Make the root_certs global fully const. As a side effect, that moves it
from the .data section to the .rodata section. Makes it a little easier
to reason about the remaining globals.
The previous commits fixed oversights in destructors that should have
been marked virtual but weren't. This commit marks destructors from
derived classes with the override keyword.
Now that we are building with C++11 features enabled, replace use
of NULL with nullptr.
The benefit of using nullptr is that it can never be confused for
an integral type because it does not support implicit conversions
to integral types except boolean - unlike NULL, which is defined
as a literal `0`.
Attach the per-context execution environment directly to API functions.
Rationale:
* Gets node one step closer to multi-isolate readiness.
* Avoids multi-context confusion, e.g. when the caller and callee live
in different contexts.
* Avoids expensive calls to pthread_getspecific() on platforms where
V8 does not know how to use the thread-local storage directly.
(Linux, the BSDs.)
PR-URL: https://github.com/node-forward/node/pull/18
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Mechanically replace assert() statements with UNREACHABLE(), CHECK(),
or CHECK_{EQ,NE,LT,GT,LE,GE}() statements.
The exceptions are src/node.h and src/node_object_wrap.h because they
are public headers.
PR-URL: https://github.com/node-forward/node/pull/16
Reviewed-By: Fedor Indutny <fedor@indutny.com>
API callback functions don't need to create a v8::HandleScope instance
because V8 already creates one in the JS->C++ adapter frame.
PR-URL: https://github.com/node-forward/node/pull/16
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Because of behavior change of some V8 APIs (they mostly became more
strict), following modules needed to be fixed:
* crypto: duplicate prototype methods are not allowed anymore
* contextify: some TryCatch trickery, the binding was using it
incorrectly
* util: maximum call stack error is now crashing in a different place
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
Because of behavior change of some V8 APIs (they mostly became more
strict), following modules needed to be fixed:
* crypto: duplicate prototype methods are not allowed anymore
* contextify: some TryCatch trickery, the binding was using it
incorrectly
* util: maximum call stack error is now crashing in a different place
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
This adds domains coverage for pdbkdf2, pseudoRandomBytes, and randomBytes.
All others should be covered by event emitters.
Fixes#5801.
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Strings are treated as UTF8 instead of one-byte strings when
names are processed and when OpenSSL's ..._print functions are used.
This commit fixes simple/test-tls-peer-certificate-encoding test.
fix#8366
In case of an invalid DH parameter file, it is sliently discarded. To
use auto DH parameter in a server and DHE key length check in a
client, we need to wait for the next release of OpenSSL-1.0.2.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Replace the CONTAINER_OF macro with a template function that is as
type-safe as a reinterpret_cast<> of an arbitrary pointer can be made.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
ClientHelloParser used to contain an 18k buffer that was kept around
for the life of the connection, even though it was not needed in many
situations. I changed it to be deallocated when it's determined to
be no longer needed.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
1) ThrowCryptoTypeErrors was not actually used for
type-related errors. Removed it.
2) For AEAD modes, OpenSSL does not set any internal
error information if Final does not complete suc-
cessfully. Therefore, "TypeError:error:00000000:l
ib(0):func(0):reason(0)" would be the error mess-
age. Use a default message for these cases.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
OpenSSL behaves oddly: on client `cert_chain` contains
the `peer_certificate`, but on server it doesn't.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
This prevents segfaults when a native method is reassigned to a
different object (which corrupts args.This()). When unwrapping,
clients should use args.Holder() instead of args.This().
Closes#6690.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.
fix#7249
Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG.
The entropy pool starts out empty and needs to fill up before the PRNG
can be used securely.
OpenSSL normally fills the pool automatically but not when someone
starts generating random numbers before the pool is full: in that case
OpenSSL keeps lowering the entropy estimate to thwart attackers trying
to guess the initial state of the PRNG.
When that happens, we wait until enough entropy is available, something
that normally should never take longer than a few milliseconds.
Fixes#7338.
The default entropy source is /dev/urandom on UNIX platforms, which is
okay but we can do better by seeding it from OpenSSL's entropy pool.
On Windows we can certainly do better; on that platform, V8 seeds the
random number generator using only the current system time.
Fixes#6250.
NB: This is a back-port of commit 7ac2391 from the master branch that
for some reason never got back-ported to the v0.10 branch.
The default on UNIX platforms in v0.10 is different and arguably worse
than it is with master: if no entropy source is provided, V8 3.14 calls
srandom() with a xor of the PID and the current time in microseconds.
That means that on systems with a coarse system clock, the initial
state of the PRNG may be easily guessable.
The situation on Windows is even more dire because there the PRNG is
seeded with only the current time... in milliseconds.
Don't call DecodeWrite() with a Buffer as its argument because it in
turn calls StringBytes::Write() and that method expects a Local<String>.
"Why then does that function take a Local<Value>?" I hear you ask.
Good question but I don't have the answer. I added a CHECK for good
measure and what do you know, all of a sudden a large number of crypto
tests started failing.
Calling DecodeWrite(BINARY) on a buffer is nonsensical anyway: if you
want the contents of the buffer, just copy out the data, there is no
need to decode it - and that's exactly what this commit does.
Fixes a great many instances of the following run-time error in debug
builds:
FATAL ERROR: v8::String::Cast() Could not convert to string
These will be used to allow users to filter for which types of calls
they wish their callbacks to run.
Signed-off-by: Timothy J Fontaine <tjfontaine@gmail.com>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl and update src/node_crypto.cc to make use of
the new format.
Fixes#6013.
Built-in modules should be automatically registered, replacing the
static module list. Add-on modules should also be automatically
registered via DSO constructors. This improves flexibility in adding
built-in modules and is also a prerequisite to pure-C addon modules.
Ben Noordhuis
Fedor Indutny
Mickael van der Beek
Chris Dickinson
Adam Lippai
Brian White
Shigeki Ohtsu
seishun
Timothy J Fontaine
Alexis Campailla
Ingmar Runge
Rasmus Christian Pedersen
C. Scott Ananian
Fedor Indutny
Trevor Norris
Keith M Wesolowski