As per #3292, this PR introduces a deprecation notice about removing
the 'default digest' overload which currently defaults to the soon
to be defunct SHA1 digest.
Instead it should be left up to the documentation and implementor to
suggest a suitable digest function.
Ref: https://github.com/nodejs/node/pull/3292
PR-URL: https://github.com/nodejs/node/pull/4047
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
This commit fixes some error messages that are not consistent with
some general rules which most of the error messages follow.
PR-URL: https://github.com/nodejs/node/pull/3374
Reviewed-By: Roman Reiss <me@silverwind.io>
This commit refactors LazyTransform from the crypto implementation
(lib/crypto.js) into an internal module (not publicy accessible) in
internal/streams/lazy_transform.js. This promotes a more modular core
design and removes code bloat in crypto, as LazyTransform didn't
specifically have anything to do with cryptography, but rather a fast
way to support two APIs on a stream.
PR-URL: https://github.com/nodejs/node/pull/2566
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Changes included in this commit are
1. Making the deprecation messages consistent. The messages will be in
the following format
x is deprecated. Use y instead.
If there is no alternative for `x`, then the ` Use y instead.` part
will not be there in the message.
2. All the internal deprecation messages are printed with the prefix
`(node) `, except when the `--trace-deprecation` flag is set.
Fixes: https://github.com/nodejs/io.js/issues/1883
PR-URL: https://github.com/nodejs/io.js/pull/1892
Reviewed-By: Roman Reiss <me@silverwind.io>
Not including `new` adds a useless frame and removes a potentially
useful frame.
PR-URL: https://github.com/iojs/io.js/pull/1246
Reviewed-By: Petka Antonov <petka_antonov@hotmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Private keys may be used along with publicEncrypt since the private key
includes the public one. This adds the ability to use encrypted private
keys which previously threw an error. This commit also makes sure the
user exposed functions have names.
PR-URL: https://github.com/iojs/io.js/pull/626
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Many of the util.is*() methods used to check data types
simply compare against a single value or the result of
typeof. This commit replaces calls to these methods with
equivalent checks. This commit does not touch calls to the
more complex methods (isRegExp(), isDate(), etc.).
Fixes: https://github.com/iojs/io.js/issues/607
PR-URL: https://github.com/iojs/io.js/pull/647
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Per #445 this removes a reference to this._readableState in hash._flush. It was
used to get the encoding on the readable side to pass to the writable side but
omitting it just causes the stream to handle the encoding issues.
PR-URL: https://github.com/iojs/io.js/pull/610
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
Previously pseudoRandomBytes worked similarly to randomBytes but in the
event of insufficient entropy would silently return non-secure values.
As of f68a116, the entropy pool blocks if there is insufficient entropy
instead of giving an error so there is now no longer a case where
pseudoRandomBytes would act differently than randomBytes.
Docs are updated to remove pseudoRandomBytes and to clarify that
randomBytes now does block instead of erring when entropy is low.
PR-URL: https://github.com/iojs/io.js/pull/557
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This commit replaces a number of var statements throughout
the lib code with const statements.
PR-URL: https://github.com/iojs/io.js/pull/541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The copyright and license notice is already in the LICENSE file. There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
Sets the authenticated encryption specific methods ([set|get]AuthTag and setAAD)
on the Cipher prototype not just the Cipheriv prototype.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/joyent/node/pull/8711
Turn on strict mode for the files in the lib/ directory. It helps
catch bugs and can have a positive effect on performance.
PR-URL: https://github.com/node-forward/node/pull/64
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Previously crypto.createDiffieHellman() would fail silently when a bad
argument was passed for prime/prime_length. Now throws TypeError.
Fixes: https://github.com/joyent/node/issues/8480
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.
fix#7249
NodeBIO::Gets was reading off the end of a buffer if it
didn't find a "\n" before the EOF. This behavior
was causing X509 certificates passed to `https.Agent`
via the "ca" option to be silently discarded. It also
was causing improper parsing of certs and keys
passed to https.Agent, but those problems were worked
around in cdde9a3.
Backed out workaround in `lib/crypto.js` from ccde9a3,
which now isn't needed. But keep the test introduced
in that commit, which tests properly for this
bug.
This bug was first introduced in a58f93f
Gist containing test code, bisection log, and notes:
https://gist.github.com/maxtaco/9211605
Make the HMAC digest method configurable. Update crypto.pbkdf2() and
crypto.pbkdf2Sync() to take an extra, optional digest argument.
Before this commit, SHA-1 (admittedly the most common method) was used
exclusively.
Fixes#6553.
After one of OpenSSL updates we have stopped accepting PEM private keys
and certificates that doesn't end with a newline (`\n`) character.
Handle this regression in `crypto.js` to make less trouble to our users.
fix#6892
This adds two new member functions getAuthTag and setAuthTag that
are useful for AES-GCM encryption modes. Use getAuthTag after
Cipheriv.final, transmit the tag along with the data and use
Decipheriv.setAuthTag to have the encrypted data verified.
Previous behaviour was to drop to an openssl prompt
("Enter PEM pass phrase:") when supplying a private key with a
passphrase. This change adds a fourth, optional, paramter that
will be used as the passphrase.
To include this parameter in a backwards compatible way it was
necessary to expose the previously undocumented (and unexposed)
feature of being able to explitly setting the output encoding.
Normalize the encoding in getEncoding() before using it. Fixes a
"AssertionError: Cannot change encoding" exception when the caller
mixes "utf8" and "utf-8".
Fixes#5655.
It needs to apply the Transform class when the _readableState,
_writableState, or _transformState properties are accessed,
otherwise things like setEncoding and on('data') don't work
properly.
Also, the methods wrappers are no longer needed, since they're only
problematic because they access the undefined properties.
Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.
Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.
Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.