time error in debug builds: FATAL ERROR: v8::String::Cast() Could not convert to string
* | src: update to v8 3.24 APIsFedor Indutny2014-03-131-29/+34
| |
* | crypto: allow setting add'l authenticated dataBrian White2014-03-041-0/+30
| |
* | crypto: fix CipherFinal return value checkBrian White2014-03-041-2/+2
| |
* | src: remove `node_isolate` from sourceFedor Indutny2014-02-221-266/+358
| | | | | | | | fix #6899
* | crypto: allow custom generator for DiffieHellmanBrian White2014-02-181-20/+63
| |
* | tls: introduce asynchronous `newSession`Fedor Indutny2014-02-181-0/+19
| | | | | | | | fix #7105
* | Merge remote-tracking branch 'upstream/v0.10'Timothy J Fontaine2014-02-081-8/+8
|\ \ | |/ | | | | | | | | | | | | | | | | | | Conflicts: deps/v8/src/preparser.cc deps/v8/src/win32-math.h doc/api/http.markdown src/node_buffer.h src/node_crypto.cc src/node_file.cc src/node_http_parser.cc
| * src: refactor buffer bounds checkingTimothy J Fontaine2014-02-081-4/+4
| | | | | | | | | | Consolidate buffer bounds checking logic into Buffer namespace and use it consistently throughout the source.
| * crypto: update root certificatesBen Noordhuis2014-02-041-1/+6
| | | | | | | | | | | | | | | | Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl and update src/node_crypto.cc to make use of the new format. Fixes #6013.
| * crypto: throw on SignFinal failureFedor Indutny2014-01-261-2/+11
| | | | | | | | fix #6963
* | async_wrap: add provider types/pass to constructorTrevor Norris2014-02-051-2/+2
| | | | | | | | | | | | | | These will be used to allow users to filter for which types of calls they wish their callbacks to run. Signed-off-by: Timothy J Fontaine <tjfontaine@gmail.com>
* | tls: more session configuration options, methodsFedor Indutny2014-02-051-1/+21
| | | | | | | | | | | | | | Introduce `ticketKeys` server option, `session` client option, `getSession()` and `getTLSTicket()` methods. fix #7032
* | node: register modules from DSO constructorsKeith M Wesolowski2014-01-271-2/+3
| | | | | | | | | | | | | | Built-in modules should be automatically registered, replacing the static module list. Add-on modules should also be automatically registered via DSO constructors. This improves flexibility in adding built-in modules and is also a prerequisite to pure-C addon modules.
* | crypto: clear error in GetPeerCertificateFedor Indutny2014-01-261-0/+3
| | | | | | | | fix #6945
* | crypto: remove duplicate ERR_load_crypto_strings()Yorkie2014-01-221-1/+0
| | | | | | | | | | | | ERR_load_crypto_strings() registers the error strings for all libcrypto functions, SSL_load_error_strings() does the same, but also registers the libssl error strings.
* | crypto: support custom pbkdf2 digest methodsBen Noordhuis2014-01-221-6/+36
| | | | | | | | | | | | | | | | | | | | Make the HMAC digest method configurable. Update crypto.pbkdf2() and crypto.pbkdf2Sync() to take an extra, optional digest argument. Before this commit, SHA-1 (admittedly the most common method) was used exclusively. Fixes #6553.
* | crypto: throw only in direct C++ methodsFedor Indutny2014-01-221-81/+112
| | | | | | | | | | | | | | | | | | Do not throw in internal C++ methods, that clobbers logic and may lead to the situations, where both exception was thrown and the value was returned (via `args.GetReturnValue().Set()`). That doesn't play nicely with v8. fix #6912
* | crypto: remove most of the `node_isolate` usesFedor Indutny2014-01-201-115/+116
| | | | | | | | | | | | All C++ code should be using `args.GetIsolate()` or `env->isolate()`. Using static `node_isolate` var limits possible future functionality (like multi-isolate support).
* | lib: introduce `.setMaxSendFragment(size)`Fedor Indutny2014-01-201-0/+19
| | | | | | | | fix #6889
View Lorry Controller Status