(v10.x backport) Backport 12 crypto commits #20706
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change allows users to restrict accepted GCM authentication tag lengths to a single value. PR-URL: nodejs#20039 Fixes: nodejs#17523 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yihong Wang <yh.wang@ibm.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit extracts the common code from the Cipher/Cipheriv and Decipher/Decipheriv constructors into a separate function to avoid code duplication. PR-URL: nodejs#20164 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This commit adds a function named addCipherPrototypeFunctions to avoid code duplication. PR-URL: nodejs#20164 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This commit renames rsaPublic and removes the rsaPrivate function as the code in these two functions are identical. PR-URL: nodejs#20164 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Currently the following compiler warnings are issued by clang:
../src/node_crypto.cc:2801:56:
warning: '&&' within '||' [-Wlogical-op-parentheses]
return tag_len == 4 || tag_len == 8 || tag_len >= 12 && tag_len <= 16;
~~ ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~
../src/node_crypto.cc:2801:56:
note: place parentheses around the '&&' expression to silence this
warning
return tag_len == 4 || tag_len == 8 || tag_len >= 12 && tag_len <= 16;
^
../src/node_crypto.cc:2925:51:
warning: '&&' within '||' [-Wlogical-op-parentheses]
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~
../src/node_crypto.cc:2925:51:
note: place parentheses around the '&&' expression to silence this
warning
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
^
This commit adds parenthesis around these expressions to silence the
warnings.
PR-URL: nodejs#20216
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit removes the usage of the deprectated crypto.DEFAULT_ENCODING. PR-URL: nodejs#20221 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: nodejs#20225 Refs: nodejs#20039 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: nodejs#20225 Refs: nodejs#20039 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The authTagLength option can now be used to produce GCM authentication tags with a specific length. PR-URL: nodejs#20235 Refs: nodejs#20039 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yihong Wang <yh.wang@ibm.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
For key wrapping algorithms, calling EVP_CipherUpdate() with null output could obtain the size for the ciphertext. Then use the returned size to allocate output buffer. Also add a test case to verify des3-wrap. Signed-off-by: Yihong Wang <yh.wang@ibm.com> PR-URL: nodejs#20370 Fixes: nodejs#19655 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Prefer custom smart pointers fitted to the OpenSSL data structures over more manual memory management and lots of `goto`s. PR-URL: nodejs#20238 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Add test cases for AES key wrapping and only detect output length in cipher case. The reason being is the returned output length is insufficient in AES key unwrapping case. PR-URL: nodejs#20587 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
nodejs-github-bot
added
c++
|
CI is running at https://ci.nodejs.org/job/node-test-commit/18453/ (Edit: all tests passed) |
addaleax
approved these changes
May 14, 2018
2 tasks
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
This commit extracts the common code from the Cipher/Cipheriv and Decipher/Decipheriv constructors into a separate function to avoid code duplication. Backport-PR-URL: #20706 PR-URL: #20164 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
This commit adds a function named addCipherPrototypeFunctions to avoid code duplication. Backport-PR-URL: #20706 PR-URL: #20164 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
This commit renames rsaPublic and removes the rsaPrivate function as the code in these two functions are identical. Backport-PR-URL: #20706 PR-URL: #20164 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
Currently the following compiler warnings are issued by clang:
../src/node_crypto.cc:2801:56:
warning: '&&' within '||' [-Wlogical-op-parentheses]
return tag_len == 4 || tag_len == 8 || tag_len >= 12 && tag_len <= 16;
~~ ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~
../src/node_crypto.cc:2801:56:
note: place parentheses around the '&&' expression to silence this
warning
return tag_len == 4 || tag_len == 8 || tag_len >= 12 && tag_len <= 16;
^
../src/node_crypto.cc:2925:51:
warning: '&&' within '||' [-Wlogical-op-parentheses]
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~
../src/node_crypto.cc:2925:51:
note: place parentheses around the '&&' expression to silence this
warning
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
^
This commit adds parenthesis around these expressions to silence the
warnings.
Backport-PR-URL: #20706
PR-URL: #20216
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
For key wrapping algorithms, calling EVP_CipherUpdate() with null output could obtain the size for the ciphertext. Then use the returned size to allocate output buffer. Also add a test case to verify des3-wrap. Signed-off-by: Yihong Wang <yh.wang@ibm.com> Backport-PR-URL: #20706 PR-URL: #20370 Fixes: #19655 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
addaleax
added a commit
that referenced
this pull request
May 14, 2018
Prefer custom smart pointers fitted to the OpenSSL data structures over more manual memory management and lots of `goto`s. Backport-PR-URL: #20706 PR-URL: #20238 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
Add test cases for AES key wrapping and only detect output length in cipher case. The reason being is the returned output length is insufficient in AES key unwrapping case. Backport-PR-URL: #20706 PR-URL: #20587 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
|
Landed in b6ea5df...cecec46, thank you a lot! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a manual backport of all commits listed in #20691. Full list of commits:
It would be great if @danbev, @yhwang, @addaleax could have a look at their respective commits (FYI, Anna's commit landed without conflicts).
Fixes: #20691