summaryrefslogtreecommitdiff
path: root/src/node_crypto.h
Commit message (Collapse)AuthorAgeFilesLines
* tls: pass in isolate with define string constant + style nitsJames M Snell2015-04-081-7/+7
| | | | | | | | Per the commit feedback, fix up style nits and pass in the isolate with the NODE_DEFINE_STRING_CONSTANT macro. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: https://github.com/joyent/node/pull/14383
* tls: command-line switch and envar cipher-list overrideJames M Snell2015-04-081-0/+42
| | | | | | | | | | | | | | | | | | Add command line switches and environment variables to override the default cipher suite in tls.js `--cipher-list` and `NODE_CIPHER_LIST` can be used to completely override the default cipher list with a given value. `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` can be used to reset the default cipher list back to a known legacy value shipped in prior Node.js releases A new `getLegacyCiphers` method on the tis module allows programmatic access to the old cipher list defaults. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: https://github.com/joyent/node/pull/14383
* Merge remote-tracking branch 'upstream/v0.10' into merge-0-10-into-0-12Julien Gilli2015-01-121-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: AUTHORS ChangeLog configure deps/uv/AUTHORS deps/uv/ChangeLog deps/uv/README.md deps/uv/config-unix.mk deps/uv/include/uv-private/uv-win.h deps/uv/include/uv.h deps/uv/src/unix/internal.h deps/uv/src/unix/kqueue.c deps/uv/src/unix/stream.c deps/uv/src/uv-common.c deps/uv/src/uv-common.h deps/uv/src/version.c deps/uv/src/win/poll.c deps/uv/test/test-osx-select.c deps/v8/src/debug-debugger.js deps/v8/src/isolate.cc deps/v8/src/isolate.h deps/v8/src/mirror-debugger.js doc/api/buffer.markdown doc/api/child_process.markdown doc/api/dns.markdown doc/api/tls.markdown doc/api/url.markdown lib/_stream_writable.js lib/assert.js lib/child_process.js lib/crypto.js lib/dgram.js lib/http.js lib/net.js lib/timers.js lib/tls.js src/node.cc src/node.h src/node.js src/node_crypto.cc src/node_version.h test/common.js test/simple/test-child-process-spawn-typeerror.js tools/certdata.txt
| * crypto: allow runtime opt in using SSLv2/SSLv3Timothy J Fontaine2014-10-151-0/+4
| | | | | | | | | | | | | | | | | | This change disables SSLv2/SSLv3 use by default, and introduces a command line flag to opt into using SSLv2/SSLv3. SSLv2 and SSLv3 are considered unsafe, and should only be used in situations where compatibility with other components is required and they cannot be upgrade to support newer forms of TLS.
| * crypto: improve memory usageAlexis Campailla2014-05-161-2/+12
| | | | | | | | | | | | | | | | | | ClientHelloParser used to contain an 18k buffer that was kept around for the life of the connection, even though it was not needed in many situations. I changed it to be deallocated when it's determined to be no longer needed. Signed-off-by: Fedor Indutny <fedor@indutny.com>
| * src: seed V8's random number generator at startupBen Noordhuis2014-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The default entropy source is /dev/urandom on UNIX platforms, which is okay but we can do better by seeding it from OpenSSL's entropy pool. On Windows we can certainly do better; on that platform, V8 seeds the random number generator using only the current system time. Fixes #6250. NB: This is a back-port of commit 7ac2391 from the master branch that for some reason never got back-ported to the v0.10 branch. The default on UNIX platforms in v0.10 is different and arguably worse than it is with master: if no entropy source is provided, V8 3.14 calls srandom() with a xor of the PID and the current time in microseconds. That means that on systems with a coarse system clock, the initial state of the PRNG may be easily guessable. The situation on Windows is even more dire because there the PRNG is seeded with only the current time... in milliseconds.
* | crypto: export externals to internal structsFedor Indutny2014-09-231-0/+4
| | | | | | | | Export External getters for a internal structs: SSL, SSL_CTX.
* | crypto: never store pointer to conn in SSL_CTXFedor Indutny2014-09-181-1/+1
| | | | | | | | | | | | | | | | | | SSL_CTX is shared between multiple connections and is not a right place to store per-connection data. fix #8348 Reviewed-By: Trevor Norris
* | tls, crypto: add DHE supportShigeki Ohtsu2014-08-291-0/+1
| | | | | | | | | | | | | | | | In case of an invalid DH parameter file, it is sliently discarded. To use auto DH parameter in a server and DHE key length check in a client, we need to wait for the next release of OpenSSL-1.0.2. Reviewed-By: Fedor Indutny <fedor@indutny.com>
* | crypto: introduce ECDHFedor Indutny2014-08-291-0/+38
| |
* | crypto: allow padding in RSA methodsFedor Indutny2014-08-271-0/+1
| | | | | | | | Reviewed-By: Trevor Norris <trevnorris@gmail.com>
* | crypto: add RSA encryptionseishun2014-08-111-0/+29
| | | | | | | | Reviewed-By: Fedor Indutny <fedor@indutny.com>
* | src: lint after OCSP commitsFedor Indutny2014-04-181-1/+1
| |
* | tls: support OCSP on client and serverFedor Indutny2014-04-181-1/+27
| |
* | src: update to v8 3.24 APIsFedor Indutny2014-03-131-5/+5
| |
* | crypto: allow setting add'l authenticated dataBrian White2014-03-041-0/+2
| |
* | src: remove `node_isolate` from sourceFedor Indutny2014-02-221-3/+3
| | | | | | | | fix #6899
* | crypto: allow custom generator for DiffieHellmanBrian White2014-02-181-2/+7
| |
* | crypto: make NewSessionDoneCb publicFedor Indutny2014-02-181-2/+1
| | | | | | | | | | Generic friend classes do not work well with old compiler versions (and MSVC).
* | tls: introduce asynchronous `newSession`Fedor Indutny2014-02-181-1/+7
| | | | | | | | fix #7105
* | async_wrap: add provider types/pass to constructorTrevor Norris2014-02-051-2/+2
| | | | | | | | | | | | | | These will be used to allow users to filter for which types of calls they wish their callbacks to run. Signed-off-by: Timothy J Fontaine <tjfontaine@gmail.com>
* | tls: more session configuration options, methodsFedor Indutny2014-02-051-0/+1
| | | | | | | | | | | | | | Introduce `ticketKeys` server option, `session` client option, `getSession()` and `getTLSTicket()` methods. fix #7032
* | crypto: throw only in direct C++ methodsFedor Indutny2014-01-221-40/+46
| | | | | | | | | | | | | | | | | | Do not throw in internal C++ methods, that clobbers logic and may lead to the situations, where both exception was thrown and the value was returned (via `args.GetReturnValue().Set()`). That doesn't play nicely with v8. fix #6912
* | lib: introduce `.setMaxSendFragment(size)`Fedor Indutny2014-01-201-0/+5
| | | | | | | | fix #6889
* | crypto: introduce .setEngine(engine, [flags])Fedor Indutny2014-01-051-0/+6
| |
* | Merge branch 'v0.10'Fedor Indutny2013-12-101-2/+1
|\ \ | |/ | | | | | | | | | | Conflicts: lib/tls.js src/node_crypto.cc src/node_crypto.h
| * tls: emit 'end' on .receivedShutdownFedor Indutny2013-12-101-1/+0
| | | | | | | | | | | | | | | | NOTE: Also removed `.receivedShutdown` method of `Connection` it wasn't documented anywhere, and was rewritten with `true` after receiving `close_notify`. fix #6638
* | crypto: support GCM authenticated encryption mode.Ingmar Runge2013-12-081-1/+13
| | | | | | | | | | | | | | This adds two new member functions getAuthTag and setAuthTag that are useful for AES-GCM encryption modes. Use getAuthTag after Cipheriv.final, transmit the tag along with the data and use Decipheriv.setAuthTag to have the encrypted data verified.
* | Merge branch 'v0.10'Fedor Indutny2013-12-021-0/+1
|\ \ | |/ | | | | | | | | Conflicts: src/node_crypto.cc src/node_crypto.h
| * tls: reset NPN callbacks after SNIFedor Indutny2013-12-021-0/+2
| | | | | | | | | | SNI callback selects a new SSL_CTX for the connection, which doesn't have NPN callbacks set up.
* | src: add comments about implicit dependenciesTrevor Norris2013-11-121-0/+5
| |
* | base-object: add BaseObjectTrevor Norris2013-11-121-68/+79
| | | | | | | | | | | | | | | | BaseObject is a class that just handles the Persistent handle attached to the class instance. This also removed WeakObject. Reordering the inheritance chain helps prevent unneeded calls on instances that don't call MakeCallback.
* | tls: add ECDH ciphers supportErik Dubbelboer2013-10-301-0/+1
| | | | | | | | Switch test fixtures to 1024 bit keys.
* | async-wrap: integrate with WeakObjectTrevor Norris2013-10-311-26/+18
| | | | | | | | | | Making WeakObject inherit from AsyncWrap allows us to peak into almost all the MakeCallback calls in Node internals.
* | src: don't use class specific Unwrap methodsTrevor Norris2013-10-291-6/+0
| | | | | | | | Instead use the template functions in util.h.
* | src: don't use WeakObject::UnwrapTrevor Norris2013-10-291-1/+1
| | | | | | | | Switch out to use UnwrapObject from util.h.
* | src: Remove unused refs to node_object_wrap.hScott Blomquist2013-10-291-1/+0
| | | | | | | | | | | | | | | | Turns out that we don't use node_object_wrap.h any more in core, and, with v8 3.21, it's breaking our Windows build. Removing refs to it everywhere (and adding node.h in one case where it was the only way node.h was being included), we have restored the Windows build.
* | src: accept passphrase when crypto signing with private keyThom Seddon2013-10-291-4/+5
| | | | | | | | | | | | | | | | | | | | Previous behaviour was to drop to an openssl prompt ("Enter PEM pass phrase:") when supplying a private key with a passphrase. This change adds a fourth, optional, paramter that will be used as the passphrase. To include this parameter in a backwards compatible way it was necessary to expose the previously undocumented (and unexposed) feature of being able to explitly setting the output encoding.
* | cpplint: disallow if one-linersFedor Indutny2013-10-171-5/+10
| |
* | cpplint: disallow comma-first in C++Fedor Indutny2013-10-171-32/+32
| |
* | crypto: add SPKAC supportJason Gerfen2013-10-161-0/+20
| | | | | | | | | | Implements new class 'Certificate' within crypto object for working with SPKAC's (signed public key & challenge) natively.
* | Revert "crypto: add SPKAC support"isaacs2013-10-151-20/+0
| | | | | | | | This reverts commit 7f66e44dc1e90e7abda2a9ed02d7e8163e1f6358.
* | crypto: add SPKAC supportJason Gerfen2013-10-131-0/+20
| | | | | | | | | | Implements new class 'Certificate' within crypto object for working with SPKAC's (signed public key & challenge) natively.
* | src: remove ObjectWrap dependency from coreBen Noordhuis2013-09-251-19/+43
| | | | | | | | | | | | | | | | Drop the ObjectWrap dependency in favor of an internal WeakObject class. Let's us stop worrying about API and ABI compatibility when making changes to the way node.js deals with weakly persistent handles internally.
* | src: seed V8's random number generator at startupBen Noordhuis2013-09-201-0/+1
| | | | | | | | | | | | | | | | | | | | The default entropy source is /dev/urandom on UNIX platforms, which is okay but we can do better by seeding it from OpenSSL's entropy pool. On Windows we can certainly do better; on that platform, V8 seeds the random number generator using only the current system time. Fixes #6250.
* | src: fix multi-base class ObjectWrap::Unwrap<T>()Ben Noordhuis2013-09-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix pointer unwrapping when T is a class with more than one base class. Before this commit, the wrapped void* pointer was cast directly to T* without going through ObjectWrap* first, possibly leading to a class instance pointer that points to the wrong vtable. This change required some cleanup in various files; some classes used private rather than public inheritance, others didn't derive from ObjectWrap at all... Fixes #6188.
* | src: add multi-context supportBen Noordhuis2013-09-061-19/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit makes it possible to use multiple V8 execution contexts within a single event loop. Put another way, handle and request wrap objects now "remember" the context they belong to and switch back to that context when the time comes to call into JS land. This could have been done in a quick and hacky way by calling v8::Object::GetCreationContext() on the wrap object right before making a callback but that leaves a fairly wide margin for bugs. Instead, we make the context explicit through a new Environment class that encapsulates everything (or almost everything) that belongs to the context. Variables that used to be a static or a global are now members of the aforementioned class. An additional benefit is that this approach should make it relatively straightforward to add full isolate support in due course. There is no JavaScript API yet but that will be added in the near future. This work was graciously sponsored by GitHub, Inc.
* | tls: socket.renegotiate(options, callback)Fedor Indutny2013-09-051-0/+1
| | | | | | | | | | | | | | This utility function allows renegotiaion of secure connection after establishing it. fix #2496
* | crypto: make root_cert_store variable externBen Noordhuis2013-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | Before this commit it was declared static (in a header file!), meaning it got duplicated in every file that includes it. A few duplicated pointers is not the end of the world but it introduces a lot of potential for confusion because root_cert_store in file A is not the root_cert_store in file B. Moral of the story: don't declare static variables in header files.
* | crypto: remove misleading commentBen Noordhuis2013-08-291-3/+2
| |
View Lorry Controller Status