OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

src: cleaning up more crypto internals for ncrypto

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/56526
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This commit is contained in:
James M Snell 2025-01-08 07:14:32 -08:00 committed by Node.js GitHub Bot
parent afaa14b5ca
commit 6879ab9b89
40 changed files with 336 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
deps/ncrypto/ncrypto.h vendored
View File

@ -197,10 +197,7 @@ using DeleteFnPtr = typename FunctionDeleter<T, function>::Pointer;
using BignumCtxPointer = DeleteFnPtr<BN_CTX, BN_CTX_free>;
using BignumGenCallbackPointer = DeleteFnPtr<BN_GENCB, BN_GENCB_free>;
using DSAPointer = DeleteFnPtr<DSA, DSA_free>;
using DSASigPointer = DeleteFnPtr<DSA_SIG, DSA_SIG_free>;
using ECDSASigPointer = DeleteFnPtr<ECDSA_SIG, ECDSA_SIG_free>;
using ECPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
using ECGroupPointer = DeleteFnPtr<EC_GROUP, EC_GROUP_free>;
using ECKeyPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
using ECPointPointer = DeleteFnPtr<EC_POINT, EC_POINT_free>;

7
src/crypto/crypto_aes.cc
View File

@ -16,6 +16,9 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::Cipher;
using ncrypto::CipherCtxPointer;
using v8::FunctionCallbackInfo;
using v8::Just;
using v8::JustVoid;
@ -60,7 +63,7 @@ WebCryptoCipherStatus AES_Cipher(Environment* env,
if (!ctx.setKeyLength(key_data.GetSymmetricKeySize()) ||
!ctx.init(
ncrypto::Cipher(),
Cipher(),
encrypt,
reinterpret_cast<const unsigned char*>(key_data.GetSymmetricKey()),
params.iv.data<unsigned char>())) {
@ -464,7 +467,7 @@ Maybe<void> AESCipherTraits::AdditionalConfig(
}
#undef V
params->cipher = ncrypto::Cipher::FromNid(cipher_nid);
params->cipher = Cipher::FromNid(cipher_nid);
if (!params->cipher) {
THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
return Nothing<void>();

3
src/crypto/crypto_bio.cc
View File

@ -30,6 +30,9 @@
#include <cstring>
namespace node {
using ncrypto::BIOPointer;
namespace crypto {
BIOPointer NodeBIO::New(Environment* env) {

7
src/crypto/crypto_bio.h
View File

@ -43,12 +43,13 @@ class NodeBIO : public MemoryRetainer {
public:
~NodeBIO() override;
static BIOPointer New(Environment* env = nullptr);
static ncrypto::BIOPointer New(Environment* env = nullptr);
// NewFixed takes a copy of `len` bytes from `data` and returns a BIO that,
// when read from, returns those bytes followed by EOF.
static BIOPointer NewFixed(const char* data, size_t len,
Environment* env = nullptr);
static ncrypto::BIOPointer NewFixed(const char* data,
size_t len,
Environment* env = nullptr);
// Move read head to next buffer if needed
void TryMoveReadHead();

22
src/crypto/crypto_cipher.cc
View File

@ -10,6 +10,13 @@
namespace node {
using ncrypto::Cipher;
using ncrypto::CipherCtxPointer;
using ncrypto::EVPKeyCtxPointer;
using ncrypto::EVPKeyPointer;
using ncrypto::MarkPopErrorOnReturn;
using ncrypto::SSLCtxPointer;
using ncrypto::SSLPointer;
using v8::Array;
using v8::ArrayBuffer;
using v8::BackingStore;
@ -42,10 +49,10 @@ void GetCipherInfo(const FunctionCallbackInfo<Value>& args) {
const auto cipher = ([&] {
if (args[1]->IsString()) {
Utf8Value name(env->isolate(), args[1]);
return ncrypto::Cipher::FromName(*name);
return Cipher::FromName(*name);
} else {
int nid = args[1].As<Int32>()->Value();
return ncrypto::Cipher::FromNid(nid);
return Cipher::FromNid(nid);
}
})();
@ -334,7 +341,7 @@ void CipherBase::CommonInit(const char* cipher_type,
return THROW_ERR_CRYPTO_INVALID_KEYLEN(env());
}
if (!ctx_.init(ncrypto::Cipher(), encrypt, key, iv)) {
if (!ctx_.init(Cipher(), encrypt, key, iv)) {
return ThrowCryptoError(env(), ERR_get_error(),
"Failed to initialize cipher");
}
@ -345,7 +352,7 @@ void CipherBase::Init(const char* cipher_type,
unsigned int auth_tag_len) {
HandleScope scope(env()->isolate());
MarkPopErrorOnReturn mark_pop_error_on_return;
auto cipher = ncrypto::Cipher::FromName(cipher_type);
auto cipher = Cipher::FromName(cipher_type);
if (!cipher) {
return THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env());
}
@ -415,7 +422,7 @@ void CipherBase::InitIv(const char* cipher_type,
HandleScope scope(env()->isolate());
MarkPopErrorOnReturn mark_pop_error_on_return;
auto cipher = ncrypto::Cipher::FromName(cipher_type);
auto cipher = Cipher::FromName(cipher_type);
if (!cipher) return THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env());
const int expected_iv_len = cipher.getIvLength();
@ -628,8 +635,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
} else {
// At this point, the tag length is already known and must match the
// length of the given authentication tag.
CHECK(
ncrypto::Cipher::FromCtx(cipher->ctx_).isSupportedAuthenticatedMode());
CHECK(Cipher::FromCtx(cipher->ctx_).isSupportedAuthenticatedMode());
CHECK_NE(cipher->auth_tag_len_, kNoAuthTagLength);
is_valid = cipher->auth_tag_len_ == tag_len;
}
@ -854,7 +860,7 @@ bool CipherBase::Final(std::unique_ptr<BackingStore>* out) {
}
if (kind_ == kDecipher &&
ncrypto::Cipher::FromCtx(ctx_).isSupportedAuthenticatedMode()) {
Cipher::FromCtx(ctx_).isSupportedAuthenticatedMode()) {
MaybePassAuthTagToOpenSSL();
}

4
src/crypto/crypto_cipher.h
View File

@ -85,7 +85,7 @@ class CipherBase : public BaseObject {
CipherBase(Environment* env, v8::Local<v8::Object> wrap, CipherKind kind);
private:
CipherCtxPointer ctx_;
ncrypto::CipherCtxPointer ctx_;
const CipherKind kind_;
AuthTagState auth_tag_state_;
unsigned int auth_tag_len_;
@ -110,7 +110,7 @@ class PublicKeyCipher {
EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
EVP_PKEY_cipher_t EVP_PKEY_cipher>
static bool Cipher(Environment* env,
const EVPKeyPointer& pkey,
const ncrypto::EVPKeyPointer& pkey,
int padding,
const EVP_MD* digest,
const ArrayBufferOrViewContents<unsigned char>& oaep_label,

16
src/crypto/crypto_common.cc
View File

@ -27,7 +27,13 @@
namespace node {
using ncrypto::ClearErrorOnReturn;
using ncrypto::EVPKeyPointer;
using ncrypto::SSLPointer;
using ncrypto::SSLSessionPointer;
using ncrypto::StackOfX509;
using ncrypto::X509Pointer;
using ncrypto::X509View;
using v8::ArrayBuffer;
using v8::BackingStore;
using v8::Context;
@ -135,7 +141,7 @@ MaybeLocal<Object> AddIssuerChainToObject(X509Pointer* cert,
for (;;) {
int i;
for (i = 0; i < sk_X509_num(peer_certs.get()); i++) {
ncrypto::X509View ca(sk_X509_value(peer_certs.get(), i));
X509View ca(sk_X509_value(peer_certs.get(), i));
if (!cert->view().isIssuedBy(ca)) continue;
Local<Value> ca_info;
@ -243,7 +249,7 @@ MaybeLocal<Object> GetEphemeralKey(Environment* env, const SSLPointer& ssl) {
EscapableHandleScope scope(env->isolate());
Local<Object> info = Object::New(env->isolate());
crypto::EVPKeyPointer key = ssl.getPeerTempKey();
EVPKeyPointer key = ssl.getPeerTempKey();
if (!key) return scope.Escape(info);
Local<Context> context = env->context();
@ -341,8 +347,8 @@ MaybeLocal<Value> GetPeerCert(
if (cert) {
return X509Certificate::toObject(env, cert.view());
}
return X509Certificate::toObject(
env, ncrypto::X509View(sk_X509_value(ssl_certs, 0)));
return X509Certificate::toObject(env,
X509View(sk_X509_value(ssl_certs, 0)));
}
StackOfX509 peer_certs = CloneSSLCerts(std::move(cert), ssl_certs);
@ -351,7 +357,7 @@ MaybeLocal<Value> GetPeerCert(
// First and main certificate.
Local<Value> result;
ncrypto::X509View first_cert(sk_X509_value(peer_certs.get(), 0));
X509View first_cert(sk_X509_value(peer_certs.get(), 0));
CHECK(first_cert);
if (!X509Certificate::toObject(env, first_cert).ToLocal(&result)) return {};
CHECK(result->IsObject());

36
src/crypto/crypto_common.h
View File

@ -22,13 +22,15 @@
namespace node {
namespace crypto {
SSLSessionPointer GetTLSSession(const unsigned char* buf, size_t length);
ncrypto::SSLSessionPointer GetTLSSession(const unsigned char* buf,
size_t length);
long VerifyPeerCertificate( // NOLINT(runtime/int)
const SSLPointer& ssl,
const ncrypto::SSLPointer& ssl,
long def = X509_V_ERR_UNSPECIFIED); // NOLINT(runtime/int)
bool UseSNIContext(const SSLPointer& ssl, BaseObjectPtr<SecureContext> context);
bool UseSNIContext(const ncrypto::SSLPointer& ssl,
BaseObjectPtr<SecureContext> context);
bool SetGroups(SecureContext* sc, const char* groups);
@ -36,21 +38,19 @@ v8::MaybeLocal<v8::Value> GetValidationErrorReason(Environment* env, int err);
v8::MaybeLocal<v8::Value> GetValidationErrorCode(Environment* env, int err);
v8::MaybeLocal<v8::Value> GetCert(Environment* env, const SSLPointer& ssl);
v8::MaybeLocal<v8::Value> GetCert(Environment* env,
const ncrypto::SSLPointer& ssl);
v8::MaybeLocal<v8::Object> GetCipherInfo(
Environment* env,
const SSLPointer& ssl);
v8::MaybeLocal<v8::Object> GetCipherInfo(Environment* env,
const ncrypto::SSLPointer& ssl);
v8::MaybeLocal<v8::Object> GetEphemeralKey(
Environment* env,
const SSLPointer& ssl);
v8::MaybeLocal<v8::Object> GetEphemeralKey(Environment* env,
const ncrypto::SSLPointer& ssl);
v8::MaybeLocal<v8::Value> GetPeerCert(
Environment* env,
const SSLPointer& ssl,
bool abbreviated = false,
bool is_server = false);
v8::MaybeLocal<v8::Value> GetPeerCert(Environment* env,
const ncrypto::SSLPointer& ssl,
bool abbreviated = false,
bool is_server = false);
v8::MaybeLocal<v8::Object> ECPointToBuffer(
Environment* env,
@ -60,9 +60,9 @@ v8::MaybeLocal<v8::Object> ECPointToBuffer(
const char** error);
v8::MaybeLocal<v8::Value> GetCurrentCipherName(Environment* env,
const SSLPointer& ssl);
v8::MaybeLocal<v8::Value> GetCurrentCipherVersion(Environment* env,
const SSLPointer& ssl);
const ncrypto::SSLPointer& ssl);
v8::MaybeLocal<v8::Value> GetCurrentCipherVersion(
Environment* env, const ncrypto::SSLPointer& ssl);
} // namespace crypto
} // namespace node

22
src/crypto/crypto_context.cc
View File

@ -21,7 +21,17 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::BIOPointer;
using ncrypto::ClearErrorOnReturn;
using ncrypto::CryptoErrorList;
using ncrypto::DHPointer;
using ncrypto::EnginePointer;
using ncrypto::EVPKeyPointer;
using ncrypto::MarkPopErrorOnReturn;
using ncrypto::SSLPointer;
using ncrypto::StackOfX509;
using ncrypto::X509Pointer;
using v8::Array;
using v8::ArrayBufferView;
using v8::Boolean;
@ -693,10 +703,10 @@ void SecureContext::SetEngineKey(const FunctionCallbackInfo<Value>& args) {
"experimental permission model is enabled");
}
ncrypto::CryptoErrorList errors;
CryptoErrorList errors;
Utf8Value engine_id(env->isolate(), args[1]);
auto engine = ncrypto::EnginePointer::getEngineByName(
engine_id.ToStringView(), &errors);
auto engine =
EnginePointer::getEngineByName(engine_id.ToStringView(), &errors);
if (!engine) {
Local<Value> exception;
if (errors.empty()) {
@ -1205,10 +1215,10 @@ void SecureContext::SetClientCertEngine(
"experimental permission model is enabled");
}
ncrypto::CryptoErrorList errors;
CryptoErrorList errors;
const Utf8Value engine_id(env->isolate(), args[0]);
auto engine = ncrypto::EnginePointer::getEngineByName(
engine_id.ToStringView(), &errors);
auto engine =
EnginePointer::getEngineByName(engine_id.ToStringView(), &errors);
if (!engine) {
Local<Value> exception;
if (errors.empty()) {

30
src/crypto/crypto_context.h
View File

@ -23,7 +23,7 @@ X509_STORE* NewRootCertStore();
X509_STORE* GetOrCreateRootCertStore();
BIOPointer LoadBIO(Environment* env, v8::Local<v8::Value> v);
ncrypto::BIOPointer LoadBIO(Environment* env, v8::Local<v8::Value> v);
class SecureContext final : public BaseObject {
public:
@ -41,27 +41,27 @@ class SecureContext final : public BaseObject {
static void RegisterExternalReferences(ExternalReferenceRegistry* registry);
static SecureContext* Create(Environment* env);
const SSLCtxPointer& ctx() const { return ctx_; }
const ncrypto::SSLCtxPointer& ctx() const { return ctx_; }
// Non-const ctx() that allows for non-default initialization of
// the SecureContext.
SSLCtxPointer& ctx() { return ctx_; }
ncrypto::SSLCtxPointer& ctx() { return ctx_; }
SSLPointer CreateSSL();
ncrypto::SSLPointer CreateSSL();
void SetGetSessionCallback(GetSessionCb cb);
void SetKeylogCallback(KeylogCb cb);
void SetNewSessionCallback(NewSessionCb cb);
void SetSelectSNIContextCallback(SelectSNIContextCb cb);
inline const X509Pointer& issuer() const { return issuer_; }
inline const X509Pointer& cert() const { return cert_; }
inline const ncrypto::X509Pointer& issuer() const { return issuer_; }
inline const ncrypto::X509Pointer& cert() const { return cert_; }
v8::Maybe<void> AddCert(Environment* env, BIOPointer&& bio);
v8::Maybe<void> SetCRL(Environment* env, const BIOPointer& bio);
v8::Maybe<void> AddCert(Environment* env, ncrypto::BIOPointer&& bio);
v8::Maybe<void> SetCRL(Environment* env, const ncrypto::BIOPointer& bio);
v8::Maybe<void> UseKey(Environment* env, const KeyObjectData& key);
void SetCACert(const BIOPointer& bio);
void SetCACert(const ncrypto::BIOPointer& bio);
void SetRootCerts();
void SetX509StoreFlag(unsigned long flags); // NOLINT(runtime/int)
@ -144,9 +144,9 @@ class SecureContext final : public BaseObject {
void Reset();
private:
SSLCtxPointer ctx_;
X509Pointer cert_;
X509Pointer issuer_;
ncrypto::SSLCtxPointer ctx_;
ncrypto::X509Pointer cert_;
ncrypto::X509Pointer issuer_;
// Non-owning cache for SSL_CTX_get_cert_store(ctx_.get())
X509_STORE* own_cert_store_cache_ = nullptr;
#ifndef OPENSSL_NO_ENGINE
@ -160,9 +160,9 @@ class SecureContext final : public BaseObject {
};
int SSL_CTX_use_certificate_chain(SSL_CTX* ctx,
BIOPointer&& in,
X509Pointer* cert,
X509Pointer* issuer);
ncrypto::BIOPointer&& in,
ncrypto::X509Pointer* cert,
ncrypto::X509Pointer* issuer);
} // namespace crypto
} // namespace node

12
src/crypto/crypto_dh.cc
View File

@ -14,6 +14,11 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::DataPointer;
using ncrypto::DHPointer;
using ncrypto::EVPKeyCtxPointer;
using ncrypto::EVPKeyPointer;
using v8::ArrayBuffer;
using v8::ConstructorBehavior;
using v8::Context;
@ -47,14 +52,11 @@ void DiffieHellman::MemoryInfo(MemoryTracker* tracker) const {
}
namespace {
MaybeLocal<Value> DataPointerToBuffer(Environment* env,
ncrypto::DataPointer&& data) {
MaybeLocal<Value> DataPointerToBuffer(Environment* env, DataPointer&& data) {
auto backing = ArrayBuffer::NewBackingStore(
data.get(),
data.size(),
[](void* data, size_t len, void* ptr) {
ncrypto::DataPointer free_ne(data, len);
},
[](void* data, size_t len, void* ptr) { DataPointer free_me(data, len); },
nullptr);
data.release();

12
src/crypto/crypto_dh.h
View File

@ -19,22 +19,24 @@ class DiffieHellman final : public BaseObject {
static void Initialize(Environment* env, v8::Local<v8::Object> target);
static void RegisterExternalReferences(ExternalReferenceRegistry* registry);
DiffieHellman(Environment* env, v8::Local<v8::Object> wrap, DHPointer dh);
operator DHPointer&() { return dh_; }
DiffieHellman(Environment* env,
v8::Local<v8::Object> wrap,
ncrypto::DHPointer dh);
operator ncrypto::DHPointer&() { return dh_; }
void MemoryInfo(MemoryTracker* tracker) const override;
SET_MEMORY_INFO_NAME(DiffieHellman)
SET_SELF_SIZE(DiffieHellman)
private:
DHPointer dh_;
ncrypto::DHPointer dh_;
};
struct DhKeyPairParams final : public MemoryRetainer {
// Diffie-Hellman can either generate keys using a fixed prime, or by first
// generating a random prime of a given size (in bits). Only one of both
// options may be specified.
std::variant<BignumPointer, int> prime;
std::variant<ncrypto::BignumPointer, int> prime;
unsigned int generator;
SET_NO_MEMORY_INFO()
SET_MEMORY_INFO_NAME(DhKeyPairParams)
@ -47,7 +49,7 @@ struct DhKeyGenTraits final {
using AdditionalParameters = DhKeyPairGenConfig;
static constexpr const char* JobName = "DhKeyPairGenJob";
static EVPKeyCtxPointer Setup(DhKeyPairGenConfig* params);
static ncrypto::EVPKeyCtxPointer Setup(DhKeyPairGenConfig* params);
static v8::Maybe<void> AdditionalConfig(
CryptoJobMode mode,

3
src/crypto/crypto_dsa.cc
View File

@ -25,6 +25,9 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::EVPKeyCtxPointer;
using ncrypto::EVPKeyPointer;
using v8::FunctionCallbackInfo;
using v8::Int32;
using v8::JustVoid;

2
src/crypto/crypto_dsa.h
View File

@ -26,7 +26,7 @@ struct DsaKeyGenTraits final {
using AdditionalParameters = DsaKeyPairGenConfig;
static constexpr const char* JobName = "DsaKeyPairGenJob";
static EVPKeyCtxPointer Setup(DsaKeyPairGenConfig* params);
static ncrypto::EVPKeyCtxPointer Setup(DsaKeyPairGenConfig* params);
static v8::Maybe<void> AdditionalConfig(
CryptoJobMode mode,

10
src/crypto/crypto_ec.cc
View File

@ -18,6 +18,14 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::DataPointer;
using ncrypto::ECGroupPointer;
using ncrypto::ECKeyPointer;
using ncrypto::ECPointPointer;
using ncrypto::EVPKeyCtxPointer;
using ncrypto::EVPKeyPointer;
using ncrypto::MarkPopErrorOnReturn;
using v8::Array;
using v8::ArrayBuffer;
using v8::BackingStore;
@ -821,7 +829,7 @@ Maybe<void> ExportJWKEdKey(Environment* env,
})();
static constexpr auto trySetKey = [](Environment* env,
ncrypto::DataPointer data,
DataPointer data,
Local<Object> target,
Local<String> key) {
Local<Value> encoded;

16
src/crypto/crypto_ec.h
View File

@ -24,9 +24,9 @@ class ECDH final : public BaseObject {
static void Initialize(Environment* env, v8::Local<v8::Object> target);
static void RegisterExternalReferences(ExternalReferenceRegistry* registry);
static ECPointPointer BufferToPoint(Environment* env,
const EC_GROUP* group,
v8::Local<v8::Value> buf);
static ncrypto::ECPointPointer BufferToPoint(Environment* env,
const EC_GROUP* group,
v8::Local<v8::Value> buf);
void MemoryInfo(MemoryTracker* tracker) const override;
SET_MEMORY_INFO_NAME(ECDH)
@ -37,7 +37,9 @@ class ECDH final : public BaseObject {
static void GetCurves(const v8::FunctionCallbackInfo<v8::Value>& args);
protected:
ECDH(Environment* env, v8::Local<v8::Object> wrap, ECKeyPointer&& key);
ECDH(Environment* env,
v8::Local<v8::Object> wrap,
ncrypto::ECKeyPointer&& key);
static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
static void GenerateKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
@ -48,9 +50,9 @@ class ECDH final : public BaseObject {
static void SetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
bool IsKeyPairValid();
bool IsKeyValidForCurve(const BignumPointer& private_key);
bool IsKeyValidForCurve(const ncrypto::BignumPointer& private_key);
ECKeyPointer key_;
ncrypto::ECKeyPointer key_;
const EC_GROUP* group_;
};
@ -102,7 +104,7 @@ struct EcKeyGenTraits final {
using AdditionalParameters = EcKeyPairGenConfig;
static constexpr const char* JobName = "EcKeyPairGenJob";
static EVPKeyCtxPointer Setup(EcKeyPairGenConfig* params);
static ncrypto::EVPKeyCtxPointer Setup(EcKeyPairGenConfig* params);
static v8::Maybe<void> AdditionalConfig(
CryptoJobMode mode,

2
src/crypto/crypto_hash.cc
View File

@ -11,6 +11,8 @@
namespace node {
using ncrypto::EVPMDCtxPointer;
using ncrypto::MarkPopErrorOnReturn;
using v8::Context;
using v8::FunctionCallbackInfo;
using v8::FunctionTemplate;

2
src/crypto/crypto_hash.h
View File

@ -36,7 +36,7 @@ class Hash final : public BaseObject {
Hash(Environment* env, v8::Local<v8::Object> wrap);
private:
EVPMDCtxPointer mdctx_{};
ncrypto::EVPMDCtxPointer mdctx_{};
unsigned int md_len_ = 0;
ByteSource digest_;
};

1
src/crypto/crypto_hmac.cc
View File

@ -13,6 +13,7 @@
namespace node {
using ncrypto::HMACCtxPointer;
using v8::Boolean;
using v8::FunctionCallbackInfo;
using v8::FunctionTemplate;

2
src/crypto/crypto_hmac.h
View File

@ -36,7 +36,7 @@ class Hmac : public BaseObject {
static void Sign(const v8::FunctionCallbackInfo<v8::Value>& args);
private:
HMACCtxPointer ctx_;
ncrypto::HMACCtxPointer ctx_;
};
struct HmacConfig final : public MemoryRetainer {

1
src/crypto/crypto_keygen.cc
View File

@ -12,6 +12,7 @@
namespace node {
using ncrypto::EVPKeyCtxPointer;
using v8::FunctionCallbackInfo;
using v8::Int32;
using v8::JustVoid;

6
src/crypto/crypto_keygen.h
View File

@ -163,7 +163,7 @@ struct KeyPairGenTraits final {
static KeyGenJobStatus DoKeyGen(
Environment* env,
AdditionalParameters* params) {
EVPKeyCtxPointer ctx = KeyPairAlgorithmTraits::Setup(params);
ncrypto::EVPKeyCtxPointer ctx = KeyPairAlgorithmTraits::Setup(params);
if (!ctx)
return KeyGenJobStatus::FAILED;
@ -174,7 +174,7 @@ struct KeyPairGenTraits final {
return KeyGenJobStatus::FAILED;
auto data = KeyObjectData::CreateAsymmetric(KeyType::kKeyTypePrivate,
EVPKeyPointer(pkey));
ncrypto::EVPKeyPointer(pkey));
if (!data) [[unlikely]]
return KeyGenJobStatus::FAILED;
params->key = std::move(data);
@ -280,7 +280,7 @@ struct NidKeyPairGenTraits final {
using AdditionalParameters = NidKeyPairGenConfig;
static constexpr const char* JobName = "NidKeyPairGenJob";
static EVPKeyCtxPointer Setup(NidKeyPairGenConfig* params);
static ncrypto::EVPKeyCtxPointer Setup(NidKeyPairGenConfig* params);
static v8::Maybe<void> AdditionalConfig(
CryptoJobMode mode,

98
src/crypto/crypto_keys.cc
View File

@ -18,6 +18,13 @@
namespace node {
using ncrypto::BIOPointer;
using ncrypto::ECKeyPointer;
using ncrypto::ECPointPointer;
using ncrypto::EVPKeyCtxPointer;
using ncrypto::EVPKeyPointer;
using ncrypto::MarkPopErrorOnReturn;
using ncrypto::PKCS8Pointer;
using v8::Array;
using v8::Context;
using v8::Function;
@ -41,11 +48,11 @@ using v8::Value;
namespace crypto {
namespace {
Maybe<ncrypto::EVPKeyPointer::AsymmetricKeyEncodingConfig>
GetKeyFormatAndTypeFromJs(const FunctionCallbackInfo<Value>& args,
unsigned int* offset,
KeyEncodingContext context) {
ncrypto::EVPKeyPointer::AsymmetricKeyEncodingConfig config;
Maybe<EVPKeyPointer::AsymmetricKeyEncodingConfig> GetKeyFormatAndTypeFromJs(
const FunctionCallbackInfo<Value>& args,
unsigned int* offset,
KeyEncodingContext context) {
EVPKeyPointer::AsymmetricKeyEncodingConfig config;
// During key pair generation, it is possible not to specify a key encoding,
// which will lead to a key object being returned.
if (args[*offset]->IsUndefined()) {
@ -56,19 +63,19 @@ GetKeyFormatAndTypeFromJs(const FunctionCallbackInfo<Value>& args,
config.output_key_object = false;
CHECK(args[*offset]->IsInt32());
config.format = static_cast<ncrypto::EVPKeyPointer::PKFormatType>(
config.format = static_cast<EVPKeyPointer::PKFormatType>(
args[*offset].As<Int32>()->Value());
if (args[*offset + 1]->IsInt32()) {
config.type = static_cast<ncrypto::EVPKeyPointer::PKEncodingType>(
config.type = static_cast<EVPKeyPointer::PKEncodingType>(
args[*offset + 1].As<Int32>()->Value());
} else {
CHECK((context == kKeyContextInput &&
config.format == ncrypto::EVPKeyPointer::PKFormatType::PEM) ||
config.format == EVPKeyPointer::PKFormatType::PEM) ||
(context == kKeyContextGenerate &&
config.format == ncrypto::EVPKeyPointer::PKFormatType::JWK));
config.format == EVPKeyPointer::PKFormatType::JWK));
CHECK(args[*offset + 1]->IsNullOrUndefined());
config.type = ncrypto::EVPKeyPointer::PKEncodingType::PKCS1;
config.type = EVPKeyPointer::PKEncodingType::PKCS1;
}
}
@ -79,16 +86,16 @@ GetKeyFormatAndTypeFromJs(const FunctionCallbackInfo<Value>& args,
MaybeLocal<Value> BIOToStringOrBuffer(
Environment* env,
const BIOPointer& bio,
const ncrypto::EVPKeyPointer::AsymmetricKeyEncodingConfig& config) {
const EVPKeyPointer::AsymmetricKeyEncodingConfig& config) {
BUF_MEM* bptr = bio;
if (config.format == ncrypto::EVPKeyPointer::PKFormatType::PEM) {
if (config.format == EVPKeyPointer::PKFormatType::PEM) {
// PEM is an ASCII format, so we will return it as a string.
return String::NewFromUtf8(
env->isolate(), bptr->data, NewStringType::kNormal, bptr->length)
.FromMaybe(Local<Value>());
}
CHECK_EQ(config.format, ncrypto::EVPKeyPointer::PKFormatType::DER);
CHECK_EQ(config.format, EVPKeyPointer::PKFormatType::DER);
// DER is binary, return it as a buffer.
return Buffer::Copy(env, bptr->data, bptr->length).FromMaybe(Local<Value>());
}
@ -96,7 +103,7 @@ MaybeLocal<Value> BIOToStringOrBuffer(
MaybeLocal<Value> WritePrivateKey(
Environment* env,
const EVPKeyPointer& pkey,
const ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig& config) {
const EVPKeyPointer::PrivateKeyEncodingConfig& config) {
CHECK(pkey);
auto res = pkey.writePrivateKey(config);
if (res) {
@ -111,7 +118,7 @@ MaybeLocal<Value> WritePrivateKey(
MaybeLocal<Value> WritePublicKey(
Environment* env,
const EVPKeyPointer& pkey,
const ncrypto::EVPKeyPointer::PublicKeyEncodingConfig& config) {
const EVPKeyPointer::PublicKeyEncodingConfig& config) {
CHECK(pkey);
auto res = pkey.writePublicKey(config);
if (res) {
@ -243,7 +250,7 @@ Maybe<void> GetAsymmetricKeyDetail(Environment* env,
KeyObjectData TryParsePrivateKey(
Environment* env,
const ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig& config,
const EVPKeyPointer::PrivateKeyEncodingConfig& config,
const ncrypto::Buffer<const unsigned char>& buffer) {
auto res = EVPKeyPointer::TryParsePrivateKey(config, buffer);
if (res) {
@ -285,7 +292,7 @@ Maybe<void> ExportJWKInner(Environment* env,
Maybe<void> KeyObjectData::ToEncodedPublicKey(
Environment* env,
const ncrypto::EVPKeyPointer::PublicKeyEncodingConfig& config,
const EVPKeyPointer::PublicKeyEncodingConfig& config,
Local<Value>* out) {
CHECK(key_type_ != KeyType::kKeyTypeSecret);
if (config.output_key_object) {
@ -294,7 +301,7 @@ Maybe<void> KeyObjectData::ToEncodedPublicKey(
return NothingIfFalse(
KeyObjectHandle::Create(env, addRefWithType(KeyType::kKeyTypePublic))
.ToLocal(out));
} else if (config.format == ncrypto::EVPKeyPointer::PKFormatType::JWK) {
} else if (config.format == EVPKeyPointer::PKFormatType::JWK) {
*out = Object::New(env->isolate());
return ExportJWKInner(
env, addRefWithType(KeyType::kKeyTypePublic), *out, false);
@ -306,14 +313,14 @@ Maybe<void> KeyObjectData::ToEncodedPublicKey(
Maybe<void> KeyObjectData::ToEncodedPrivateKey(
Environment* env,
const ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig& config,
const EVPKeyPointer::PrivateKeyEncodingConfig& config,
Local<Value>* out) {
CHECK(key_type_ != KeyType::kKeyTypeSecret);
if (config.output_key_object) {
return NothingIfFalse(
KeyObjectHandle::Create(env, addRefWithType(KeyType::kKeyTypePrivate))
.ToLocal(out));
} else if (config.format == ncrypto::EVPKeyPointer::PKFormatType::JWK) {
} else if (config.format == EVPKeyPointer::PKFormatType::JWK) {
*out = Object::New(env->isolate());
return ExportJWKInner(
env, addRefWithType(KeyType::kKeyTypePrivate), *out, false);
@ -323,16 +330,16 @@ Maybe<void> KeyObjectData::ToEncodedPrivateKey(
WritePrivateKey(env, GetAsymmetricKey(), config).ToLocal(out));
}
Maybe<ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig>
Maybe<EVPKeyPointer::PrivateKeyEncodingConfig>
KeyObjectData::GetPrivateKeyEncodingFromJs(
const FunctionCallbackInfo<Value>& args,
unsigned int* offset,
KeyEncodingContext context) {
Environment* env = Environment::GetCurrent(args);
ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig config;
EVPKeyPointer::PrivateKeyEncodingConfig config;
if (!GetKeyFormatAndTypeFromJs(args, offset, context).To(&config)) {
return Nothing<ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig>();
return Nothing<EVPKeyPointer::PrivateKeyEncodingConfig>();
}
if (config.output_key_object) {
@ -346,7 +353,7 @@ KeyObjectData::GetPrivateKeyEncodingFromJs(
config.cipher = EVP_get_cipherbyname(*cipher_name);
if (config.cipher == nullptr) {
THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
return Nothing<ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig>();
return Nothing<EVPKeyPointer::PrivateKeyEncodingConfig>();
}
needs_passphrase = true;
} else {
@ -361,7 +368,7 @@ KeyObjectData::GetPrivateKeyEncodingFromJs(
ArrayBufferOrViewContents<char> passphrase(args[*offset]);
if (!passphrase.CheckSizeInt32()) [[unlikely]] {
THROW_ERR_OUT_OF_RANGE(env, "passphrase is too big");
return Nothing<ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig>();
return Nothing<EVPKeyPointer::PrivateKeyEncodingConfig>();
}
config.passphrase = passphrase.ToDataPointer();
} else {
@ -370,11 +377,10 @@ KeyObjectData::GetPrivateKeyEncodingFromJs(
}
(*offset)++;
return Just<ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig>(
std::move(config));
return Just<EVPKeyPointer::PrivateKeyEncodingConfig>(std::move(config));
}
Maybe<ncrypto::EVPKeyPointer::PublicKeyEncodingConfig>
Maybe<EVPKeyPointer::PublicKeyEncodingConfig>
KeyObjectData::GetPublicKeyEncodingFromJs(
const FunctionCallbackInfo<Value>& args,
unsigned int* offset,
@ -390,7 +396,7 @@ KeyObjectData KeyObjectData::GetPrivateKeyFromJs(
Environment* env = Environment::GetCurrent(args);
auto key = ByteSource::FromStringOrBuffer(env, args[(*offset)++]);
ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig config;
EVPKeyPointer::PrivateKeyEncodingConfig config;
if (!GetPrivateKeyEncodingFromJs(args, offset, kKeyContextInput)
.To(&config)) {
return {};
@ -423,7 +429,7 @@ KeyObjectData KeyObjectData::GetPublicOrPrivateKeyFromJs(
return {};
}
ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig config;
EVPKeyPointer::PrivateKeyEncodingConfig config;
if (!KeyObjectData::GetPrivateKeyEncodingFromJs(
args, offset, kKeyContextInput)
.To(&config)) {
@ -435,7 +441,7 @@ KeyObjectData KeyObjectData::GetPublicOrPrivateKeyFromJs(
.len = data.size(),
};
if (config.format == ncrypto::EVPKeyPointer::PKFormatType::PEM) {
if (config.format == EVPKeyPointer::PKFormatType::PEM) {
// For PEM, we can easily determine whether it is a public or private key
// by looking for the respective PEM tags.
auto res = EVPKeyPointer::TryParsePublicKeyPEM(buffer);
@ -456,13 +462,13 @@ KeyObjectData KeyObjectData::GetPublicOrPrivateKeyFromJs(
static const auto is_public = [](const auto& config,
const auto& buffer) -> bool {
switch (config.type) {
case ncrypto::EVPKeyPointer::PKEncodingType::PKCS1:
case EVPKeyPointer::PKEncodingType::PKCS1:
return !EVPKeyPointer::IsRSAPrivateKey(buffer);
case ncrypto::EVPKeyPointer::PKEncodingType::SPKI:
case EVPKeyPointer::PKEncodingType::SPKI:
return true;
case ncrypto::EVPKeyPointer::PKEncodingType::PKCS8:
case EVPKeyPointer::PKEncodingType::PKCS8:
return false;
case ncrypto::EVPKeyPointer::PKEncodingType::SEC1:
case EVPKeyPointer::PKEncodingType::SEC1:
return false;
default:
UNREACHABLE("Invalid key encoding type");
@ -990,7 +996,7 @@ void KeyObjectHandle::Export(const FunctionCallbackInfo<Value>& args) {
result = key->ExportSecretKey();
} else if (type == kKeyTypePublic) {
unsigned int offset = 0;
ncrypto::EVPKeyPointer::PublicKeyEncodingConfig config;
EVPKeyPointer::PublicKeyEncodingConfig config;
if (!KeyObjectData::GetPublicKeyEncodingFromJs(
args, &offset, kKeyContextExport)
.To(&config)) {
@ -1001,7 +1007,7 @@ void KeyObjectHandle::Export(const FunctionCallbackInfo<Value>& args) {
} else {
CHECK_EQ(type, kKeyTypePrivate);
unsigned int offset = 0;
ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig config;
EVPKeyPointer::PrivateKeyEncodingConfig config;
if (!KeyObjectData::GetPrivateKeyEncodingFromJs(
args, &offset, kKeyContextExport)
.To(&config)) {
@ -1022,12 +1028,12 @@ MaybeLocal<Value> KeyObjectHandle::ExportSecretKey() const {
}
MaybeLocal<Value> KeyObjectHandle::ExportPublicKey(
const ncrypto::EVPKeyPointer::PublicKeyEncodingConfig& config) const {
const EVPKeyPointer::PublicKeyEncodingConfig& config) const {
return WritePublicKey(env(), data_.GetAsymmetricKey(), config);
}
MaybeLocal<Value> KeyObjectHandle::ExportPrivateKey(
const ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig& config) const {
const EVPKeyPointer::PrivateKeyEncodingConfig& config) const {
return WritePrivateKey(env(), data_.GetAsymmetricKey(), config);
}
@ -1184,19 +1190,19 @@ void Initialize(Environment* env, Local<Object> target) {
KeyObjectHandle::Initialize(env)).Check();
constexpr int kKeyEncodingPKCS1 =
static_cast<int>(ncrypto::EVPKeyPointer::PKEncodingType::PKCS1);
static_cast<int>(EVPKeyPointer::PKEncodingType::PKCS1);
constexpr int kKeyEncodingPKCS8 =
static_cast<int>(ncrypto::EVPKeyPointer::PKEncodingType::PKCS8);
static_cast<int>(EVPKeyPointer::PKEncodingType::PKCS8);
constexpr int kKeyEncodingSPKI =
static_cast<int>(ncrypto::EVPKeyPointer::PKEncodingType::SPKI);
static_cast<int>(EVPKeyPointer::PKEncodingType::SPKI);
constexpr int kKeyEncodingSEC1 =
static_cast<int>(ncrypto::EVPKeyPointer::PKEncodingType::SEC1);
static_cast<int>(EVPKeyPointer::PKEncodingType::SEC1);
constexpr int kKeyFormatDER =
static_cast<int>(ncrypto::EVPKeyPointer::PKFormatType::DER);
static_cast<int>(EVPKeyPointer::PKFormatType::DER);
constexpr int kKeyFormatPEM =
static_cast<int>(ncrypto::EVPKeyPointer::PKFormatType::PEM);
static_cast<int>(EVPKeyPointer::PKFormatType::PEM);
constexpr int kKeyFormatJWK =
static_cast<int>(ncrypto::EVPKeyPointer::PKFormatType::JWK);
static_cast<int>(EVPKeyPointer::PKFormatType::JWK);
NODE_DEFINE_CONSTANT(target, kWebCryptoKeyFormatRaw);
NODE_DEFINE_CONSTANT(target, kWebCryptoKeyFormatPKCS8);

20
src/crypto/crypto_keys.h
View File

@ -33,10 +33,11 @@ enum KeyEncodingContext {
enum class ParseKeyResult {
kParseKeyNotRecognized =
static_cast<int>(EVPKeyPointer::PKParseError::NOT_RECOGNIZED),
static_cast<int>(ncrypto::EVPKeyPointer::PKParseError::NOT_RECOGNIZED),
kParseKeyNeedPassphrase =
static_cast<int>(EVPKeyPointer::PKParseError::NEED_PASSPHRASE),
kParseKeyFailed = static_cast<int>(EVPKeyPointer::PKParseError::FAILED),
static_cast<int>(ncrypto::EVPKeyPointer::PKParseError::NEED_PASSPHRASE),
kParseKeyFailed =
static_cast<int>(ncrypto::EVPKeyPointer::PKParseError::FAILED),
kParseKeyOk,
};
@ -45,7 +46,8 @@ class KeyObjectData final : public MemoryRetainer {
public:
static KeyObjectData CreateSecret(ByteSource key);
static KeyObjectData CreateAsymmetric(KeyType type, EVPKeyPointer&& pkey);
static KeyObjectData CreateAsymmetric(KeyType type,
ncrypto::EVPKeyPointer&& pkey);
KeyObjectData(std::nullptr_t = nullptr);
@ -55,7 +57,7 @@ class KeyObjectData final : public MemoryRetainer {
// These functions allow unprotected access to the raw key material and should
// only be used to implement cryptographic operations requiring the key.
const EVPKeyPointer& GetAsymmetricKey() const;
const ncrypto::EVPKeyPointer& GetAsymmetricKey() const;
const char* GetSymmetricKey() const;
size_t GetSymmetricKeySize() const;
@ -103,11 +105,11 @@ class KeyObjectData final : public MemoryRetainer {
private:
explicit KeyObjectData(ByteSource symmetric_key);
explicit KeyObjectData(KeyType type, EVPKeyPointer&& pkey);
explicit KeyObjectData(KeyType type, ncrypto::EVPKeyPointer&& pkey);
static KeyObjectData GetParsedKey(KeyType type,
Environment* env,
EVPKeyPointer&& pkey,
ncrypto::EVPKeyPointer&& pkey,
ParseKeyResult ret,
const char* default_msg);
@ -116,10 +118,10 @@ class KeyObjectData final : public MemoryRetainer {
struct Data {
const ByteSource symmetric_key;
const EVPKeyPointer asymmetric_key;
const ncrypto::EVPKeyPointer asymmetric_key;
explicit Data(ByteSource symmetric_key)
: symmetric_key(std::move(symmetric_key)) {}
explicit Data(EVPKeyPointer asymmetric_key)
explicit Data(ncrypto::EVPKeyPointer asymmetric_key)
: asymmetric_key(std::move(asymmetric_key)) {}
};
std::shared_ptr<Data> data_;

5
src/crypto/crypto_random.cc
View File

@ -11,6 +11,8 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::ClearErrorOnReturn;
using v8::ArrayBuffer;
using v8::BackingStore;
using v8::Boolean;
@ -27,8 +29,7 @@ using v8::Value;
namespace crypto {
namespace {
ncrypto::BignumPointer::PrimeCheckCallback getPrimeCheckCallback(
Environment* env) {
BignumPointer::PrimeCheckCallback getPrimeCheckCallback(Environment* env) {
// The callback is used to check if the operation should be stopped.
// Currently, the only check we perform is if env->is_stopping()
// is true.

8
src/crypto/crypto_random.h
View File

@ -45,9 +45,9 @@ struct RandomBytesTraits final {
using RandomBytesJob = DeriveBitsJob<RandomBytesTraits>;
struct RandomPrimeConfig final : public MemoryRetainer {
BignumPointer prime;
BignumPointer rem;
BignumPointer add;
ncrypto::BignumPointer prime;
ncrypto::BignumPointer rem;
ncrypto::BignumPointer add;
int bits;
bool safe;
void MemoryInfo(MemoryTracker* tracker) const override;
@ -80,7 +80,7 @@ struct RandomPrimeTraits final {
using RandomPrimeJob = DeriveBitsJob<RandomPrimeTraits>;
struct CheckPrimeConfig final : public MemoryRetainer {
BignumPointer candidate;
ncrypto::BignumPointer candidate;
int checks = 1;
void MemoryInfo(MemoryTracker* tracker) const override;

4
src/crypto/crypto_rsa.cc
View File

@ -14,6 +14,10 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::EVPKeyCtxPointer;
using ncrypto::EVPKeyPointer;
using ncrypto::RSAPointer;
using v8::ArrayBuffer;
using v8::BackingStore;
using v8::FunctionCallbackInfo;

2
src/crypto/crypto_rsa.h
View File

@ -41,7 +41,7 @@ struct RsaKeyGenTraits final {
using AdditionalParameters = RsaKeyPairGenConfig;
static constexpr const char* JobName = "RsaKeyPairGenJob";
static EVPKeyCtxPointer Setup(RsaKeyPairGenConfig* params);
static ncrypto::EVPKeyCtxPointer Setup(RsaKeyPairGenConfig* params);
static v8::Maybe<void> AdditionalConfig(
CryptoJobMode mode,

6
src/crypto/crypto_sig.cc
View File

@ -12,6 +12,12 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::ClearErrorOnReturn;
using ncrypto::ECDSASigPointer;
using ncrypto::EVPKeyCtxPointer;
using ncrypto::EVPKeyPointer;
using ncrypto::EVPMDCtxPointer;
using v8::ArrayBuffer;
using v8::BackingStore;
using v8::Boolean;

6
src/crypto/crypto_sig.h
View File

@ -42,7 +42,7 @@ class SignBase : public BaseObject {
SET_SELF_SIZE(SignBase)
protected:
EVPMDCtxPointer mdctx_;
ncrypto::EVPMDCtxPointer mdctx_;
};
class Sign : public SignBase {
@ -60,7 +60,7 @@ class Sign : public SignBase {
: error(err), signature(std::move(sig)) {}
};
SignResult SignFinal(const EVPKeyPointer& pkey,
SignResult SignFinal(const ncrypto::EVPKeyPointer& pkey,
int padding,
const v8::Maybe<int>& saltlen,
DSASigEnc dsa_sig_enc);
@ -81,7 +81,7 @@ class Verify : public SignBase {
static void Initialize(Environment* env, v8::Local<v8::Object> target);
static void RegisterExternalReferences(ExternalReferenceRegistry* registry);
Error VerifyFinal(const EVPKeyPointer& key,
Error VerifyFinal(const ncrypto::EVPKeyPointer& key,
const ByteSource& sig,
int padding,
const v8::Maybe<int>& saltlen,

1
src/crypto/crypto_spkac.cc
View File

@ -9,6 +9,7 @@
namespace node {
using ncrypto::BIOPointer;
using v8::Context;
using v8::FunctionCallbackInfo;
using v8::Local;

6
src/crypto/crypto_tls.cc
View File

@ -36,6 +36,12 @@
namespace node {
using ncrypto::BIOPointer;
using ncrypto::ClearErrorOnReturn;
using ncrypto::MarkPopErrorOnReturn;
using ncrypto::SSLPointer;
using ncrypto::SSLSessionPointer;
using ncrypto::X509Pointer;
using v8::Array;
using v8::ArrayBuffer;
using v8::ArrayBufferView;

6
src/crypto/crypto_tls.h
View File

@ -248,8 +248,8 @@ class TLSWrap : public AsyncWrap,
Environment* const env_;
Kind kind_;
SSLSessionPointer next_sess_;
SSLPointer ssl_;
ncrypto::SSLSessionPointer next_sess_;
ncrypto::SSLPointer ssl_;
ClientHelloParser hello_parser_;
v8::Global<v8::ArrayBufferView> ocsp_response_;
BaseObjectPtr<SecureContext> sni_context_;
@ -288,7 +288,7 @@ class TLSWrap : public AsyncWrap,
CertCb cert_cb_ = nullptr;
void* cert_cb_arg_ = nullptr;
BIOPointer bio_trace_;
ncrypto::BIOPointer bio_trace_;
bool has_active_write_issued_by_prev_listener_ = false;

17
src/crypto/crypto_util.cc
View File

@ -26,6 +26,11 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::BIOPointer;
using ncrypto::CryptoErrorList;
using ncrypto::EnginePointer;
using ncrypto::EVPKeyCtxPointer;
using v8::ArrayBuffer;
using v8::BackingStore;
using v8::BigInt;
@ -162,7 +167,7 @@ void InitCryptoOnce() {
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
#ifndef OPENSSL_NO_ENGINE
ncrypto::EnginePointer::initEnginesOnce();
EnginePointer::initEnginesOnce();
#endif // !OPENSSL_NO_ENGINE
}
@ -181,7 +186,7 @@ void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
CHECK(env->owns_process_state());
bool enable = args[0]->BooleanValue(env->isolate());
ncrypto::CryptoErrorList errors;
CryptoErrorList errors;
if (!ncrypto::setFipsEnabled(enable, &errors)) {
Local<Value> exception;
if (cryptoErrorListToException(env, errors).ToLocal(&exception)) {
@ -210,8 +215,8 @@ bool CryptoErrorStore::Empty() const {
return errors_.empty();
}
MaybeLocal<Value> cryptoErrorListToException(
Environment* env, const ncrypto::CryptoErrorList& errors) {
MaybeLocal<Value> cryptoErrorListToException(Environment* env,
const CryptoErrorList& errors) {
// The CryptoErrorList contains a listing of zero or more errors.
// If there are no errors, it is likely a bug but we will return
// an error anyway.
@ -588,7 +593,7 @@ void SetEngine(const FunctionCallbackInfo<Value>& args) {
// If the engine name is not known, calling setAsDefault on the
// empty engine pointer will be non-op that always returns false.
args.GetReturnValue().Set(
ncrypto::EnginePointer::getEngineByName(engine_id.ToStringView())
EnginePointer::getEngineByName(engine_id.ToStringView())
.setAsDefault(flags));
}
#endif // !OPENSSL_NO_ENGINE
@ -598,7 +603,7 @@ MaybeLocal<Value> EncodeBignum(
const BIGNUM* bn,
int size,
Local<Value>* error) {
auto buf = ncrypto::BignumPointer::EncodePadded(bn, size);
auto buf = BignumPointer::EncodePadded(bn, size);
CHECK_EQ(buf.size(), static_cast<size_t>(size));
return StringBytes::Encode(env->isolate(),
reinterpret_cast<const char*>(buf.get()),

37
src/crypto/crypto_util.h
View File

@ -38,6 +38,7 @@
#include <vector>
namespace node {
namespace crypto {
// Currently known sizes of commonly used OpenSSL struct sizes.
// OpenSSL considers it's various structs to be opaque and the
@ -53,33 +54,6 @@ constexpr size_t kSizeOf_EVP_PKEY = 72;
constexpr size_t kSizeOf_EVP_PKEY_CTX = 80;
constexpr size_t kSizeOf_HMAC_CTX = 32;
// Define smart pointers for the most commonly used OpenSSL types:
using X509Pointer = ncrypto::X509Pointer;
using BIOPointer = ncrypto::BIOPointer;
using SSLCtxPointer = ncrypto::SSLCtxPointer;
using SSLSessionPointer = ncrypto::SSLSessionPointer;
using SSLPointer = ncrypto::SSLPointer;
using PKCS8Pointer = ncrypto::PKCS8Pointer;
using EVPKeyPointer = ncrypto::EVPKeyPointer;
using EVPKeyCtxPointer = ncrypto::EVPKeyCtxPointer;
using EVPMDCtxPointer = ncrypto::EVPMDCtxPointer;
using RSAPointer = ncrypto::RSAPointer;
using ECPointer = ncrypto::ECPointer;
using BignumPointer = ncrypto::BignumPointer;
using NetscapeSPKIPointer = ncrypto::NetscapeSPKIPointer;
using ECGroupPointer = ncrypto::ECGroupPointer;
using ECPointPointer = ncrypto::ECPointPointer;
using ECKeyPointer = ncrypto::ECKeyPointer;
using DHPointer = ncrypto::DHPointer;
using ECDSASigPointer = ncrypto::ECDSASigPointer;
using HMACCtxPointer = ncrypto::HMACCtxPointer;
using CipherCtxPointer = ncrypto::CipherCtxPointer;
using DsaPointer = ncrypto::DSAPointer;
using DsaSigPointer = ncrypto::DSASigPointer;
using ClearErrorOnReturn = ncrypto::ClearErrorOnReturn;
using MarkPopErrorOnReturn = ncrypto::MarkPopErrorOnReturn;
bool ProcessFipsOptions();
bool InitCryptoOnce(v8::Isolate* isolate);
@ -260,8 +234,8 @@ class ByteSource {
operator bool() const { return data_ != nullptr; }
BignumPointer ToBN() const {
return BignumPointer(data<unsigned char>(), size());
ncrypto::BignumPointer ToBN() const {
return ncrypto::BignumPointer(data<unsigned char>(), size());
}
// Creates a v8::BackingStore that takes over responsibility for
@ -296,7 +270,7 @@ class ByteSource {
static ByteSource FromBuffer(v8::Local<v8::Value> buffer,
bool ntc = false);
static ByteSource FromBIO(const BIOPointer& bio);
static ByteSource FromBIO(const ncrypto::BIOPointer& bio);
static ByteSource NullTerminatedCopy(Environment* env,
v8::Local<v8::Value> value);
@ -733,7 +707,8 @@ v8::Maybe<void> SetEncodedValue(Environment* env,
const BIGNUM* bn,
int size = 0);
bool SetRsaOaepLabel(const EVPKeyCtxPointer& rsa, const ByteSource& label);
bool SetRsaOaepLabel(const ncrypto::EVPKeyCtxPointer& rsa,
const ByteSource& label);
namespace Util {
void Initialize(Environment* env, v8::Local<v8::Object> target);

68
src/crypto/crypto_x509.cc
View File

@ -15,6 +15,14 @@
namespace node {
using ncrypto::BignumPointer;
using ncrypto::BIOPointer;
using ncrypto::ClearErrorOnReturn;
using ncrypto::DataPointer;
using ncrypto::SSLPointer;
using ncrypto::StackOfASN1;
using ncrypto::X509Pointer;
using ncrypto::X509View;
using v8::Array;
using v8::ArrayBuffer;
using v8::ArrayBufferView;
@ -62,7 +70,7 @@ void ManagedX509::MemoryInfo(MemoryTracker* tracker) const {
namespace {
MaybeLocal<Value> GetFingerprintDigest(Environment* env,
const EVP_MD* method,
const ncrypto::X509View& cert) {
const X509View& cert) {
auto fingerprint = cert.getFingerprint(method);
// Returning an empty string indicates that the digest failed for
// some reason.
@ -129,7 +137,7 @@ MaybeLocal<Value> ToV8Value(Local<Context> context, const ASN1_STRING* str) {
if (value_str_size < 0) {
return Undefined(context->GetIsolate());
}
ncrypto::DataPointer free_value_str(value_str, value_str_size);
DataPointer free_value_str(value_str, value_str_size);
Local<Value> result;
if (!String::NewFromUtf8(context->GetIsolate(),
@ -171,7 +179,7 @@ MaybeLocal<Value> ToBuffer(Environment* env, BIOPointer* bio) {
return ret;
}
MaybeLocal<Value> GetDer(Environment* env, const ncrypto::X509View& view) {
MaybeLocal<Value> GetDer(Environment* env, const X509View& view) {
Local<Value> ret;
auto bio = view.toDER();
if (!bio) return Undefined(env->isolate());
@ -182,7 +190,7 @@ MaybeLocal<Value> GetDer(Environment* env, const ncrypto::X509View& view) {
}
MaybeLocal<Value> GetSubjectAltNameString(Environment* env,
const ncrypto::X509View& view) {
const X509View& view) {
Local<Value> ret;
auto bio = view.getSubjectAltName();
if (!bio) return Undefined(env->isolate());
@ -190,8 +198,7 @@ MaybeLocal<Value> GetSubjectAltNameString(Environment* env,
return ret;
}
MaybeLocal<Value> GetInfoAccessString(Environment* env,
const ncrypto::X509View& view) {
MaybeLocal<Value> GetInfoAccessString(Environment* env, const X509View& view) {
Local<Value> ret;
auto bio = view.getInfoAccess();
if (!bio) return Undefined(env->isolate());
@ -201,8 +208,7 @@ MaybeLocal<Value> GetInfoAccessString(Environment* env,
return ret;
}
MaybeLocal<Value> GetValidFrom(Environment* env,
const ncrypto::X509View& view) {
MaybeLocal<Value> GetValidFrom(Environment* env, const X509View& view) {
Local<Value> ret;
auto bio = view.getValidFrom();
if (!bio) return Undefined(env->isolate());
@ -212,7 +218,7 @@ MaybeLocal<Value> GetValidFrom(Environment* env,
return ret;
}
MaybeLocal<Value> GetValidTo(Environment* env, const ncrypto::X509View& view) {
MaybeLocal<Value> GetValidTo(Environment* env, const X509View& view) {
Local<Value> ret;
auto bio = view.getValidTo();
if (!bio) return Undefined(env->isolate());
@ -222,20 +228,17 @@ MaybeLocal<Value> GetValidTo(Environment* env, const ncrypto::X509View& view) {
return ret;
}
MaybeLocal<Value> GetValidFromDate(Environment* env,
const ncrypto::X509View& view) {
MaybeLocal<Value> GetValidFromDate(Environment* env, const X509View& view) {
int64_t validFromTime = view.getValidFromTime();
return Date::New(env->context(), validFromTime * 1000.);
}
MaybeLocal<Value> GetValidToDate(Environment* env,
const ncrypto::X509View& view) {
MaybeLocal<Value> GetValidToDate(Environment* env, const X509View& view) {
int64_t validToTime = view.getValidToTime();
return Date::New(env->context(), validToTime * 1000.);
}
MaybeLocal<Value> GetSerialNumber(Environment* env,
const ncrypto::X509View& view) {
MaybeLocal<Value> GetSerialNumber(Environment* env, const X509View& view) {
if (auto serial = view.getSerialNumber()) {
return OneByteString(env->isolate(),
static_cast<unsigned char*>(serial.get()));
@ -243,8 +246,8 @@ MaybeLocal<Value> GetSerialNumber(Environment* env,
return Undefined(env->isolate());
}
MaybeLocal<Value> GetKeyUsage(Environment* env, const ncrypto::X509View& cert) {
ncrypto::StackOfASN1 eku(static_cast<STACK_OF(ASN1_OBJECT)*>(
MaybeLocal<Value> GetKeyUsage(Environment* env, const X509View& cert) {
StackOfASN1 eku(static_cast<STACK_OF(ASN1_OBJECT)*>(
X509_get_ext_d2i(cert.get(), NID_ext_key_usage, nullptr, nullptr)));
if (eku) {
const int count = sk_ASN1_OBJECT_num(eku.get());
@ -458,10 +461,10 @@ void CheckHost(const FunctionCallbackInfo<Value>& args) {
Utf8Value name(env->isolate(), args[0]);
uint32_t flags = args[1].As<Uint32>()->Value();
ncrypto::DataPointer peername;
DataPointer peername;
switch (cert->view().checkHost(name.ToStringView(), flags, &peername)) {
case ncrypto::X509View::CheckMatch::MATCH: { // Match!
case X509View::CheckMatch::MATCH: { // Match!
Local<Value> ret = args[0];
if (peername) {
ret = OneByteString(env->isolate(),
@ -470,9 +473,9 @@ void CheckHost(const FunctionCallbackInfo<Value>& args) {
}
return args.GetReturnValue().Set(ret);
}
case ncrypto::X509View::CheckMatch::NO_MATCH: // No Match!
case X509View::CheckMatch::NO_MATCH: // No Match!
return; // No return value is set
case ncrypto::X509View::CheckMatch::INVALID_NAME: // Error!
case X509View::CheckMatch::INVALID_NAME: // Error!
return THROW_ERR_INVALID_ARG_VALUE(env, "Invalid name");
default: // Error!
return THROW_ERR_CRYPTO_OPERATION_FAILED(env);
@ -491,11 +494,11 @@ void CheckEmail(const FunctionCallbackInfo<Value>& args) {
uint32_t flags = args[1].As<Uint32>()->Value();
switch (cert->view().checkEmail(name.ToStringView(), flags)) {
case ncrypto::X509View::CheckMatch::MATCH: // Match!
case X509View::CheckMatch::MATCH: // Match!
return args.GetReturnValue().Set(args[0]);
case ncrypto::X509View::CheckMatch::NO_MATCH: // No Match!
case X509View::CheckMatch::NO_MATCH: // No Match!
return; // No return value is set
case ncrypto::X509View::CheckMatch::INVALID_NAME: // Error!
case X509View::CheckMatch::INVALID_NAME: // Error!
return THROW_ERR_INVALID_ARG_VALUE(env, "Invalid name");
default: // Error!
return THROW_ERR_CRYPTO_OPERATION_FAILED(env);
@ -514,11 +517,11 @@ void CheckIP(const FunctionCallbackInfo<Value>& args) {
uint32_t flags = args[1].As<Uint32>()->Value();
switch (cert->view().checkIp(name.ToStringView(), flags)) {
case ncrypto::X509View::CheckMatch::MATCH: // Match!
case X509View::CheckMatch::MATCH: // Match!
return args.GetReturnValue().Set(args[0]);
case ncrypto::X509View::CheckMatch::NO_MATCH: // No Match!
case X509View::CheckMatch::NO_MATCH: // No Match!
return; // No return value is set
case ncrypto::X509View::CheckMatch::INVALID_NAME: // Error!
case X509View::CheckMatch::INVALID_NAME: // Error!
return THROW_ERR_INVALID_ARG_VALUE(env, "Invalid IP");
default: // Error!
return THROW_ERR_CRYPTO_OPERATION_FAILED(env);
@ -594,7 +597,7 @@ bool Set(Environment* env,
// The property value may be a single string or an array of strings.
template <X509_NAME* get_name(const X509*)>
static MaybeLocal<Value> GetX509NameObject(Environment* env,
const ncrypto::X509View& cert) {
const X509View& cert) {
X509_NAME* name = get_name(cert.get());
CHECK_NOT_NULL(name);
@ -718,8 +721,7 @@ MaybeLocal<Value> GetCurveName(Environment* env, const int nid) {
: MaybeLocal<Value>(Undefined(env->isolate()));
}
MaybeLocal<Object> X509ToObject(Environment* env,
const ncrypto::X509View& cert) {
MaybeLocal<Object> X509ToObject(Environment* env, const X509View& cert) {
EscapableHandleScope scope(env->isolate());
Local<Object> info = Object::New(env->isolate());
@ -906,7 +908,7 @@ MaybeLocal<Object> X509Certificate::New(Environment* env,
MaybeLocal<Object> X509Certificate::GetCert(Environment* env,
const SSLPointer& ssl) {
auto cert = ncrypto::X509View::From(ssl);
auto cert = X509View::From(ssl);
if (!cert) return {};
return New(env, cert.clone());
}
@ -940,8 +942,8 @@ v8::MaybeLocal<v8::Value> X509Certificate::toObject(Environment* env) {
return toObject(env, view());
}
v8::MaybeLocal<v8::Value> X509Certificate::toObject(
Environment* env, const ncrypto::X509View& cert) {
v8::MaybeLocal<v8::Value> X509Certificate::toObject(Environment* env,
const X509View& cert) {
if (!cert) return {};
return X509ToObject(env, cert).FromMaybe(Local<Value>());
}

27
src/crypto/crypto_x509.h
View File

@ -21,7 +21,7 @@ namespace crypto {
class ManagedX509 final : public MemoryRetainer {
public:
ManagedX509() = default;
explicit ManagedX509(X509Pointer&& cert);
explicit ManagedX509(ncrypto::X509Pointer&& cert);
ManagedX509(const ManagedX509& that);
ManagedX509& operator=(const ManagedX509& that);
@ -35,7 +35,7 @@ class ManagedX509 final : public MemoryRetainer {
SET_SELF_SIZE(ManagedX509)
private:
X509Pointer cert_;
ncrypto::X509Pointer cert_;
};
class X509Certificate final : public BaseObject {
@ -53,27 +53,24 @@ class X509Certificate final : public BaseObject {
static v8::MaybeLocal<v8::Object> New(
Environment* env,
X509Pointer cert,
STACK_OF(X509)* issuer_chain = nullptr);
ncrypto::X509Pointer cert,
STACK_OF(X509) * issuer_chain = nullptr);
static v8::MaybeLocal<v8::Object> New(
Environment* env,
std::shared_ptr<ManagedX509> cert,
STACK_OF(X509)* issuer_chain = nullptr);
static v8::MaybeLocal<v8::Object> GetCert(
Environment* env,
const SSLPointer& ssl);
static v8::MaybeLocal<v8::Object> GetCert(Environment* env,
const ncrypto::SSLPointer& ssl);
static v8::MaybeLocal<v8::Object> GetPeerCert(
Environment* env,
const SSLPointer& ssl,
GetPeerCertificateFlag flag);
static v8::MaybeLocal<v8::Object> GetPeerCert(Environment* env,
const ncrypto::SSLPointer& ssl,
GetPeerCertificateFlag flag);
static v8::Local<v8::Object> Wrap(
Environment* env,
v8::Local<v8::Object> object,
X509Pointer cert);
static v8::Local<v8::Object> Wrap(Environment* env,
v8::Local<v8::Object> object,
ncrypto::X509Pointer cert);
inline BaseObjectPtr<X509Certificate> getIssuerCert() const {
return issuer_cert_;

65
src/quic/tlscontext.cc
View File

@ -20,6 +20,13 @@
namespace node {
using ncrypto::BIOPointer;
using ncrypto::ClearErrorOnReturn;
using ncrypto::MarkPopErrorOnReturn;
using ncrypto::SSLCtxPointer;
using ncrypto::SSLPointer;
using ncrypto::SSLSessionPointer;
using ncrypto::X509Pointer;
using v8::ArrayBuffer;
using v8::Just;
using v8::Local;
@ -43,7 +50,7 @@ namespace {
// return 0;
// }();
void EnableTrace(Environment* env, crypto::BIOPointer* bio, SSL* ssl) {
void EnableTrace(Environment* env, BIOPointer* bio, SSL* ssl) {
#if HAVE_SSL_TRACE
static bool warn_trace_tls = true;
if (warn_trace_tls) {
@ -63,7 +70,7 @@ void EnableTrace(Environment* env, crypto::BIOPointer* bio, SSL* ssl) {
size_t len,
SSL* ssl,
void* arg) -> void {
crypto::MarkPopErrorOnReturn mark_pop_error_on_return;
MarkPopErrorOnReturn mark_pop_error_on_return;
SSL_trace(write_p, version, content_type, buf, len, ssl, arg);
});
SSL_set_msg_callback_arg(ssl, bio->get());
@ -240,12 +247,12 @@ std::unique_ptr<TLSSession> TLSContext::NewSession(
session, shared_from_this(), maybeSessionTicket);
}
crypto::SSLCtxPointer TLSContext::Initialize() {
crypto::SSLCtxPointer ctx;
SSLCtxPointer TLSContext::Initialize() {
SSLCtxPointer ctx;
switch (side_) {
case Side::SERVER: {
static constexpr unsigned char kSidCtx[] = "Node.js QUIC Server";
ctx = crypto::SSLCtxPointer::NewServer();
ctx = SSLCtxPointer::NewServer();
CHECK_EQ(ngtcp2_crypto_quictls_configure_server_context(ctx.get()), 0);
CHECK_EQ(SSL_CTX_set_max_early_data(ctx.get(), UINT32_MAX), 1);
SSL_CTX_set_options(ctx.get(),
@ -276,7 +283,7 @@ crypto::SSLCtxPointer TLSContext::Initialize() {
break;
}
case Side::CLIENT: {
ctx = crypto::SSLCtxPointer::NewClient();
ctx = SSLCtxPointer::NewClient();
CHECK_EQ(ngtcp2_crypto_quictls_configure_client_context(ctx.get()), 0);
SSL_CTX_set_session_cache_mode(
@ -291,16 +298,16 @@ crypto::SSLCtxPointer TLSContext::Initialize() {
if (SSL_CTX_set_ciphersuites(ctx.get(), options_.ciphers.c_str()) != 1) {
validation_error_ = "Invalid cipher suite";
return crypto::SSLCtxPointer();
return SSLCtxPointer();
}
if (SSL_CTX_set1_groups_list(ctx.get(), options_.groups.c_str()) != 1) {
validation_error_ = "Invalid cipher groups";
return crypto::SSLCtxPointer();
return SSLCtxPointer();
}
{
crypto::ClearErrorOnReturn clear_error_on_return;
ClearErrorOnReturn clear_error_on_return;
if (options_.ca.empty()) {
auto store = crypto::GetOrCreateRootCertStore();
X509_STORE_up_ref(store);
@ -313,14 +320,12 @@ crypto::SSLCtxPointer TLSContext::Initialize() {
X509_STORE_up_ref(store);
SSL_CTX_set_cert_store(ctx.get(), store);
} else {
crypto::BIOPointer bio = crypto::NodeBIO::NewFixed(buf.base, buf.len);
BIOPointer bio = crypto::NodeBIO::NewFixed(buf.base, buf.len);
CHECK(bio);
X509_STORE* cert_store = SSL_CTX_get_cert_store(ctx.get());
while (crypto::X509Pointer x509 = crypto::X509Pointer(
PEM_read_bio_X509_AUX(bio.get(),
nullptr,
crypto::NoPasswordCallback,
nullptr))) {
while (
auto x509 = X509Pointer(PEM_read_bio_X509_AUX(
bio.get(), nullptr, crypto::NoPasswordCallback, nullptr))) {
if (cert_store == crypto::GetOrCreateRootCertStore()) {
cert_store = crypto::NewRootCertStore();
SSL_CTX_set_cert_store(ctx.get(), cert_store);
@ -334,48 +339,48 @@ crypto::SSLCtxPointer TLSContext::Initialize() {
}
{
crypto::ClearErrorOnReturn clear_error_on_return;
ClearErrorOnReturn clear_error_on_return;
for (const auto& cert : options_.certs) {
uv_buf_t buf = cert;
if (buf.len > 0) {
crypto::BIOPointer bio = crypto::NodeBIO::NewFixed(buf.base, buf.len);
BIOPointer bio = crypto::NodeBIO::NewFixed(buf.base, buf.len);
CHECK(bio);
cert_.reset();
issuer_.reset();
if (crypto::SSL_CTX_use_certificate_chain(
ctx.get(), std::move(bio), &cert_, &issuer_) == 0) {
validation_error_ = "Invalid certificate";
return crypto::SSLCtxPointer();
return SSLCtxPointer();
}
}
}
}
{
crypto::ClearErrorOnReturn clear_error_on_return;
ClearErrorOnReturn clear_error_on_return;
for (const auto& key : options_.keys) {
if (key.GetKeyType() != crypto::KeyType::kKeyTypePrivate) {
validation_error_ = "Invalid key";
return crypto::SSLCtxPointer();
return SSLCtxPointer();
}
if (!SSL_CTX_use_PrivateKey(ctx.get(), key.GetAsymmetricKey().get())) {
validation_error_ = "Invalid key";
return crypto::SSLCtxPointer();
return SSLCtxPointer();
}
}
}
{
crypto::ClearErrorOnReturn clear_error_on_return;
ClearErrorOnReturn clear_error_on_return;
for (const auto& crl : options_.crl) {
uv_buf_t buf = crl;
crypto::BIOPointer bio = crypto::NodeBIO::NewFixed(buf.base, buf.len);
BIOPointer bio = crypto::NodeBIO::NewFixed(buf.base, buf.len);
DeleteFnPtr<X509_CRL, X509_CRL_free> crlptr(PEM_read_bio_X509_CRL(
bio.get(), nullptr, crypto::NoPasswordCallback, nullptr));
if (!crlptr) {
validation_error_ = "Invalid CRL";
return crypto::SSLCtxPointer();
return SSLCtxPointer();
}
X509_STORE* cert_store = SSL_CTX_get_cert_store(ctx.get());
@ -393,11 +398,11 @@ crypto::SSLCtxPointer TLSContext::Initialize() {
}
{
crypto::ClearErrorOnReturn clear_error_on_return;
ClearErrorOnReturn clear_error_on_return;
if (options_.verify_private_key &&
SSL_CTX_check_private_key(ctx.get()) != 1) {
validation_error_ = "Invalid private key";
return crypto::SSLCtxPointer();
return SSLCtxPointer();
}
}
@ -514,11 +519,11 @@ bool TLSSession::early_data_was_accepted() const {
return SSL_get_early_data_status(*this) == SSL_EARLY_DATA_ACCEPTED;
}
crypto::SSLPointer TLSSession::Initialize(
SSLPointer TLSSession::Initialize(
const std::optional<SessionTicket>& maybeSessionTicket) {
auto& ctx = context();
auto& options = ctx.options();
crypto::SSLPointer ssl(SSL_new(ctx));
SSLPointer ssl(SSL_new(ctx));
SSL_set_app_data(ssl.get(), &ref_);
ngtcp2_conn_set_tls_native_handle(*session_, ssl.get());
@ -541,7 +546,7 @@ crypto::SSLPointer TLSSession::Initialize(
reinterpret_cast<const unsigned char*>(options.protocol.data()),
options.protocol.size()) != 0) {
validation_error_ = "Invalid ALPN";
return crypto::SSLPointer();
return SSLPointer();
}
if (!options.servername.empty()) {
@ -553,7 +558,7 @@ crypto::SSLPointer TLSSession::Initialize(
if (maybeSessionTicket.has_value()) {
auto sessionTicket = maybeSessionTicket.value();
uv_buf_t buf = sessionTicket.ticket();
crypto::SSLSessionPointer ticket = crypto::GetTLSSession(
SSLSessionPointer ticket = crypto::GetTLSSession(
reinterpret_cast<unsigned char*>(buf.base), buf.len);
// The early data will just be ignored if it's invalid.

15
src/quic/tlscontext.h
View File

@ -7,6 +7,7 @@
#include <crypto/crypto_context.h>
#include <crypto/crypto_keys.h>
#include <memory_tracker.h>
#include <ncrypto.h>
#include <ngtcp2/ngtcp2_crypto.h>
#include "bindingdata.h"
#include "data.h"
@ -84,7 +85,7 @@ class TLSSession final : public MemoryRetainer {
private:
operator SSL*() const;
crypto::SSLPointer Initialize(
ncrypto::SSLPointer Initialize(
const std::optional<SessionTicket>& maybeSessionTicket);
static ngtcp2_conn* connection(ngtcp2_crypto_conn_ref* ref);
@ -92,8 +93,8 @@ class TLSSession final : public MemoryRetainer {
ngtcp2_crypto_conn_ref ref_;
std::shared_ptr<TLSContext> context_;
Session* session_;
crypto::SSLPointer ssl_;
crypto::BIOPointer bio_trace_;
ncrypto::SSLPointer ssl_;
ncrypto::BIOPointer bio_trace_;
std::string validation_error_ = "";
bool in_key_update_ = false;
};
@ -198,7 +199,7 @@ class TLSContext final : public MemoryRetainer,
SET_SELF_SIZE(TLSContext)
private:
crypto::SSLCtxPointer Initialize();
ncrypto::SSLCtxPointer Initialize();
operator SSL_CTX*() const;
static void OnKeylog(const SSL* ssl, const char* line);
@ -213,9 +214,9 @@ class TLSContext final : public MemoryRetainer,
Side side_;
Options options_;
crypto::X509Pointer cert_;
crypto::X509Pointer issuer_;
crypto::SSLCtxPointer ctx_;
ncrypto::X509Pointer cert_;
ncrypto::X509Pointer issuer_;
ncrypto::SSLCtxPointer ctx_;
std::string validation_error_ = "";
friend class TLSSession;

3
test/cctest/test_node_crypto_env.cc
View File

@ -3,6 +3,7 @@
#include "node_options.h"
#include "node_test_fixture.h"
#include "openssl/err.h"
#include <ncrypto.h>
using v8::Local;
using v8::String;
@ -21,7 +22,7 @@ TEST_F(NodeCryptoEnv, LoadBIO) {
Env env{handle_scope, argv};
// just put a random string into BIO
Local<String> key = String::NewFromUtf8(isolate_, "abcdef").ToLocalChecked();
node::crypto::BIOPointer bio(node::crypto::LoadBIO(*env, key));
ncrypto::BIOPointer bio(node::crypto::LoadBIO(*env, key));
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
const int ofs = 2;
ASSERT_EQ(BIO_seek(bio.get(), ofs), ofs);