Attach the per-context execution environment directly to API functions.
Rationale:
* Gets node one step closer to multi-isolate readiness.
* Avoids multi-context confusion, e.g. when the caller and callee live
in different contexts.
* Avoids expensive calls to pthread_getspecific() on platforms where
V8 does not know how to use the thread-local storage directly.
(Linux, the BSDs.)
PR-URL: https://github.com/node-forward/node/pull/18
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Mechanically replace assert() statements with UNREACHABLE(), CHECK(),
or CHECK_{EQ,NE,LT,GT,LE,GE}() statements.
The exceptions are src/node.h and src/node_object_wrap.h because they
are public headers.
PR-URL: https://github.com/node-forward/node/pull/16
Reviewed-By: Fedor Indutny <fedor@indutny.com>
API callback functions don't need to create a v8::HandleScope instance
because V8 already creates one in the JS->C++ adapter frame.
PR-URL: https://github.com/node-forward/node/pull/16
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Because of behavior change of some V8 APIs (they mostly became more
strict), following modules needed to be fixed:
* crypto: duplicate prototype methods are not allowed anymore
* contextify: some TryCatch trickery, the binding was using it
incorrectly
* util: maximum call stack error is now crashing in a different place
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
This adds domains coverage for pdbkdf2, pseudoRandomBytes, and randomBytes.
All others should be covered by event emitters.
Fixes#5801.
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Strings are treated as UTF8 instead of one-byte strings when
names are processed and when OpenSSL's ..._print functions are used.
This commit fixes simple/test-tls-peer-certificate-encoding test.
fix#8366
In case of an invalid DH parameter file, it is sliently discarded. To
use auto DH parameter in a server and DHE key length check in a
client, we need to wait for the next release of OpenSSL-1.0.2.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Replace the CONTAINER_OF macro with a template function that is as
type-safe as a reinterpret_cast<> of an arbitrary pointer can be made.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
ClientHelloParser used to contain an 18k buffer that was kept around
for the life of the connection, even though it was not needed in many
situations. I changed it to be deallocated when it's determined to
be no longer needed.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
1) ThrowCryptoTypeErrors was not actually used for
type-related errors. Removed it.
2) For AEAD modes, OpenSSL does not set any internal
error information if Final does not complete suc-
cessfully. Therefore, "TypeError:error:00000000:l
ib(0):func(0):reason(0)" would be the error mess-
age. Use a default message for these cases.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
OpenSSL behaves oddly: on client `cert_chain` contains
the `peer_certificate`, but on server it doesn't.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
This prevents segfaults when a native method is reassigned to a
different object (which corrupts args.This()). When unwrapping,
clients should use args.Holder() instead of args.This().
Closes#6690.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.
fix#7249
Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG.
The entropy pool starts out empty and needs to fill up before the PRNG
can be used securely.
OpenSSL normally fills the pool automatically but not when someone
starts generating random numbers before the pool is full: in that case
OpenSSL keeps lowering the entropy estimate to thwart attackers trying
to guess the initial state of the PRNG.
When that happens, we wait until enough entropy is available, something
that normally should never take longer than a few milliseconds.
Fixes#7338.
The default entropy source is /dev/urandom on UNIX platforms, which is
okay but we can do better by seeding it from OpenSSL's entropy pool.
On Windows we can certainly do better; on that platform, V8 seeds the
random number generator using only the current system time.
Fixes#6250.
NB: This is a back-port of commit 7ac2391 from the master branch that
for some reason never got back-ported to the v0.10 branch.
The default on UNIX platforms in v0.10 is different and arguably worse
than it is with master: if no entropy source is provided, V8 3.14 calls
srandom() with a xor of the PID and the current time in microseconds.
That means that on systems with a coarse system clock, the initial
state of the PRNG may be easily guessable.
The situation on Windows is even more dire because there the PRNG is
seeded with only the current time... in milliseconds.
Don't call DecodeWrite() with a Buffer as its argument because it in
turn calls StringBytes::Write() and that method expects a Local<String>.
"Why then does that function take a Local<Value>?" I hear you ask.
Good question but I don't have the answer. I added a CHECK for good
measure and what do you know, all of a sudden a large number of crypto
tests started failing.
Calling DecodeWrite(BINARY) on a buffer is nonsensical anyway: if you
want the contents of the buffer, just copy out the data, there is no
need to decode it - and that's exactly what this commit does.
Fixes a great many instances of the following run-time error in debug
builds:
FATAL ERROR: v8::String::Cast() Could not convert to string
These will be used to allow users to filter for which types of calls
they wish their callbacks to run.
Signed-off-by: Timothy J Fontaine <tjfontaine@gmail.com>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl and update src/node_crypto.cc to make use of
the new format.
Fixes#6013.
Built-in modules should be automatically registered, replacing the
static module list. Add-on modules should also be automatically
registered via DSO constructors. This improves flexibility in adding
built-in modules and is also a prerequisite to pure-C addon modules.
ERR_load_crypto_strings() registers the error strings for
all libcrypto functions, SSL_load_error_strings() does the
same, but also registers the libssl error strings.
Make the HMAC digest method configurable. Update crypto.pbkdf2() and
crypto.pbkdf2Sync() to take an extra, optional digest argument.
Before this commit, SHA-1 (admittedly the most common method) was used
exclusively.
Fixes#6553.
Do not throw in internal C++ methods, that clobbers logic and may lead
to the situations, where both exception was thrown and the value was
returned (via `args.GetReturnValue().Set()`). That doesn't play nicely
with v8.
fix#6912
All C++ code should be using `args.GetIsolate()` or `env->isolate()`.
Using static `node_isolate` var limits possible future functionality
(like multi-isolate support).
Ben Noordhuis
Fedor Indutny
Mickael van der Beek
Chris Dickinson
Adam Lippai
Brian White
Shigeki Ohtsu
seishun
Timothy J Fontaine
Alexis Campailla
Ingmar Runge
Rasmus Christian Pedersen
C. Scott Ananian
Fedor Indutny
Trevor Norris
Keith M Wesolowski
Yorkie