PR #11705 switched Node away from using using OpenSSL's legacy EVP_Sign*
and EVP_Verify* APIs. Instead, it computes a hash normally via
EVP_Digest* and then uses EVP_PKEY_sign and EVP_PKEY_verify to verify
the hash directly. This change corrects two problems:
1. The documentation still recommends the signature algorithm EVP_MD
names of OpenSSL's legacy APIs. OpenSSL has since moved away from
thosee, which is why ECDSA was strangely inconsistent. (This is why
"ecdsa-with-SHA256" was missing.)
2. Node_SignFinal copied some code from EVP_SignFinal's internals. This
is problematic for OpenSSL 1.1.0 and is missing a critical check
that prevents pkey->pkey.ptr from being cast to the wrong type.
To resolve this, remove the non-EVP_PKEY_sign codepath. This codepath is
no longer necessary. PR #11705's verify half was already assuming all
EVP_PKEYs supported EVP_PKEY_sign and EVP_PKEY_verify. Also, in the
documentation, point users towards using hash function names which are
more consisent. This avoids an ECDSA special-case and some strangeness
around RSA-PSS ("RSA-SHA256" is the OpenSSL name of the
sha256WithRSAEncryption OID which is not used for RSA-PSS).
PR-URL: https://github.com/nodejs/node/pull/15024
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
test-tls-fast-writing can fail on a heavily-loaded system due to an
arbitrary 1-second timeout. Remove the arbitrary timeout.
PR-URL: https://github.com/nodejs/node/pull/15138
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
On a slow/busy machine, `test-http-agent-maxsockets` can fail if the
test takes longer than 5 seconds because that is the default value for
`server.keepAliveTimeout`. Disable `keepAliveTimeout` to make the test
robust.
PR-URL: https://github.com/nodejs/node/pull/15192
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reasons:
- `test-async-wrap-getasyncid` binds a handle, so move to
sequential because port cannot be already in use.
- `test-dgram-implicit-bind-failure` requires a hardcoded
port number to properly send socket packet.
- `test-http-agent-uninitialized-with-handle` requires a
hardcoded port number to properly send http request.
- `test-http-agent-uninitialized` requires a hardcoded port
number to properly send http request.
- `test-net-localport` requires a hardcoded port number
for assertions.
In addition this replaces two common.PORTs with a dynamic port.
PR-URL: https://github.com/nodejs/node/pull/15151
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Fix references within http2 core to HTTP_STATUS_CONTENT_RESET to point
to the correct HTTP_STATUS_RESET_CONTENT. Add tests for status 204,
205 & 304 in respond, respondWithFD & respondWithFile. Add general
error tests for respondWithFD & respondWithFile.
PR-URL: https://github.com/nodejs/node/pull/15153
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
The only valid values for enablePush are 0 and 1. If validation
is requested, we should verify that it wasn't set to another
value rather than casting to Boolean regardless of value.
PR-URL: https://github.com/nodejs/node/pull/15167
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Store headersSent directly on response state after finish event
is triggered, so that users can always access it.
PR-URL: https://github.com/nodejs/node/pull/15232
Fixes: https://github.com/nodejs/node/issues/15226
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
* add constants for dlopen flags, which are needed
for dlopen's flag passing.
* introduce an optional parameter for process.dlopen(),
allowing to pass dlopen flags (using values from os.constants.dlopen).
If no flags are passed, the default behavior is to load the library
with RTLD_LAZY (perform lazy binding) and RTLD_LOCAL (symbols are
available only locally).
PR-URL: https://github.com/nodejs/node/pull/12794
Refs: https://github.com/nodejs/node/pull/4105
Refs: https://github.com/libuv/libuv/pull/1331
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Add support for multiple PFX files in tls.createSecureContext.
Also added support for object-style PFX pass.
PR-URL: https://github.com/nodejs/node/pull/14793
Fixes: https://github.com/nodejs/node/issues/14756
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Set writableStream decodeStrings to false to let the
native layer handle converting strings to buffer.
PR-URL: https://github.com/nodejs/node/pull/15140
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Add tests for Http2ServerRequest and Http2ServerResponse setTimeout
PR-URL: https://github.com/nodejs/node/pull/15156
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Add minimal test forbuffer benchmarks.
PR-URL: https://github.com/nodejs/node/pull/15175
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com
Change default timeout to be tracked on the session instead
of the socket, as nghttp2 manages the socket and we would
need to maintain two sets of timeouts for similar purpose.
Also fixes session setTimeout to work as it wasn't getting
_unrefActive correctly (was called on the handle).
Fixes: https://github.com/nodejs/node/issues/15158
PR-URL: https://github.com/nodejs/node/pull/15188
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Adds Http2ServerRequest trailers & rawTrailers functionality. Also fixes
behaviour of multi-headers to conform with the spec (all values but
set-cookie and cookie should be comma delimited, cookie should be
semi-colon delimited and only set-cookie should be an array). Adds
setter for statusMessage that warns, for backwards compatibility.
End readable side of the stream on trailers or bodyless requests
Refs: https://github.com/expressjs/express/pull/3390#discussion_r136718729
PR-URL: https://github.com/nodejs/node/pull/15193
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
[kFinish](code) can be triggered from a 'finish' event (for example
when calling response.end) which does not pass code. That tries to
set closedCode to undefined resulting in NaN closedCode instead of
NGHTTP2_NO_ERROR. Check for code !== undefined before setting.
Adds tests for closed and closedCode.
PR-URL: https://github.com/nodejs/node/pull/15154
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* Use tmp directory instead of mutating the fixtures directory.
* Add comment explaining that the unlinkSync() at the end of the test is
part of the test. Otherwise it may be tempting to remove it as
unnecessary tmp directory cleanup.
PR-URL: https://github.com/nodejs/node/pull/15173
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
5723c4c5f0 was an unintentional breaking change in that it changed
the behaviour of `tls.createSecureContext()` to throw on false-y input
rather than ignoring it. This breaks real-world applications like `npm`.
This restores the previous behaviour.
PR-URL: https://github.com/nodejs/node/pull/15131
Ref: https://github.com/nodejs/node/pull/15053
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: MichaëZasso <targos@protonmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
small test verifying that the NghttpError is as expected
PR-URL: https://github.com/nodejs/node/pull/15105
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/15105
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/15105
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Comparing NaN will not throw anymore.
PR-URL: https://github.com/nodejs/node/pull/15036
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Problem:
It's possible to run listen()
on a net.Server that's already listening to a port.
The result is silent failure,
with the side effect of changing the connectionKey and or pipeName.
Solution:
throw an error if listen method called more than once.
close() method should be called between listen() method calls.
Refs: https://github.com/nodejs/node/pull/8294
Fixes: https://github.com/nodejs/node/issues/6190
Fixes: https://github.com/nodejs/node/issues/11685
PR-URL: https://github.com/nodejs/node/pull/13149
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
This change adds the ability to pass a double into randomBytes.
PR-URL: https://github.com/nodejs/node/pull/15130
Fixes: https://github.com/nodejs/node/issues/15118
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Correct requestOnConnect to emit session error on
NGHTTP2_ERR_STREAM_ID_NOT_AVAILABLE rather than stream error. Add full
test suite for the error handling within requestOnConnect.
PR-URL: https://github.com/nodejs/node/pull/15080
Refs: https://github.com/nodejs/node/issues/14985
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Change error types emitted from request and validatePriorityOptions
to be TypeError rather than the incorrect RangeError. Add tests
to confirm that all errors are thrown as expected (weight, parent,
exclusive, silent, endStream and getTrailers). Add test for method
CONNECT throwing error on missing :authority or superfluous :scheme
and :path.
PR-URL: https://github.com/nodejs/node/pull/15109
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Modify existing header tests for Http2ServerResponse to include
sendDate (get and set) and headersSent. Expand existing test
for end to include a check for closed. Add a new test for destroy.
PR-URL: https://github.com/nodejs/node/pull/15074
Refs: https://github.com/nodejs/node/issues/14985
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Move test reliant on timer triggering in a timely fahion from parallel
to sequential. The test can fail under high load when the timer is
triggered too late and the `\r` and `\n` are treated as separate lines.
PR-URL: https://github.com/nodejs/node/pull/15066
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Remove the executable bits of the file modes of some files that
accidentally received it.
PR-URL: https://github.com/nodejs/node/pull/15132
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The `.load` command would fail with any file that contains
multiline `.` operator expressions. This was particularly
noticeable when chaining promises or multi-line arrow
expressions.
This change Forces the REPL to be in `editorMode` while loading
a file from disk using the `.load` command.
Fixes: https://github.com/nodejs/node/issues/14022
PR-URL: https://github.com/nodejs/node/pull/14861
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Create one file for testing each function of the path module.
Keep general error tests and tests for constant properties in
test-path.js.
PR-URL: https://github.com/nodejs/node/pull/15093
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
covert lib/fs.js over to using lib/internal/errors.js
i have not addressed the cases that use errnoException(),
for reasons described in GH-12926
- throw the ERR_INVALID_CALLBACK error
when the the callback is invalid
- replace the ['object', 'string'] with
['string', 'object'] in the error constructor call,
to better match the previous err msg
in the getOptions() function
- add error ERR_VALUE_OUT_OF_RANGE in lib/internal/errors.js,
this error is thrown when a numeric value is out of range
- document the ERR_VALUE_OUT_OF_RANGE err in errors.md
- correct the expected args, in the error thrown in the function
fs._toUnixTimestamp() to ['Date', 'time in seconds'] (lib/fs.js)
- update the listener error type in the fs.watchFile() function,
from Error to TypeError (lib/fs.js)
- update errors from ERR_INVALID_OPT_VALUE to ERR_INVALID_ARG_TYPE
in the functions fs.ReadStream() and fs.WriteStream(),
for the cases of range errors use the new error:
ERR_VALUE_OUT_OF_RANGE (lib/fs.js)
PR-URL: https://github.com/nodejs/node/pull/15043
Refs: https://github.com/nodejs/node/issues/11273
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This removes the compatibilty code that was in place to allow an unintended
interaction between `require('.')` and `NODE_PATH`. The compatibility code and
the accompanying deprecation warning has been in place since 2015-04-17.
PR-URL: https://github.com/nodejs/node/pull/3384
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Call Object.defineProperty() twice to set readonly property is
unnecessary.
PR-URL: https://github.com/nodejs/node/pull/13221
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
The motivation for this commit is to pick up early on missing checks for
crypto support (when Node is built --without-ssl).
There are currently usages of common.hasCrypto which are not just for
detecting if crypto support is available and then skip the test in
question. For these case we still want to have a lint error generated
which can then be disabled using an ESLint comment.
PR-URL: https://github.com/nodejs/node/pull/13813
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
The internal method `REPLServer.createContext()` had
unexpected side effects. When called, the value for the
`underscoreAssigned` and `lines` properties were reset.
This change ensures that those properties are not modified
when a context is created.
Fixes: https://github.com/nodejs/node/issues/14226
Refs: https://github.com/nodejs/node/issues/7619
PR-URL: https://github.com/nodejs/node/pull/14331
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Adds an implementation for writeContinue based on the h2 spec & the
existing http implementation. ClientHttp2Stream now also emits
a continue event when it receives headers with :status 100.
Includes two test cases for default server continue behaviour and
for the exposed checkContinue listener.
PR-URL: https://github.com/nodejs/node/pull/15039
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Use `Object.create(null)` for dictionary objects so that keys from
certificate strings or the authorityInfoAccess field cannot conflict
with Object.prototype properties.
PR-URL: https://github.com/nodejs/node/pull/14447
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
New test case for Expect header & checkExpectation event based on the
existing http test case.
PR-URL: https://github.com/nodejs/node/pull/15040
Refs: https://github.com/nodejs/node/issues/14985
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/15044
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>