Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.
Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.
Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.
The EncIn, EncOut, ClearIn & ClearOut functions are victims of some code
copy + pasting. A common line copied to all of them is:
`if (off >= buffer_length) { ...`
448e0f43 corrected ClearIn's check from `>=` to `>`, but left the others
unchanged (with an incorrect bounds check). However, if you look down at
the next very next bounds check you'll see:
`if (off + len > buffer_length) { ...`
So the check is actually obviated by the next line, and should be
removed.
This fixes an issue where writing a zero-length buffer to an encrypted
pair's *encrypted* stream you would get a crash.
The EncIn, EncOut, ClearIn & ClearOut functions are victims of some code
copy + pasting. A common line copied to all of them is:
`if (off >= buffer_length) { ...`
448e0f43 corrected ClearIn's check from `>=` to `>`, but left the others
unchanged (with an incorrect bounds check). However, if you look down at
the next very next bounds check you'll see:
`if (off + len > buffer_length) { ...`
So the check is actually obviated by the next line, and should be
removed.
This fixes an issue where writing a zero-length buffer to an encrypted
pair's *encrypted* stream you would get a crash.
Throw a TypeError if size > 0x3fffffff. Avoids the following V8 fatal
error:
FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData()
length exceeds max acceptable value
Fixes#5126.
All compile time warnings about using deprecated APIs have been
suppressed by updating node's API. Though there are still many function
calls that can accept Isolate, and still need to be updated.
node_isolate had to be added as an extern variable in node.h and
node_object_wrap.h
Also a couple small fixes for Error handling.
Before v8 3.16.6 the error stack message was lazily written when it was
needed, which allowed you to change the message after instantiation.
Then the stack would be written with the new message the first time it
was accessed. Though that has changed. Now it creates the stack message
on instantiation. So setting a different message afterwards won't be
displayed.
This is not a complete fix for the problem. Getting error without any
message isn't very useful.
From OpenSSL's documentation:
"If BIO_free() is called on a BIO chain it will only free one BIO
resulting in a memory leak."
and
"BIO_free_all() frees up an entire BIO chain, it does not halt if an
error occurs freeing up an individual BIO in the chain"
Clear OpenSSL's error stack on return from Connection::HandleSSLError().
This stops stale errors from popping up later in the lifecycle of the
SSL connection where they would cause spurious failures.
This commit causes a 1-2% performance regression on `make bench-tls`.
We'll address that in follow-up commits if possible but let's ensure
correctness first.
Fixes#4771.
node 0.9.6 introduced Buffer changes that cause the key argument of
Hmac::HmacInit (used in crypto.createHmac) to be NULL when the key is
empty. This argument is passed to OpenSSL's HMAC_Init, which does not
like NULL keys.
This change works around the issue by passing an empty string to
HMAC_Init when the key is empty, and adds crypto.createHmac tests for
the edge cases of empty keys and values.
OR'ing together two large values, like `SSL_OP_ALL | SSL_OP_NO_TICKET`,
produces a negative number. To wit:
assert((0x80000000 | 0x4000) === -0x7fffc000); // true
assert((0x80000000 | 0x4000) === 0x80004000); // false!
It's easy to work around by doing a logical shift, like this:
assert((0x80000000 | 0x4000) >>> 0 === 0x80004000); // true
But that's not very intuitive. Let's be more lenient in what we accept.
Fix a use-after-free bug and a memory leak in the error path of
DiffieHellman::ComputeSecret().
* the BIGNUM key was used after being freed with BN_free().
* the output buffer was not freed
Don't execute the callback in the context of the global object.
MakeCallback() tries to apply the active domain to the callback. If the user
polluted the global object with a 'domain' property, as in the code example
below, MakeCallback() will try to apply that.
Example:
domain = {}; // missing var keyword is intentional
crypto.randomBytes(8, cb); // TypeError: undefined is not a function
Fixes#3956.
pthread_t is a pointer type on OS X but an unsigned long on most other
platforms. Use a C style cast because reinterpret_cast nor static_cast
work in all cases.
DH_size returns number of bytes in a prime number, DH_compute_key returns number
of bytes in a remainder of exponent, which may have less bytes than a prime
number. Therefore add 0-padding to the allocated buffer.
Fixes#3372
Ben Noordhuis
Marcel Laverdet
Trevor Norris
Fedor Indutny
Victor Costan
Sergey Kholodilov
isaacs