(v10.x backport) Backport 12 crypto commits#20706
Closed
tniessen wants to merge 12 commits intonodejs:v10.x-stagingfrom
Closed
(v10.x backport) Backport 12 crypto commits#20706tniessen wants to merge 12 commits intonodejs:v10.x-stagingfrom
tniessen wants to merge 12 commits intonodejs:v10.x-stagingfrom
Conversation
This change allows users to restrict accepted GCM authentication tag lengths to a single value. PR-URL: nodejs#20039 Fixes: nodejs#17523 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Yihong Wang <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
This commit extracts the common code from the Cipher/Cipheriv and Decipher/Decipheriv constructors into a separate function to avoid code duplication. PR-URL: nodejs#20164 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
This commit adds a function named addCipherPrototypeFunctions to avoid code duplication. PR-URL: nodejs#20164 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
This commit renames rsaPublic and removes the rsaPrivate function as the code in these two functions are identical. PR-URL: nodejs#20164 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
Currently the following compiler warnings are issued by clang:
../src/node_crypto.cc:2801:56:
warning: '&&' within '||' [-Wlogical-op-parentheses]
return tag_len == 4 || tag_len == 8 || tag_len >= 12 && tag_len <= 16;
~~ ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~
../src/node_crypto.cc:2801:56:
note: place parentheses around the '&&' expression to silence this
warning
return tag_len == 4 || tag_len == 8 || tag_len >= 12 && tag_len <= 16;
^
../src/node_crypto.cc:2925:51:
warning: '&&' within '||' [-Wlogical-op-parentheses]
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~
../src/node_crypto.cc:2925:51:
note: place parentheses around the '&&' expression to silence this
warning
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
^
This commit adds parenthesis around these expressions to silence the
warnings.
PR-URL: nodejs#20216
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
This commit removes the usage of the deprectated crypto.DEFAULT_ENCODING. PR-URL: nodejs#20221 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]>
PR-URL: nodejs#20225 Refs: nodejs#20039 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
PR-URL: nodejs#20225 Refs: nodejs#20039 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
The authTagLength option can now be used to produce GCM authentication tags with a specific length. PR-URL: nodejs#20235 Refs: nodejs#20039 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Yihong Wang <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
For key wrapping algorithms, calling EVP_CipherUpdate() with null output could obtain the size for the ciphertext. Then use the returned size to allocate output buffer. Also add a test case to verify des3-wrap. Signed-off-by: Yihong Wang <[email protected]> PR-URL: nodejs#20370 Fixes: nodejs#19655 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]>
Prefer custom smart pointers fitted to the OpenSSL data structures over more manual memory management and lots of `goto`s. PR-URL: nodejs#20238 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Tiancheng "Timothy" Gu <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]>
Add test cases for AES key wrapping and only detect output length in cipher case. The reason being is the returned output length is insufficient in AES key unwrapping case. PR-URL: nodejs#20587 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
nodejs-github-bot
added
c++
Member
Author
|
CI is running at https://ci.nodejs.org/job/node-test-commit/18453/ (Edit: all tests passed) |
addaleax
approved these changes
May 14, 2018
Member
addaleax
left a comment
addaleax
left a comment
There was a problem hiding this comment.
LGTM backport-wise – thank you!
2 tasks
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
This change allows users to restrict accepted GCM authentication tag lengths to a single value. Backport-PR-URL: #20706 PR-URL: #20039 Fixes: #17523 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Yihong Wang <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
This commit extracts the common code from the Cipher/Cipheriv and Decipher/Decipheriv constructors into a separate function to avoid code duplication. Backport-PR-URL: #20706 PR-URL: #20164 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
This commit adds a function named addCipherPrototypeFunctions to avoid code duplication. Backport-PR-URL: #20706 PR-URL: #20164 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
This commit renames rsaPublic and removes the rsaPrivate function as the code in these two functions are identical. Backport-PR-URL: #20706 PR-URL: #20164 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
Currently the following compiler warnings are issued by clang:
../src/node_crypto.cc:2801:56:
warning: '&&' within '||' [-Wlogical-op-parentheses]
return tag_len == 4 || tag_len == 8 || tag_len >= 12 && tag_len <= 16;
~~ ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~
../src/node_crypto.cc:2801:56:
note: place parentheses around the '&&' expression to silence this
warning
return tag_len == 4 || tag_len == 8 || tag_len >= 12 && tag_len <= 16;
^
../src/node_crypto.cc:2925:51:
warning: '&&' within '||' [-Wlogical-op-parentheses]
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~
../src/node_crypto.cc:2925:51:
note: place parentheses around the '&&' expression to silence this
warning
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
^
This commit adds parenthesis around these expressions to silence the
warnings.
Backport-PR-URL: #20706
PR-URL: #20216
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
This commit removes the usage of the deprectated crypto.DEFAULT_ENCODING. Backport-PR-URL: #20706 PR-URL: #20221 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
Backport-PR-URL: #20706 PR-URL: #20225 Refs: #20039 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
Backport-PR-URL: #20706 PR-URL: #20225 Refs: #20039 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
The authTagLength option can now be used to produce GCM authentication tags with a specific length. Backport-PR-URL: #20706 PR-URL: #20235 Refs: #20039 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Yihong Wang <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
For key wrapping algorithms, calling EVP_CipherUpdate() with null output could obtain the size for the ciphertext. Then use the returned size to allocate output buffer. Also add a test case to verify des3-wrap. Signed-off-by: Yihong Wang <[email protected]> Backport-PR-URL: #20706 PR-URL: #20370 Fixes: #19655 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]>
addaleax
added a commit
that referenced
this pull request
May 14, 2018
Prefer custom smart pointers fitted to the OpenSSL data structures over more manual memory management and lots of `goto`s. Backport-PR-URL: #20706 PR-URL: #20238 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Tiancheng "Timothy" Gu <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]>
addaleax
pushed a commit
that referenced
this pull request
May 14, 2018
Add test cases for AES key wrapping and only detect output length in cipher case. The reason being is the returned output length is insufficient in AES key unwrapping case. Backport-PR-URL: #20706 PR-URL: #20587 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
Member
|
Landed in b6ea5df...cecec46, thank you a lot! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a manual backport of all commits listed in #20691. Full list of commits:
It would be great if @danbev, @yhwang, @addaleax could have a look at their respective commits (FYI, Anna's commit landed without conflicts).
Fixes: #20691