lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17347 Commits
131 Branches
446 Tags
325 MiB
Tree: 94a120cf65
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '94a120cf65'
${ noResults }
node/test/parallel/test-crypto.js

231 lines
7.8 KiB
Raw Normal View History

meta: restore original copyright header A prior io.js era commit inappropriately removed the original copyright statements from the source. This restores those in any files still remaining from that edit. Ref: https://github.com/nodejs/TSC/issues/174 Ref: https://github.com/nodejs/node/pull/10599 PR-URL: https://github.com/nodejs/node/pull/10155 Note: This PR was required, reviewed-by and approved by the Node.js Foundation Legal Committee and the TSC. There is no `Approved-By:` meta data.
8 years ago
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
10 years ago
'use strict';
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const common = require('../common');
Additional OpenSSL tests
15 years ago
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
10 years ago
if (!common.hasCrypto) {
test: abstract skip functionality to common The tap skipping output is so prevalent yet obscure in nature that we ought to move it into it's own function in test/common.js PR-URL: https://github.com/nodejs/node/pull/6697 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
9 years ago
common.skip('missing crypto');
test: changing process.exit to return while skipping tests This patch uses `return` statement to skip the test instead of using `process.exit` call. PR-URL: https://github.com/nodejs/io.js/pull/2109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
9 years ago
return;
fix whitespace errors
15 years ago
}
Additional OpenSSL tests
15 years ago
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const assert = require('assert');
const crypto = require('crypto');
const fs = require('fs');
const tls = require('tls');
crypto: Add crypto.DEFAULT_ENCODING (defaults to 'buffer') This is a flag to make it easier for users to upgrade through the breaking crypto change, and easier for us to switch it back if it's a problem. Explicitly set default encoding to 'buffer' in other tests, in case it ever changes back.
12 years ago
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
crypto.DEFAULT_ENCODING = 'buffer';
Coding style changes, added tests in for the md5, sha256, etc methods
15 years ago
// Test Certificates
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const caPem = fs.readFileSync(common.fixturesDir + '/test_ca.pem', 'ascii');
const certPem = fs.readFileSync(common.fixturesDir + '/test_cert.pem', 'ascii');
const certPfx = fs.readFileSync(common.fixturesDir + '/test_cert.pfx');
const keyPem = fs.readFileSync(common.fixturesDir + '/test_key.pem', 'ascii');
Additional OpenSSL tests
15 years ago
node: add signature to SET_PROTOTYPE_METHOD This prevents segfaults when a native method is reassigned to a different object (which corrupts args.This()). When unwrapping, clients should use args.Holder() instead of args.This(). Closes #6690. Signed-off-by: Trevor Norris <trev.norris@gmail.com>
11 years ago
// 'this' safety
// https://github.com/joyent/node/issues/6690
assert.throws(function() {
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const options = {key: keyPem, cert: certPem, ca: caPem};
const credentials = tls.createSecureContext(options);
const context = credentials.context;
const notcontext = { setOptions: context.setOptions, setKey: context.setKey };
tls.createSecureContext({ secureOptions: 1 }, notcontext);
}, /^TypeError: Illegal invocation$/);
node: add signature to SET_PROTOTYPE_METHOD This prevents segfaults when a native method is reassigned to a different object (which corrupts args.This()). When unwrapping, clients should use args.Holder() instead of args.This(). Closes #6690. Signed-off-by: Trevor Norris <trev.norris@gmail.com>
11 years ago
crypto: add PKCS12/PFX support Fixes #2845.
13 years ago
// PFX tests
assert.doesNotThrow(function() {
tools: lint for object literal spacing There has been occasional nits for spacing in object literals in PRs but the project does not lint for it and it is not always handled consistently in the existing code, even on adjacent lines of a file. This change enables a linting rule requiring no space between the key and the colon, and requiring at least one space (but allowing for more so property values can be lined up if desired) between the colon and the value. This appears to be the most common style used in the current code base. Example code the complies with lint rule: myObj = { foo: 'bar' }; Examples that do not comply with the lint rule: myObj = { foo : 'bar' }; myObj = { foo:'bar' }; PR-URL: https://github.com/nodejs/node/pull/6592 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net>
9 years ago
tls.createSecureContext({pfx: certPfx, passphrase: 'sample'});
crypto: add PKCS12/PFX support Fixes #2845.
13 years ago
});
assert.throws(function() {
tools: lint for object literal spacing There has been occasional nits for spacing in object literals in PRs but the project does not lint for it and it is not always handled consistently in the existing code, even on adjacent lines of a file. This change enables a linting rule requiring no space between the key and the colon, and requiring at least one space (but allowing for more so property values can be lined up if desired) between the colon and the value. This appears to be the most common style used in the current code base. Example code the complies with lint rule: myObj = { foo: 'bar' }; Examples that do not comply with the lint rule: myObj = { foo : 'bar' }; myObj = { foo:'bar' }; PR-URL: https://github.com/nodejs/node/pull/6592 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net>
9 years ago
tls.createSecureContext({pfx: certPfx});
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /^Error: mac verify failure$/);
crypto: add PKCS12/PFX support Fixes #2845.
13 years ago
assert.throws(function() {
tools: lint for object literal spacing There has been occasional nits for spacing in object literals in PRs but the project does not lint for it and it is not always handled consistently in the existing code, even on adjacent lines of a file. This change enables a linting rule requiring no space between the key and the colon, and requiring at least one space (but allowing for more so property values can be lined up if desired) between the colon and the value. This appears to be the most common style used in the current code base. Example code the complies with lint rule: myObj = { foo: 'bar' }; Examples that do not comply with the lint rule: myObj = { foo : 'bar' }; myObj = { foo:'bar' }; PR-URL: https://github.com/nodejs/node/pull/6592 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net>
9 years ago
tls.createSecureContext({pfx: certPfx, passphrase: 'test'});
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /^Error: mac verify failure$/);
GJSLint all simple tests exclude http-*, url, path
14 years ago
crypto: add PKCS12/PFX support Fixes #2845.
13 years ago
assert.throws(function() {
tools: lint for object literal spacing There has been occasional nits for spacing in object literals in PRs but the project does not lint for it and it is not always handled consistently in the existing code, even on adjacent lines of a file. This change enables a linting rule requiring no space between the key and the colon, and requiring at least one space (but allowing for more so property values can be lined up if desired) between the colon and the value. This appears to be the most common style used in the current code base. Example code the complies with lint rule: myObj = { foo: 'bar' }; Examples that do not comply with the lint rule: myObj = { foo : 'bar' }; myObj = { foo:'bar' }; PR-URL: https://github.com/nodejs/node/pull/6592 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net>
9 years ago
tls.createSecureContext({pfx: 'sample', passphrase: 'test'});
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /^Error: not enough data$/);
crypto: add PKCS12/PFX support Fixes #2845.
13 years ago
Additional OpenSSL tests
15 years ago
Crypto update should only accept strings / buffers I have seen a lot of people trying to pass objects to crypto's update functions, assuming that it would somehow serialize the object before hashing. In reality, the object was converted to '[object Object]' which was then hashed, without any error message showing. This patch modifies the DecodeBytes function (used exclusively by crypto at this point) to complain when receiving anything but a string or buffer. Overall this should be a less-suprising, more robust behavior.
14 years ago
// update() should only take buffers / strings
assert.throws(function() {
crypto.createHash('sha1').update({foo: 'bar'});
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /^TypeError: Data must be a string or a buffer$/);
Add Diffie-Hellman support to crypto module Fixes #573
14 years ago
Support for signature verification with RSA/DSA public keys Fixes #1166.
14 years ago
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
function validateList(list) {
// The list must not be empty
assert(list.length > 0);
// The list should be sorted.
test: fix array sorting bug `a === a.sort()` is always true because Array#sort() does an in-place sort. Make a copy of the array first.
11 years ago
// Array#sort() modifies the list in place so make a copy.
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
const sorted = [...list].sort();
test,benchmark: use deepStrictEqual() In preparation for a lint rule that will enforce assert.deepStrictEqual() over assert.deepEqual(), change tests and benchmarks accordingly. For tests and benchmarks that are testing or benchmarking assert.deepEqual() itself, apply a comment to ignore the upcoming rule. PR-URL: https://github.com/nodejs/node/pull/6213 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
9 years ago
assert.deepStrictEqual(list, sorted);
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
// Each element should be unique.
assert.strictEqual([...new Set(list)].length, list.length);
// Each element should be a string.
assert(list.every((value) => typeof value === 'string'));
crypto: sort return value of getCiphers/getHashes
12 years ago
}
crypto: make getCiphers() return non-SSL ciphers Commit f53441a added crypto.getCiphers() as a function that returns the names of SSL ciphers. Commit 14a6c4e then added crypto.getHashes(), which returns the names of digest algorithms, but that creates a subtle inconsistency: the return values of crypto.getHashes() are valid arguments to crypto.createHash() but that is not true for crypto.getCiphers() - the returned values are only valid for SSL/TLS functions. Rectify that by adding tls.getCiphers() and making crypto.getCiphers() return proper cipher names.
12 years ago
// Assume that we have at least AES-128-CBC.
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
const cryptoCiphers = crypto.getCiphers();
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
assert(crypto.getCiphers().includes('aes-128-cbc'));
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
validateList(cryptoCiphers);
crypto: add crypto.getHashes()
12 years ago
crypto: make getCiphers() return non-SSL ciphers Commit f53441a added crypto.getCiphers() as a function that returns the names of SSL ciphers. Commit 14a6c4e then added crypto.getHashes(), which returns the names of digest algorithms, but that creates a subtle inconsistency: the return values of crypto.getHashes() are valid arguments to crypto.createHash() but that is not true for crypto.getCiphers() - the returned values are only valid for SSL/TLS functions. Rectify that by adding tls.getCiphers() and making crypto.getCiphers() return proper cipher names.
12 years ago
// Assume that we have at least AES256-SHA.
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
const tlsCiphers = tls.getCiphers();
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
assert(tls.getCiphers().includes('aes256-sha'));
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
// There should be no capital letters in any element.
assert(tlsCiphers.every((value) => /^[^A-Z]+$/.test(value)));
validateList(tlsCiphers);
crypto: make getCiphers() return non-SSL ciphers Commit f53441a added crypto.getCiphers() as a function that returns the names of SSL ciphers. Commit 14a6c4e then added crypto.getHashes(), which returns the names of digest algorithms, but that creates a subtle inconsistency: the return values of crypto.getHashes() are valid arguments to crypto.createHash() but that is not true for crypto.getCiphers() - the returned values are only valid for SSL/TLS functions. Rectify that by adding tls.getCiphers() and making crypto.getCiphers() return proper cipher names.
12 years ago
crypto: add crypto.getHashes()
12 years ago
// Assert that we have sha and sha1 but not SHA and SHA1.
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
assert.notStrictEqual(0, crypto.getHashes().length);
assert(crypto.getHashes().includes('sha1'));
assert(crypto.getHashes().includes('sha'));
assert(!crypto.getHashes().includes('SHA1'));
assert(!crypto.getHashes().includes('SHA'));
assert(crypto.getHashes().includes('RSA-SHA1'));
assert(!crypto.getHashes().includes('rsa-sha1'));
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
validateList(crypto.getHashes());
crypto: improve cipher/decipher error messages Throw the OpenSSL error string instead of the rather less informative error message "fail".
12 years ago
crypto: add getCurves() to get supported ECs PR-URL: https://github.com/nodejs/io.js/pull/1914 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
10 years ago
// Assume that we have at least secp384r1.
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
assert.notStrictEqual(0, crypto.getCurves().length);
assert(crypto.getCurves().includes('secp384r1'));
assert(!crypto.getCurves().includes('SECP384R1'));
test: increase test-crypto.js strictness Confirm that `getCiphers()` contains no duplicates. PR-URL: https://github.com/nodejs/node/pull/10784 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
8 years ago
validateList(crypto.getCurves());
crypto: add getCurves() to get supported ECs PR-URL: https://github.com/nodejs/io.js/pull/1914 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
10 years ago
crypto,tls: fix mutability of return values If you alter the array returned by `tls.getCiphers()`, `crypto.getCiphers()`, `crypto.getHashes()`, or `crypto.getCurves()`, it will alter subsequent return values from those functions. ```js 'use strict'; const crypto = require('crypto'); var hashes = crypto.getHashes(); hashes.splice(0, hashes.length); hashes.push('some-arbitrary-value'); console.log(crypto.getHashes()); // "['some-arbitrary-value']" ``` This is surprising. Change functions to return copy of array instead. PR-URL: https://github.com/nodejs/node/pull/10795 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
8 years ago
// Modifying return value from get* functions should not mutate subsequent
// return values.
function testImmutability(fn) {
const list = fn();
const copy = [...list];
list.push('some-arbitrary-value');
assert.deepStrictEqual(fn(), copy);
}
testImmutability(crypto.getCiphers);
testImmutability(tls.getCiphers);
testImmutability(crypto.getHashes);
testImmutability(crypto.getCurves);
crypto: fix assert() on malformed hex input Use the StringBytes::IsValidString() function introduced in commit dce26cc to ensure that the input string meets the expectations of the other StringBytes functions before processing it further. Fixes the following assertion: Assertion failed: (str->Length() % 2 == 0 && "invalid hex string length"), function StorageSize, file ../../src/string_bytes.cc, line 301. Fixes #5725.
11 years ago
// Regression tests for #5725: hex input that's not a power of two should
// throw, not assert in C++ land.
assert.throws(function() {
crypto.createCipher('aes192', 'test').update('0', 'hex');
crypto: disable crypto.createCipher in FIPS mode FIPS 140-2 disallows use of MD5, which is used to derive the initialization vector and key for createCipher(). Modify all tests to expect exceptions in FIPS mode when disallowed API is used, or to avoid testing such API in FIPS Mode. PR-URL: https://github.com/nodejs/node/pull/3754 Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> Reviewed-By: James M Snell <jasnell@gmail.com>
9 years ago
}, common.hasFipsCrypto ? /not supported in FIPS mode/ : /Bad input string/);
crypto: fix assert() on malformed hex input Use the StringBytes::IsValidString() function introduced in commit dce26cc to ensure that the input string meets the expectations of the other StringBytes functions before processing it further. Fixes the following assertion: Assertion failed: (str->Length() % 2 == 0 && "invalid hex string length"), function StorageSize, file ../../src/string_bytes.cc, line 301. Fixes #5725.
11 years ago
assert.throws(function() {
crypto.createDecipher('aes192', 'test').update('0', 'hex');
crypto: disable crypto.createCipher in FIPS mode FIPS 140-2 disallows use of MD5, which is used to derive the initialization vector and key for createCipher(). Modify all tests to expect exceptions in FIPS mode when disallowed API is used, or to avoid testing such API in FIPS Mode. PR-URL: https://github.com/nodejs/node/pull/3754 Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> Reviewed-By: James M Snell <jasnell@gmail.com>
9 years ago
}, common.hasFipsCrypto ? /not supported in FIPS mode/ : /Bad input string/);
crypto: fix assert() on malformed hex input Use the StringBytes::IsValidString() function introduced in commit dce26cc to ensure that the input string meets the expectations of the other StringBytes functions before processing it further. Fixes the following assertion: Assertion failed: (str->Length() % 2 == 0 && "invalid hex string length"), function StorageSize, file ../../src/string_bytes.cc, line 301. Fixes #5725.
11 years ago
assert.throws(function() {
crypto.createHash('sha1').update('0', 'hex');
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /^TypeError: Bad input string$/);
crypto: fix assert() on malformed hex input Use the StringBytes::IsValidString() function introduced in commit dce26cc to ensure that the input string meets the expectations of the other StringBytes functions before processing it further. Fixes the following assertion: Assertion failed: (str->Length() % 2 == 0 && "invalid hex string length"), function StorageSize, file ../../src/string_bytes.cc, line 301. Fixes #5725.
11 years ago
assert.throws(function() {
crypto.createSign('RSA-SHA1').update('0', 'hex');
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /^TypeError: Bad input string$/);
crypto: fix assert() on malformed hex input Use the StringBytes::IsValidString() function introduced in commit dce26cc to ensure that the input string meets the expectations of the other StringBytes functions before processing it further. Fixes the following assertion: Assertion failed: (str->Length() % 2 == 0 && "invalid hex string length"), function StorageSize, file ../../src/string_bytes.cc, line 301. Fixes #5725.
11 years ago
assert.throws(function() {
crypto.createVerify('RSA-SHA1').update('0', 'hex');
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /^TypeError: Bad input string$/);
crypto: convert RandomBytesRequest to a class Since RandomBytesRequest makes a call to MakeCallback, needed it to be a class so AsyncWrap could handle any async listeners. Also added a simple test for an issue had during implementation where the memory was being released and returned.
11 years ago
crypto: throw on SignFinal failure fix #6963
11 years ago
assert.throws(function() {
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const priv = [
crypto: throw on SignFinal failure fix #6963
11 years ago
'-----BEGIN RSA PRIVATE KEY-----',
'MIGrAgEAAiEA+3z+1QNF2/unumadiwEr+C5vfhezsb3hp4jAnCNRpPcCAwEAAQIgQNriSQK4',
'EFwczDhMZp2dvbcz7OUUyt36z3S4usFPHSECEQD/41K7SujrstBfoCPzwC1xAhEA+5kt4BJy',
'eKN7LggbF3Dk5wIQN6SL+fQ5H/+7NgARsVBp0QIRANxYRukavs4QvuyNhMx+vrkCEQCbf6j/',
'Ig6/HueCK/0Jkmp+',
'-----END RSA PRIVATE KEY-----',
''
].join('\n');
test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
10 years ago
crypto.createSign('RSA-SHA256').update('test').sign(priv);
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /digest too big for rsa key$/);
Merge remote-tracking branch 'upstream/v0.10' Conflicts: src/node_crypto.cc test/simple/test-crypto.js
11 years ago
crypto: check for OpenSSL errors when signing Errors might be injected into OpenSSL's error stack without the return value of `PEM_read_bio_PrivateKey` being set to `nullptr`. See the test of `test_bad_rsa_privkey.pem` for an example. PR-URL: https://github.com/nodejs/node/pull/2342 Reviewed-By: Fedor Indutny <fedor@indutny.com>
9 years ago
assert.throws(function() {
// The correct header inside `test_bad_rsa_privkey.pem` should have been
// -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----
// instead of
// -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----
// It is generated in this way:
// $ openssl genrsa -out mykey.pem 512;
// $ openssl pkcs8 -topk8 -inform PEM -outform PEM -in mykey.pem \
// -out private_key.pem -nocrypt;
// Then open private_key.pem and change its header and footer.
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
const sha1_privateKey = fs.readFileSync(common.fixturesDir +
crypto: check for OpenSSL errors when signing Errors might be injected into OpenSSL's error stack without the return value of `PEM_read_bio_PrivateKey` being set to `nullptr`. See the test of `test_bad_rsa_privkey.pem` for an example. PR-URL: https://github.com/nodejs/node/pull/2342 Reviewed-By: Fedor Indutny <fedor@indutny.com>
9 years ago
'/test_bad_rsa_privkey.pem', 'ascii');
// this would inject errors onto OpenSSL's error stack
crypto.createSign('sha1').sign(sha1_privateKey);
}, /asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag/);
crypto: convert RandomBytesRequest to a class Since RandomBytesRequest makes a call to MakeCallback, needed it to be a class so AsyncWrap could handle any async listeners. Also added a simple test for an issue had during implementation where the memory was being released and returned.
11 years ago
// Make sure memory isn't released before being returned
console.log(crypto.randomBytes(16));
crypto: fix handling of root_cert_store. SecureContext::AddRootCerts only parses the root certificates once and keeps the result in root_cert_store, a global X509_STORE. This change addresses the following issues: 1. SecureContext::AddCACert would add certificates to whatever X509_STORE was being used, even if that happened to be root_cert_store. Thus adding a CA certificate to a SecureContext would also cause it to be included in unrelated SecureContexts. 2. AddCRL would crash if neither AddRootCerts nor AddCACert had been called first. 3. Calling AddCACert without calling AddRootCerts first, and with an input that didn't contain any certificates, would leak an X509_STORE. 4. AddCRL would add the CRL to whatever X509_STORE was being used. Thus, like AddCACert, unrelated SecureContext objects could be affected. The following, non-obvious behaviour remains: calling AddRootCerts doesn't /add/ them, rather it sets the CA certs to be the root set and overrides any previous CA certificates. Points 1–3 are probably unimportant because the SecureContext is typically configured by `createSecureContext` in `lib/_tls_common.js`. This function either calls AddCACert or AddRootCerts and only calls AddCRL after setting up CA certificates. Point four could still apply in the unlikely case that someone configures a CRL without explicitly configuring the CAs. PR-URL: https://github.com/nodejs/node/pull/9409 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
8 years ago
assert.throws(function() {
tls.createSecureContext({ crl: 'not a CRL' });
test: refactor and fix test-crypto * var -> const. * Group and sort imports. * Replace use of the deprecated crypto.createCredentials. * Fix incorrect use of string instead of RegExp in `throws` assertions. * Clone array with `.slice()` and remove dependency on util. * assert.notEqual -> assert.notStrictEqual. * indexOf -> includes. PR-URL: https://github.com/nodejs/node/pull/9807 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago
}, /^Error: Failed to parse CRL$/);
crypto: fix default encoding of LazyTransform PullRequest #5522 and #5500 described the change of the default encoding into UTF8 in crypto functions. This however was only changed for the non-streaming API. The streaming API still used binary as the default encoding. This commit will change the default streaming API encoding to UTF8 to make both APIs behave the same. It will also add tests to validate the behavior. Refs: https://github.com/nodejs/node/pull/5522 Refs: https://github.com/nodejs/node/pull/5500 PR-URL: https://github.com/nodejs/node/pull/8611 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
8 years ago
/**
* Check if the stream function uses utf8 as a default encoding.
**/
function testEncoding(options, assertionHash) {
const hash = crypto.createHash('sha256', options);
let hashValue = '';
hash.on('data', (data) => {
hashValue += data.toString('hex');
});
hash.on('end', common.mustCall(() => {
assert.strictEqual(hashValue, assertionHash);
}));
hash.write('öäü');
hash.end();
}
// Hash of "öäü" in utf8 format
const assertionHashUtf8 =
'4f53d15bee524f082380e6d7247cc541e7cb0d10c64efdcc935ceeb1e7ea345c';
// Hash of "öäü" in latin1 format
const assertionHashLatin1 =
'cd37bccd5786e2e76d9b18c871e919e6eb11cc12d868f5ae41c40ccff8e44830';
testEncoding(undefined, assertionHashUtf8);
testEncoding({}, assertionHashUtf8);
testEncoding({
defaultEncoding: 'utf8'
}, assertionHashUtf8);
testEncoding({
defaultEncoding: 'latin1'
}, assertionHashLatin1);