ClientHelloParser used to contain an 18k buffer that was kept around
for the life of the connection, even though it was not needed in many
situations. I changed it to be deallocated when it's determined to
be no longer needed.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG.
The entropy pool starts out empty and needs to fill up before the PRNG
can be used securely.
OpenSSL normally fills the pool automatically but not when someone
starts generating random numbers before the pool is full: in that case
OpenSSL keeps lowering the entropy estimate to thwart attackers trying
to guess the initial state of the PRNG.
When that happens, we wait until enough entropy is available, something
that normally should never take longer than a few milliseconds.
Fixes#7338.
The default entropy source is /dev/urandom on UNIX platforms, which is
okay but we can do better by seeding it from OpenSSL's entropy pool.
On Windows we can certainly do better; on that platform, V8 seeds the
random number generator using only the current system time.
Fixes#6250.
NB: This is a back-port of commit 7ac2391 from the master branch that
for some reason never got back-ported to the v0.10 branch.
The default on UNIX platforms in v0.10 is different and arguably worse
than it is with master: if no entropy source is provided, V8 3.14 calls
srandom() with a xor of the PID and the current time in microseconds.
That means that on systems with a coarse system clock, the initial
state of the PRNG may be easily guessable.
The situation on Windows is even more dire because there the PRNG is
seeded with only the current time... in milliseconds.
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl and update src/node_crypto.cc to make use of
the new format.
Fixes#6013.
NOTE: Also removed `.receivedShutdown` method of `Connection` it wasn't
documented anywhere, and was rewritten with `true` after receiving
`close_notify`.
fix#6638
Use the StringBytes::IsValidString() function introduced in commit
dce26cc to ensure that the input string meets the expectations of the
other StringBytes functions before processing it further.
Fixes the following assertion:
Assertion failed: (str->Length() % 2 == 0 && "invalid hex string
length"), function StorageSize, file ../../src/string_bytes.cc,
line 301.
Fixes#5725.
X509_STORE_add_cert increment reference of passed `x509` cert,
`X509_free` must be called to avoid memory leak.
This is a back-port of commit c1db1ec from the master branch.
Quote from SSL_shutdown man page:
The output of SSL_get_error(3) may be misleading,
as an erroneous SSL_ERROR_SYSCALL may be flagged even though
no error occurred.
Also, handle all other errors to prevent assertion in `ClearError()`.
This change shouldn't have landed in the stable branch. It's a feature,
not a bug fix.
This reverts commit 58f93ffc4a.
This reverts commit 8c8ebe49b6.
This reverts commit ba0f7b8066.
This reverts commit 21f3c5c367.
DH_compute_secret() may return key that is smaller than input buffer,
in such cases key should be left-padded because it is a BN (big number).
fix#5239
Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.
Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.
Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.
The EncIn, EncOut, ClearIn & ClearOut functions are victims of some code
copy + pasting. A common line copied to all of them is:
`if (off >= buffer_length) { ...`
448e0f43 corrected ClearIn's check from `>=` to `>`, but left the others
unchanged (with an incorrect bounds check). However, if you look down at
the next very next bounds check you'll see:
`if (off + len > buffer_length) { ...`
So the check is actually obviated by the next line, and should be
removed.
This fixes an issue where writing a zero-length buffer to an encrypted
pair's *encrypted* stream you would get a crash.
Throw a TypeError if size > 0x3fffffff. Avoids the following V8 fatal
error:
FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData()
length exceeds max acceptable value
Fixes#5126.
Clear OpenSSL's error stack on return from Connection::HandleSSLError().
This stops stale errors from popping up later in the lifecycle of the
SSL connection where they would cause spurious failures.
This commit causes a 1-2% performance regression on `make bench-tls`.
We'll address that in follow-up commits if possible but let's ensure
correctness first.
Fixes#4771.
node 0.9.6 introduced Buffer changes that cause the key argument of
Hmac::HmacInit (used in crypto.createHmac) to be NULL when the key is
empty. This argument is passed to OpenSSL's HMAC_Init, which does not
like NULL keys.
This change works around the issue by passing an empty string to
HMAC_Init when the key is empty, and adds crypto.createHmac tests for
the edge cases of empty keys and values.
OR'ing together two large values, like `SSL_OP_ALL | SSL_OP_NO_TICKET`,
produces a negative number. To wit:
assert((0x80000000 | 0x4000) === -0x7fffc000); // true
assert((0x80000000 | 0x4000) === 0x80004000); // false!
It's easy to work around by doing a logical shift, like this:
assert((0x80000000 | 0x4000) >>> 0 === 0x80004000); // true
But that's not very intuitive. Let's be more lenient in what we accept.
Fix a use-after-free bug and a memory leak in the error path of
DiffieHellman::ComputeSecret().
* the BIGNUM key was used after being freed with BN_free().
* the output buffer was not freed
Alexis Campailla
Ben Noordhuis
Timothy J Fontaine
Fedor Indutny
isaacs
mscdex
Trevor Norris
Marcel Laverdet
Victor Costan
Sergey Kholodilov