From 7d749eb939d4dd2a1bc10be70e7e46770b1878df Mon Sep 17 00:00:00 2001 From: Michael Scovetta Date: Wed, 25 Nov 2015 22:52:44 -0800 Subject: [PATCH] crypto: renamed addEntropy to addSystemEntropy, removed RAND_seed call The purpose of this patch is to allow Node applications to proactively add additional entropy (provided by the OS) to OpenSSL's pool. This is useful in environments where a running Node process can be cloned (e.g. VM snapshotting or live migration), resulting in a chance of the cloned process sharing an entropy pool with the original process. The new AddSystemEntropy function calls RAND_poll, which will add entropy using an OS-dependent method. Performance was evaluated at about 140k ops/sec, but this will vary by OS and hardware. The AddSystemEntropy function is bound to crypto.addSystemEntropy(). Usage: var crypto = require('crypto'); // Add entropy from system-supplied source crypto.addSystemEntropy(); --- doc/api/crypto.markdown | 4 ++-- lib/crypto.js | 4 ++-- src/node_crypto.cc | 22 +++++----------------- test/parallel/test-crypto-random.js | 18 ++++++++---------- 4 files changed, 17 insertions(+), 31 deletions(-) diff --git a/doc/api/crypto.markdown b/doc/api/crypto.markdown index 36ee2fa7941f1f..93b4db647f728d 100644 --- a/doc/api/crypto.markdown +++ b/doc/api/crypto.markdown @@ -731,12 +731,12 @@ one of or mix of following flags (defined in `constants` module): * `ENGINE_METHOD_ALL` * `ENGINE_METHOD_NONE` -## crypto.addEntropy() +## crypto.addSystemEntropy() Adds system-generated entropy to entropy pool. Usage: // sync - crypto.addEntropy(); + crypto.addSystemEntropy(); NOTE: This method calls the OpenSSL `RAND_poll` function, which in turn calls an OS-specific implementation (e.g. `/dev/urandom`, `CryptGenRandom`). diff --git a/lib/crypto.js b/lib/crypto.js index 5dacb4014f0bec..2797ad99b3030f 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -11,7 +11,7 @@ try { var getCiphers = binding.getCiphers; var getHashes = binding.getHashes; var getCurves = binding.getCurves; - var addEntropy = binding.addEntropy; + var addSystemEntropy = binding.addSystemEntropy; } catch (e) { throw new Error('Node.js is not compiled with openssl crypto support'); } @@ -622,7 +622,7 @@ exports.randomBytes = exports.pseudoRandomBytes = randomBytes; exports.rng = exports.prng = randomBytes; -exports.addEntropy = addEntropy; +exports.addSystemEntropy = addSystemEntropy; exports.getCiphers = function() { return filterDuplicates(getCiphers()); diff --git a/src/node_crypto.cc b/src/node_crypto.cc index ac478f5dd2fe55..aeb236008758d3 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -5354,22 +5354,10 @@ void GetCurves(const FunctionCallbackInfo& args) { } -void AddEntropy(const FunctionCallbackInfo& args) { - Environment* env = Environment::GetCurrent(args); - - if (args.Length() == 0) { - // Delegate entropy generation to OpenSSL, which will add - // entropy from system sources. - RAND_poll(); - return; - } - // Make sure we got a buffer from the user and use it to - // seed OpenSSL. - THROW_AND_RETURN_IF_NOT_BUFFER(args[0]); - Local buf_obj = args[0]->ToObject(); - const void* buf = Buffer::Data(buf_obj); - size_t buf_length = Buffer::Length(buf_obj); - RAND_seed(buf, buf_length); +void AddSystemEntropy(const FunctionCallbackInfo& args) { + // Delegate entropy generation to OpenSSL, which will add + // entropy from system sources. + RAND_poll(); } @@ -5667,7 +5655,7 @@ void InitCrypto(Local target, env->SetMethod(target, "getCiphers", GetCiphers); env->SetMethod(target, "getHashes", GetHashes); env->SetMethod(target, "getCurves", GetCurves); - env->SetMethod(target, "addEntropy", AddEntropy); + env->SetMethod(target, "addSystemEntropy", AddSystemEntropy); env->SetMethod(target, "publicEncrypt", PublicKeyCipher::Cipher