Tobias Nießen 499533f72a crypto: fix handling of malicious getters (scrypt) ... It is possible to bypass parameter validation in crypto.scrypt and crypto.scryptSync by crafting option objects with malicious getters as demonstrated in the regression test. After bypassing validation, any value can be passed to the C++ layer, causing an assertion to crash the process. Fixes: https://github.com/nodejs/node/issues/28836 PR-URL: https://github.com/nodejs/node/pull/28838 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>		2019-07-26 10:19:28 -07:00
..
certificate.js	lib: consolidate arrayBufferView validation	2019-03-27 17:05:19 +01:00
cipher.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
diffiehellman.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
hash.js	crypto: add outputLength option to crypto.createHash	2019-07-25 23:00:41 -07:00
keygen.js	crypto: move _impl call out of handleError funct	2019-06-24 05:36:59 +02:00
keys.js	crypto: fix KeyObject handle type error message	2019-05-30 15:37:02 +02:00
pbkdf2.js	crypto: move _pbkdf2 call out of handleError funct	2019-06-24 05:36:55 +02:00
random.js	crypto: move _randomBytes call out of handleError funct	2019-06-24 05:36:51 +02:00
scrypt.js	crypto: fix handling of malicious getters (scrypt)	2019-07-26 10:19:28 -07:00
sig.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
util.js	crypto: remove legacy native handles	2019-04-04 16:45:41 +02:00