Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: deprecate aliases for randomBytes #22519

Closed

Conversation

tniessen
Copy link
Member

@tniessen tniessen commented Aug 25, 2018

There are three aliases for crypto.randomBytes now, all of them are undocumented. I think we should strive to have as little undocumented API surface as possible, so the next logical step would be to either document or deprecate these aliases.

crypto.pseudoRandomBytes used to be a different function but became an alias for crypto.randomBytes in #557 (three years ago). It has been undocumented ever since and is rarely used within the ecosystem.

The other two aliases, crypto.rng and crypto.prng have never been documented as far as I can tell and their names are unintuitive for people who are not familiar with crypto and the concept of CSRNGs / CSPRNGs.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@tniessen tniessen added the semver-major PRs that contain breaking changes and should be released in the next major version. label Aug 25, 2018
@nodejs-github-bot nodejs-github-bot added the crypto Issues and PRs related to the crypto subsystem. label Aug 25, 2018
@tniessen
Copy link
Member Author

cc @nodejs/crypto @nodejs/security-wg

Deprecation was suggested back in #557 by the way.

@tniessen
Copy link
Member Author

tniessen commented Aug 25, 2018

@tniessen tniessen added the deprecations Issues and PRs related to deprecations. label Aug 25, 2018
Copy link
Contributor

@ryzokuken ryzokuken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Type: Runtime

In recent versions of Node.js, there is no difference between
[`crypto.randomBytes()`][] and `crypto.pseudoRandomBytes()`. The latter has been
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: has been -> is for consistency with the rest of the deprecation messages (with one exception that should also be changed but not in this PR).

@dougwilson

This comment has been minimized.

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mcollina
Copy link
Member

@dougwilson which module is that? why is it doing that check?

@targos targos requested a review from a team August 25, 2018 15:01
@dougwilson

This comment has been minimized.

@mcollina
Copy link
Member

@dougwilson I would release a new major version of that module, and drop support for Node < 4 (even Node < 6). However, you could still detect this without version checking via crypto.propertyIsEnumerable('pseudoRandomBytes'). It will tell you if the property is there and it has not been deprecated. Let me know if you would like to get a PR with this fix.

Note that when this land any user of random-bytes would see the warning.

@dougwilson

This comment has been minimized.

@mcollina
Copy link
Member

As for the warning, wouldn't the warning only occur on calling the method? The module doesn't call the method, just checks equality.

My bad.

@mcollina
Copy link
Member

As for that check, I can do that. I read through the docs on deprecate and it didn't say that was a method to detect, so if that's the official way to detect if something is deprecated, I can make a PR to add it to the docs and make a test to add to the Node.js test suite

I would say go for it.

@@ -234,5 +231,20 @@ Object.defineProperties(exports, {
configurable: false,
enumerable: true,
value: constants
},

// Aliases for randomBytes are deprecated.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add a comment:

// The ecosystem needs those to exists for backwards compatibility with
// ancient Node.js runtimes (0.10, 0.12).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added it. IMO this kind of makes it sound as if we couldn't remove these functions in the future though.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly, this is the sound of #22519 (comment) comment.

@tniessen
Copy link
Member Author

that point of the module is to provide that back-compat, so releasing a new major version without it is kind of pointless -- modules can just use Node.js API directly if they didn't need that. SO making that change doesn't make any sense.

@dougwilson Thanks for weighing in! Are you sure that people are still using that package for backcompatibility? The only Node.js releases which require this kind of check are from 2015 or even older and have long been EOL. Maybe people just want to use promises?

@dougwilson

This comment has been minimized.

@tniessen
Copy link
Member Author

Are you sure that people are still using that package for backcompatibility? The only Node.js releases which require this kind of check are from 2015 or even older and have long been EOL. Maybe people just want to use promises?

How can I make this determination?

@dougwilson I don't know. Your previous comment suggested that backcompatibility was the primary intention of people using the package, but I'd be surprised if that was true. There are barely any packages depending on random-bytes, so maybe the majority of downloads is caused by people using uid-safe?

It is cool that packages such as yours try to support "ancient" versions as @mcollina called them, but that shouldn't stand in the way of improving Node.js.

@dougwilson

This comment has been minimized.

@dougwilson

This comment has been minimized.

@tniessen
Copy link
Member Author

@dougwilson I am sorry for the misunderstanding, this was in no way directed at you! This was entirely based on #22519 (comment), which suggests that we cannot remove these functions.

lib/crypto.js Outdated
},

// Aliases for randomBytes are deprecated.
// The ecosystem needs those to exists for backwards compatibility with
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: exists -> exist?

tniessen added a commit to tniessen/node that referenced this pull request Aug 27, 2018
@tniessen tniessen force-pushed the crypto-deprecate-random-alias branch from 8a304fe to 86b7efd Compare August 27, 2018 13:06
@tniessen
Copy link
Member Author

Rebased, old HEAD was 8a304fe59a87cf8be7e0a804c860d017b91375ab.

@tniessen tniessen mentioned this pull request Aug 27, 2018
2 tasks
@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Aug 28, 2018
@tniessen
Copy link
Member Author

Landed in 221df22.

@tniessen tniessen closed this Aug 30, 2018
tniessen added a commit that referenced this pull request Aug 30, 2018
PR-URL: #22519
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@targos
Copy link
Member

targos commented Sep 1, 2018

This affects a module used by npm: https://github.com/npm/unique-slug
I have Node canary on my system and get a warning when I install git dependencies.

@tniessen
Copy link
Member Author

tniessen commented Sep 1, 2018

@targos I opened npm/unique-slug#6.

@tniessen tniessen removed the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 12, 2018
Trott pushed a commit to Trott/io.js that referenced this pull request Nov 25, 2018
Make `pseudoRandomBytes` and it's aliases `prng` and `rng`
configurable to allow monkey patching.

PR-URL: nodejs#24108
Refs: nodejs#22519
Refs: nodejs#23017
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request Nov 25, 2018
Make `pseudoRandomBytes` and it's aliases `prng` and `rng`
configurable to allow monkey patching.

PR-URL: #24108
Refs: #22519
Refs: #23017
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
rvagg pushed a commit that referenced this pull request Nov 28, 2018
Make `pseudoRandomBytes` and it's aliases `prng` and `rng`
configurable to allow monkey patching.

PR-URL: #24108
Refs: #22519
Refs: #23017
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@Trott
Copy link
Member

Trott commented Dec 29, 2018

The deprecation warning causes an npm test to fail, at least when run via our make test-npm task.

    # Subtest: tarball paths should update port if updating protocol
        not ok 1 - no error output
          ---
          found: >
            (node:51947) [DEP0115] DeprecationWarning: crypto.pseudoRandomBytes 
is
            deprecated.
          wanted: ''
          compare: ===
          at:
            line: 75
            column: 9
            file: test/tap/add-named-update-protocol-port.js
            type: global

Hopefully npm/unique-slug#6 can land soon, but if not, I wonder if we should document pseudoRandomBytes() as an alias for randomBytes() and move it back to doc-only deprecation.

We could also consider the Buffer constructor route and only produce a runtime warning on use outside of node_modules.

Updating the npm test somehow may also be an option, I suppose, although it's not obvious to me how in this case, as the whole point of this test is probably to check that there isn't stderr output on success.

@Trott Trott mentioned this pull request Dec 29, 2018
3 tasks
@tniessen
Copy link
Member Author

@Trott I think npm/unique-slug#6 should land even if we un-deprecate pseudoRandomBytes. It has been open for four months now...

I am +0.5 on the deprecation itself. I suggested documentation as an alternative, but I still prefer the deprecation.

@addaleax
Copy link
Member

Aliases are very cheap, and if this adds a deprecation warning to npm output in some cases, I’d prefer to undo the deprecation (or make it a --pending-deprecation-only thing)

@tniessen
Copy link
Member Author

I’d prefer to undo the deprecation (or make it a --pending-deprecation-only thing)

@addaleax I think you already did that in #23017 :)

@addaleax
Copy link
Member

@tniessen oh, ha 😄 Is there actually anything to do for us then? Does the npm test still fail without --pending-deprecation?

@Trott
Copy link
Member

Trott commented Dec 30, 2018

Does the npm test still fail without --pending-deprecation?

Oh, right, I have --pending-deprecation on by default. Let's try make test-npm without it...

Heh, the test still fails on master but not because of this. It's instead because it gets this warning:

npm WARN npm npm does not support Node.js v12.0.0-pre

The test in question is making sure that there are no warnings emitted. So as-is, I suppose it will always fail on master. Wonder if we should make it an expected failure in our wrapper or if the test itself should be updated to be tolerant about -pre releases. Or maybe there's a way to invoke npm such that it suppresses only that warning?]

EDIT: Will be solved by updating core's npm from 6.5.0-next to 6.5.0. So: There's no problem.

refack pushed a commit to refack/node that referenced this pull request Jan 14, 2019
Make `pseudoRandomBytes` and it's aliases `prng` and `rng`
configurable to allow monkey patching.

PR-URL: nodejs#24108
Refs: nodejs#22519
Refs: nodejs#23017
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto Issues and PRs related to the crypto subsystem. deprecations Issues and PRs related to deprecations. semver-major PRs that contain breaking changes and should be released in the next major version.
Projects
None yet
Development

Successfully merging this pull request may close these issues.