+29
-67
lines changedFilter options
+29
-67
lines changed Original file line number Diff line number Diff line change
@@ -547,9 +547,9 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
547 547
// OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was
548 548
// exposed in the public API. To retain compatibility, install a callback
549 549
// which restores the old algorithm.
550 -
if (CSPRNG(sc->ticket_key_name_, sizeof(sc->ticket_key_name_)).is_err() ||
551 -
CSPRNG(sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_)).is_err() ||
552 -
CSPRNG(sc->ticket_key_aes_, sizeof(sc->ticket_key_aes_)).is_err()) {
550 +
if (!ncrypto::CSPRNG(sc->ticket_key_name_, sizeof(sc->ticket_key_name_)) ||
551 +
!ncrypto::CSPRNG(sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_)) ||
552 +
!ncrypto::CSPRNG(sc->ticket_key_aes_, sizeof(sc->ticket_key_aes_))) {
553 553
return THROW_ERR_CRYPTO_OPERATION_FAILED(
554 554
env, "Error generating ticket keys");
555 555
}
@@ -1324,7 +1324,7 @@ int SecureContext::TicketCompatibilityCallback(SSL* ssl,
1324 1324 1325 1325
if (enc) {
1326 1326
memcpy(name, sc->ticket_key_name_, sizeof(sc->ticket_key_name_));
1327 -
if (CSPRNG(iv, 16).is_err() ||
1327 +
if (!ncrypto::CSPRNG(iv, 16) ||
1328 1328
EVP_EncryptInit_ex(
1329 1329
ectx, EVP_aes_128_cbc(), nullptr, sc->ticket_key_aes_, iv) <= 0 ||
1330 1330
HMAC_Init_ex(hctx,
@@ -4,6 +4,7 @@
4 4
#include "debug_utils-inl.h"
5 5
#include "env-inl.h"
6 6
#include "memory_tracker-inl.h"
7 +
#include "ncrypto.h"
7 8
#include "threadpoolwork-inl.h"
8 9
#include "v8.h"
9 10
@@ -71,7 +72,7 @@ Maybe<bool> SecretKeyGenTraits::AdditionalConfig(
71 72
KeyGenJobStatus SecretKeyGenTraits::DoKeyGen(Environment* env,
72 73
SecretKeyGenConfig* params) {
73 74
ByteSource::Builder bytes(params->length);
74 -
if (CSPRNG(bytes.data<unsigned char>(), params->length).is_err())
75 +
if (!ncrypto::CSPRNG(bytes.data<unsigned char>(), params->length))
75 76
return KeyGenJobStatus::FAILED;
76 77
params->out = std::move(bytes).release();
77 78
return KeyGenJobStatus::OK;
@@ -3,6 +3,7 @@
3 3
#include "crypto/crypto_util.h"
4 4
#include "env-inl.h"
5 5
#include "memory_tracker-inl.h"
6 +
#include "ncrypto.h"
6 7
#include "threadpoolwork-inl.h"
7 8
#include "v8.h"
8 9
@@ -60,7 +61,7 @@ bool RandomBytesTraits::DeriveBits(
60 61
Environment* env,
61 62
const RandomBytesConfig& params,
62 63
ByteSource* unused) {
63 -
return CSPRNG(params.buffer, params.size).is_ok();
64 +
return ncrypto::CSPRNG(params.buffer, params.size);
64 65
}
65 66 66 67
void RandomPrimeConfig::MemoryInfo(MemoryTracker* tracker) const {
@@ -154,7 +155,7 @@ bool RandomPrimeTraits::DeriveBits(Environment* env,
154 155
ByteSource* unused) {
155 156
// BN_generate_prime_ex() calls RAND_bytes_ex() internally.
156 157
// Make sure the CSPRNG is properly seeded.
157 -
CHECK(CSPRNG(nullptr, 0).is_ok());
158 +
CHECK(ncrypto::CSPRNG(nullptr, 0));
158 159 159 160
if (BN_generate_prime_ex(
160 161
params.prime.get(),
@@ -49,40 +49,6 @@ using v8::Value;
49 49 50 50
namespace crypto {
51 51 52 -
MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length) {
53 -
unsigned char* buf = static_cast<unsigned char*>(buffer);
54 -
do {
55 -
if (1 == RAND_status()) {
56 -
#if OPENSSL_VERSION_MAJOR >= 3
57 -
if (1 == RAND_bytes_ex(nullptr, buf, length, 0)) return {true};
58 -
#else
59 -
while (length > INT_MAX && 1 == RAND_bytes(buf, INT_MAX)) {
60 -
buf += INT_MAX;
61 -
length -= INT_MAX;
62 -
}
63 -
if (length <= INT_MAX && 1 == RAND_bytes(buf, static_cast<int>(length)))
64 -
return {true};
65 -
#endif
66 -
}
67 -
#if OPENSSL_VERSION_MAJOR >= 3
68 -
const auto code = ERR_peek_last_error();
69 -
// A misconfigured OpenSSL 3 installation may report 1 from RAND_poll()
70 -
// and RAND_status() but fail in RAND_bytes() if it cannot look up
71 -
// a matching algorithm for the CSPRNG.
72 -
if (ERR_GET_LIB(code) == ERR_LIB_RAND) {
73 -
const auto reason = ERR_GET_REASON(code);
74 -
if (reason == RAND_R_ERROR_INSTANTIATING_DRBG ||
75 -
reason == RAND_R_UNABLE_TO_FETCH_DRBG ||
76 -
reason == RAND_R_UNABLE_TO_CREATE_DRBG) {
77 -
return {false};
78 -
}
79 -
}
80 -
#endif
81 -
} while (1 == RAND_poll());
82 - 83 -
return {false};
84 -
}
85 - 86 52
int PasswordCallback(char* buf, int size, int rwflag, void* u) {
87 53
const ByteSource* passphrase = *static_cast<const ByteSource**>(u);
88 54
if (passphrase != nullptr) {
@@ -91,19 +91,6 @@ void InitCrypto(v8::Local<v8::Object> target);
91 91 92 92
extern void UseExtraCaCerts(const std::string& file);
93 93 94 -
struct CSPRNGResult {
95 -
const bool ok;
96 -
MUST_USE_RESULT bool is_ok() const { return ok; }
97 -
MUST_USE_RESULT bool is_err() const { return !ok; }
98 -
};
99 - 100 -
// Either succeeds with exactly |length| bytes of cryptographically
101 -
// strong pseudo-random data, or fails. This function may block.
102 -
// Don't assume anything about the contents of |buffer| on error.
103 -
// As a special case, |length == 0| can be used to check if the CSPRNG
104 -
// is properly seeded without consuming entropy.
105 -
MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length);
106 - 107 94
int PasswordCallback(char* buf, int size, int rwflag, void* u);
108 95 109 96
int NoPasswordCallback(char* buf, int size, int rwflag, void* u);
@@ -1,16 +1,17 @@
1 1
#include "inspector_io.h"
2 2 3 -
#include "inspector_socket_server.h"
4 -
#include "inspector/main_thread_interface.h"
5 -
#include "inspector/node_string.h"
6 -
#include "crypto/crypto_util.h"
7 3
#include "base_object-inl.h"
4 +
#include "crypto/crypto_util.h"
8 5
#include "debug_utils-inl.h"
6 +
#include "inspector/main_thread_interface.h"
7 +
#include "inspector/node_string.h"
8 +
#include "inspector_socket_server.h"
9 +
#include "ncrypto.h"
9 10
#include "node.h"
10 11
#include "node_internals.h"
11 12
#include "node_mutex.h"
12 -
#include "v8-inspector.h"
13 13
#include "util-inl.h"
14 +
#include "v8-inspector.h"
14 15
#include "zlib.h"
15 16 16 17
#include <deque>
@@ -46,7 +47,7 @@ std::string ScriptPath(uv_loop_t* loop, const std::string& script_name) {
46 47
// Used ver 4 - with numbers
47 48
std::string GenerateID() {
48 49
uint16_t buffer[8];
49 -
CHECK(crypto::CSPRNG(buffer, sizeof(buffer)).is_ok());
50 +
CHECK(ncrypto::CSPRNG(buffer, sizeof(buffer)));
50 51 51 52
char uuid[256];
52 53
snprintf(uuid, sizeof(uuid), "%04x%04x-%04x-%04x-%04x-%04x%04x%04x",
@@ -47,6 +47,7 @@
47 47
#include "node_version.h"
48 48 49 49
#if HAVE_OPENSSL
50 +
#include "ncrypto.h"
50 51
#include "node_crypto.h"
51 52
#endif
52 53
@@ -1191,14 +1192,14 @@ InitializeOncePerProcessInternal(const std::vector<std::string>& args,
1191 1192
}
1192 1193 1193 1194
// Ensure CSPRNG is properly seeded.
1194 -
CHECK(crypto::CSPRNG(nullptr, 0).is_ok());
1195 +
CHECK(ncrypto::CSPRNG(nullptr, 0));
1195 1196 1196 1197
V8::SetEntropySource([](unsigned char* buffer, size_t length) {
1197 1198
// V8 falls back to very weak entropy when this function fails
1198 1199
// and /dev/urandom isn't available. That wouldn't be so bad if
1199 1200
// the entropy was only used for Math.random() but it's also used for
1200 1201
// hash table and address space layout randomization. Better to abort.
1201 -
CHECK(crypto::CSPRNG(buffer, length).is_ok());
1202 +
CHECK(ncrypto::CSPRNG(buffer, length));
1202 1203
return true;
1203 1204
});
1204 1205
#endif // !defined(OPENSSL_IS_BORINGSSL)
@@ -5,6 +5,7 @@
5 5
#include <node_mutex.h>
6 6
#include <string_bytes.h>
7 7
#include "nbytes.h"
8 +
#include "ncrypto.h"
8 9
#include "quic/defs.h"
9 10 10 11
namespace node {
@@ -132,7 +133,7 @@ class RandomCIDFactory : public CID::Factory {
132 133
// a CID of the requested size, we regenerate the pool
133 134
// and reset it to zero.
134 135
if (pos_ + length_hint > kPoolSize) {
135 -
CHECK(crypto::CSPRNG(pool_, kPoolSize).is_ok());
136 +
CHECK(ncrypto::CSPRNG(pool_, kPoolSize));
136 137
pos_ = 0;
137 138
}
138 139
}
@@ -19,6 +19,7 @@
19 19
#include "application.h"
20 20
#include "bindingdata.h"
21 21
#include "defs.h"
22 +
#include "ncrypto.h"
22 23 23 24
namespace node {
24 25
@@ -87,7 +88,7 @@ namespace {
87 88
bool is_diagnostic_packet_loss(double probability) {
88 89
if (LIKELY(probability == 0.0)) return false;
89 90
unsigned char c = 255;
90 -
CHECK(crypto::CSPRNG(&c, 1).is_ok());
91 +
CHECK(ncrypto::CSPRNG(&c, 1));
91 92
return (static_cast<double>(c) / 255) < probability;
92 93
}
93 94
#endif // DEBUG
@@ -14,6 +14,7 @@
14 14
#include "bindingdata.h"
15 15
#include "cid.h"
16 16
#include "defs.h"
17 +
#include "ncrypto.h"
17 18
#include "tokens.h"
18 19 19 20
namespace node {
@@ -331,7 +332,7 @@ Packet* Packet::CreateStatelessResetPacket(
331 332 332 333
StatelessResetToken token(token_secret, path_descriptor.dcid);
333 334
uint8_t random[kRandlen];
334 -
CHECK(crypto::CSPRNG(random, kRandlen).is_ok());
335 +
CHECK(ncrypto::CSPRNG(random, kRandlen));
335 336 336 337
auto packet = Create(env,
337 338
listener,
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4