Skip to content

meta: move one or more collaborators to emeritus #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
github-actions wants to merge 5 commits into
base: malterlib
Choose a base branch
from
Open

meta: move one or more collaborators to emeritus #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
87a91d7
Add "from_certificate" setting for ecdhCurve option
erikolofsson Aug 3, 2018
76133ee
Fix BoringSSL compile errors
erikolofsson Feb 7, 2020
c69a0f0
Remove DST Root CA X3 from root certificates
erikolofsson Sep 30, 2021
822f439
Fix clang miscompile
erikolofsson Oct 20, 2021
9e61be6
meta: move one or more collaborators to emeritus
github-actions[bot] Nov 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,8 +278,6 @@ For information about the governance of the Node.js project, see
**Beth Griggs** <bgriggs@redhat.com> (she/her)
* [bmeck](https://github.com/bmeck) -
**Bradley Farias** <bradley.meck@gmail.com>
* [bmeurer](https://github.com/bmeurer) -
**Benedikt Meurer** <benedikt.meurer@gmail.com>
* [boneskull](https://github.com/boneskull) -
**Christopher Hiller** <boneskull@boneskull.com> (he/him)
* [BridgeAR](https://github.com/BridgeAR) -
Expand Down Expand Up @@ -336,8 +334,6 @@ For information about the governance of the Node.js project, see
**Guy Bedford** <guybedford@gmail.com> (he/him)
* [HarshithaKP](https://github.com/HarshithaKP) -
**Harshitha K P** <harshitha014@gmail.com> (she/her)
* [hashseed](https://github.com/hashseed) -
**Yang Guo** <yangguo@chromium.org> (he/him)
* [himself65](https://github.com/himself65) -
**Zeyu Yang** <himself65@outlook.com> (he/him)
* [hiroppy](https://github.com/hiroppy) -
Expand All @@ -346,8 +342,6 @@ For information about the governance of the Node.js project, see
**Ian Sutherland** <ian@iansutherland.ca>
* [indutny](https://github.com/indutny) -
**Fedor Indutny** <fedor@indutny.com>
* [JacksonTian](https://github.com/JacksonTian) -
**Jackson Tian** <shyvo1987@gmail.com>
* [jasnell](https://github.com/jasnell) -
**James M Snell** <jasnell@gmail.com> (he/him)
* [jkrems](https://github.com/jkrems) -
Expand Down Expand Up @@ -382,8 +376,6 @@ For information about the governance of the Node.js project, see
**Milad Fa** <mfarazma@redhat.com> (he/him)
* [mildsunrise](https://github.com/mildsunrise) -
**Alba Mendez** <me@alba.sh> (she/her)
* [misterdjules](https://github.com/misterdjules) -
**Julien Gilli** <jgilli@netflix.com>
* [mmarchini](https://github.com/mmarchini) -
**Mary Marchini** <oss@mmarchini.me> (she/her)
* [mscdex](https://github.com/mscdex) -
Expand All @@ -402,8 +394,6 @@ For information about the governance of the Node.js project, see
**Stephen Belanger** <admin@stephenbelanger.com> (he/him)
* [RaisinTen](https://github.com/RaisinTen) -
**Darshan Sen** <raisinten@gmail.com> (he/him)
* [refack](https://github.com/refack) -
**Refael Ackermann (רפאל פלחי)** <refack@gmail.com> (he/him/הוא/אתה)
* [rexagod](https://github.com/rexagod) -
**Pranshu Srivastava** <rexagod@gmail.com> (he/him)
* [richardlau](https://github.com/richardlau) -
Expand Down Expand Up @@ -479,6 +469,8 @@ For information about the governance of the Node.js project, see
**Andreas Madsen** <amwebdk@gmail.com> (he/him)
* [aqrln](https://github.com/aqrln) -
**Alexey Orlenko** <eaglexrlnk@gmail.com> (he/him)
* [bmeurer](https://github.com/bmeurer) -
**Benedikt Meurer** <benedikt.meurer@gmail.com>
* [bnoordhuis](https://github.com/bnoordhuis) -
**Ben Noordhuis** <info@bnoordhuis.nl>
* [brendanashworth](https://github.com/brendanashworth) -
Expand All @@ -505,6 +497,10 @@ For information about the governance of the Node.js project, see
**Gibson Fahnestock** <gibfahn@gmail.com> (he/him)
* [glentiki](https://github.com/glentiki) -
**Glen Keane** <glenkeane.94@gmail.com> (he/him)
* [hashseed](https://github.com/hashseed) -
**Yang Guo** <yangguo@chromium.org> (he/him)
* [JacksonTian](https://github.com/JacksonTian) -
**Jackson Tian** <shyvo1987@gmail.com>
* [iarna](https://github.com/iarna) -
**Rebecca Turner** <me@re-becca.org>
* [imran-iq](https://github.com/imran-iq) -
Expand Down Expand Up @@ -545,6 +541,8 @@ For information about the governance of the Node.js project, see
**Nicu Micleușanu** <micnic90@gmail.com> (he/him)
* [mikeal](https://github.com/mikeal) -
**Mikeal Rogers** <mikeal.rogers@gmail.com>
* [misterdjules](https://github.com/misterdjules) -
**Julien Gilli** <jgilli@netflix.com>
* [monsanto](https://github.com/monsanto) -
**Christopher Monsanto** <chris@monsan.to>
* [MoonBall](https://github.com/MoonBall) -
Expand All @@ -571,6 +569,8 @@ For information about the governance of the Node.js project, see
**Prince John Wesley** <princejohnwesley@gmail.com>
* [psmarshall](https://github.com/psmarshall) -
**Peter Marshall** <petermarshall@chromium.org> (he/him)
* [refack](https://github.com/refack) -
**Refael Ackermann (רפאל פלחי)** <refack@gmail.com> (he/him/הוא/אתה)
* [rlidwka](https://github.com/rlidwka) -
**Alex Kocharin** <alex@kocharin.ru>
* [rmg](https://github.com/rmg) -
Expand Down
2 changes: 1 addition & 1 deletion deps/v8/third_party/zlib/contrib/optimizations/inffast_chunk.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
the main copy is near the end.
*/
out = chunkunroll_relaxed(out, &dist, &len);
out = chunkcopy_safe(out, out - dist, len, limit);
out = chunkcopy_lapped_safe(out, dist, len, limit);
} else {
/* from points to window, so there is no risk of
overlapping pointers requiring memset-like behaviour
Expand Down
2 changes: 1 addition & 1 deletion deps/zlib/contrib/optimizations/inffast_chunk.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
the main copy is near the end.
*/
out = chunkunroll_relaxed(out, &dist, &len);
out = chunkcopy_safe(out, out - dist, len, limit);
out = chunkcopy_lapped_safe(out, dist, len, limit);
} else {
/* from points to window, so there is no risk of
overlapping pointers requiring memset-like behaviour
Expand Down
170 changes: 168 additions & 2 deletions src/node_crypto.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,41 @@ Maybe<bool> Decorate(Environment* env, Local<Object> obj,
c = ToUpper(c);
}

#ifdef OPENSSL_IS_BORINGSSL
#define OSSL_ERROR_CODES_MAP(V) \
V(SYS) \
V(BN) \
V(RSA) \
V(DH) \
V(EVP) \
V(BUF) \
V(OBJ) \
V(PEM) \
V(DSA) \
V(X509) \
V(ASN1) \
V(CONF) \
V(CRYPTO) \
V(EC) \
V(SSL) \
V(BIO) \
V(PKCS7) \
V(PKCS8) \
V(X509V3) \
V(RAND) \
V(ENGINE) \
V(OCSP) \
V(UI) \
V(COMP) \
V(ECDSA) \
V(ECDH) \
V(HMAC) \
V(DIGEST) \
V(CIPHER) \
V(HKDF) \
V(USER) \

#else
#define OSSL_ERROR_CODES_MAP(V) \
V(SYS) \
V(BN) \
Expand Down Expand Up @@ -311,6 +346,8 @@ Maybe<bool> Decorate(Environment* env, Local<Object> obj,
V(SM2) \
V(USER) \

#endif

#define V(name) case ERR_LIB_##name: lib = #name "_"; break;
const char* lib = "";
const char* prefix = "OSSL_";
Expand Down Expand Up @@ -1200,6 +1237,121 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) {
}
}

static void set_settings_from_certificate(Environment* env, SSL_CTX* const context) {
int curveName = 0;

auto privateKey = SSL_CTX_get0_privatekey(context);
if (privateKey) {
if (auto keyRSA = EVP_PKEY_get1_RSA(privateKey)) {
auto RSASize = RSA_size(keyRSA) * 8;
RSA_free(keyRSA);
// Match curve security to security of RSA key
if (RSASize >= 12288)
curveName = NID_secp521r1;
else if (RSASize >= 4096)
curveName = NID_secp384r1;
else
curveName = NID_X9_62_prime256v1;
} else if (auto keyEC = EVP_PKEY_get1_EC_KEY(privateKey)) {
curveName = EC_GROUP_get_curve_name(EC_KEY_get0_group(keyEC));
if (!curveName)
curveName = NID_secp521r1;
EC_KEY_free(keyEC);
}
}

if (curveName) {
EC_KEY *curveKey = EC_KEY_new_by_curve_name(curveName);
if (curveKey) {
SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
if (SSL_CTX_set_tmp_ecdh(context, curveKey) != 1)
SSL_CTX_set_ecdh_auto(context, 1);
EC_KEY_free(curveKey);
} else
SSL_CTX_set_ecdh_auto(context, 1);
}

static const int supportedCurves[] = {
NID_secp521r1
, NID_secp384r1
#ifdef OPENSSL_IS_BORINGSSL
, NID_X25519
#endif
, NID_X9_62_prime256v1
};

if (!SSL_CTX_set1_curves(context, supportedCurves, sizeof(supportedCurves)
/ sizeof(supportedCurves[0]))) {
return env->ThrowError("Failed to set supported curves on ssl context");
}

#ifdef OPENSSL_IS_BORINGSSL
static const uint16_t s_DefaultAlgos[] = {
SSL_SIGN_ECDSA_SECP521R1_SHA512
, SSL_SIGN_RSA_PSS_SHA512
, SSL_SIGN_RSA_PKCS1_SHA512
, SSL_SIGN_ECDSA_SECP384R1_SHA384
, SSL_SIGN_RSA_PSS_SHA384
, SSL_SIGN_RSA_PKCS1_SHA384
, SSL_SIGN_ECDSA_SECP256R1_SHA256
, SSL_SIGN_RSA_PSS_SHA256
, SSL_SIGN_RSA_PKCS1_SHA256
};

size_t num_algos = sizeof(s_DefaultAlgos) / sizeof(s_DefaultAlgos[0]);
const uint16_t *algos = s_DefaultAlgos;

switch (curveName)
{
case NID_secp521r1: break;
case NID_secp384r1:
{
static const uint16_t s_CustomAlgos[] =
{
SSL_SIGN_ECDSA_SECP384R1_SHA384
, SSL_SIGN_RSA_PSS_SHA384
, SSL_SIGN_RSA_PKCS1_SHA384
, SSL_SIGN_ECDSA_SECP521R1_SHA512
, SSL_SIGN_RSA_PSS_SHA512
, SSL_SIGN_RSA_PKCS1_SHA512
, SSL_SIGN_ECDSA_SECP256R1_SHA256
, SSL_SIGN_RSA_PSS_SHA256
, SSL_SIGN_RSA_PKCS1_SHA256
};
num_algos = sizeof(s_CustomAlgos) / sizeof(s_CustomAlgos[0]);
algos = s_CustomAlgos;
}
break;
case NID_X9_62_prime256v1:
case NID_X25519:
{
static const uint16_t s_CustomAlgos[] =
{
SSL_SIGN_ECDSA_SECP256R1_SHA256
, SSL_SIGN_RSA_PSS_SHA256
, SSL_SIGN_RSA_PKCS1_SHA256
, SSL_SIGN_ECDSA_SECP384R1_SHA384
, SSL_SIGN_RSA_PSS_SHA384
, SSL_SIGN_RSA_PKCS1_SHA384
, SSL_SIGN_ECDSA_SECP521R1_SHA512
, SSL_SIGN_RSA_PSS_SHA512
, SSL_SIGN_RSA_PKCS1_SHA512
};
num_algos = sizeof(s_CustomAlgos) / sizeof(s_CustomAlgos[0]);
algos = s_CustomAlgos;
}
break;
}

if (!SSL_CTX_set_signing_algorithm_prefs(context, algos, num_algos)) {
return env->ThrowError("Failed to set preferred signing algorithms on ssl context");
}

if (!SSL_CTX_set_verify_algorithm_prefs(context, algos, num_algos)) {
return env->ThrowError("Failed to set preferred verify algorithms on ssl context");
}
#endif
}

void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) {
SecureContext* sc;
Expand All @@ -1213,6 +1365,9 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) {

node::Utf8Value curve(env->isolate(), args[0]);

if (strcmp(*curve, "from_certificate") == 0)
return set_settings_from_certificate(env, sc->ctx_.get());

if (strcmp(*curve, "auto") == 0)
return;

Expand Down Expand Up @@ -5744,7 +5899,7 @@ void ECDH::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
if (!EC_KEY_set_public_key(new_key.get(), pub.get()))
return env->ThrowError("Failed to set generated public key");

EC_KEY_copy(ecdh->key_.get(), new_key.get());
ecdh->key_ = ECKeyPointer(EC_KEY_dup(new_key.get()));
ecdh->group_ = EC_KEY_get0_group(ecdh->key_.get());
}

Expand Down Expand Up @@ -6125,6 +6280,7 @@ class RSAPSSKeyPairGenerationConfig : public RSAKeyPairGenerationConfig {
const int saltlen_;
};

#ifndef OPENSSL_IS_BORINGSSL
class DSAKeyPairGenerationConfig : public KeyPairGenerationConfig {
public:
DSAKeyPairGenerationConfig(unsigned int modulus_bits, int divisor_bits)
Expand Down Expand Up @@ -6163,6 +6319,7 @@ class DSAKeyPairGenerationConfig : public KeyPairGenerationConfig {
const unsigned int modulus_bits_;
const int divisor_bits_;
};
#endif

class ECKeyPairGenerationConfig : public KeyPairGenerationConfig {
public:
Expand Down Expand Up @@ -6220,6 +6377,7 @@ struct PrimeInfo {
unsigned int prime_size_;
};

#ifndef OPENSSL_IS_BORINGSSL
class DHKeyPairGenerationConfig : public KeyPairGenerationConfig {
public:
explicit DHKeyPairGenerationConfig(PrimeInfo&& prime_info,
Expand Down Expand Up @@ -6275,6 +6433,7 @@ class DHKeyPairGenerationConfig : public KeyPairGenerationConfig {
PrimeInfo prime_info_;
unsigned int generator_;
};
#endif

class GenerateKeyPairJob : public CryptoJob {
public:
Expand Down Expand Up @@ -6454,6 +6613,7 @@ void GenerateKeyPairRSAPSS(const FunctionCallbackInfo<Value>& args) {
GenerateKeyPair(args, 5, std::move(config));
}

#ifndef OPENSSL_IS_BORINGSSL
void GenerateKeyPairDSA(const FunctionCallbackInfo<Value>& args) {
CHECK(args[0]->IsUint32());
const uint32_t modulus_bits = args[0].As<Uint32>()->Value();
Expand All @@ -6463,6 +6623,7 @@ void GenerateKeyPairDSA(const FunctionCallbackInfo<Value>& args) {
new DSAKeyPairGenerationConfig(modulus_bits, divisor_bits));
GenerateKeyPair(args, 2, std::move(config));
}
#endif

void GenerateKeyPairEC(const FunctionCallbackInfo<Value>& args) {
CHECK(args[0]->IsString());
Expand Down Expand Up @@ -6492,6 +6653,7 @@ void GenerateKeyPairNid(const FunctionCallbackInfo<Value>& args) {
GenerateKeyPair(args, 1, std::move(config));
}

#ifndef OPENSSL_IS_BORINGSSL
void GenerateKeyPairDH(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);

Expand Down Expand Up @@ -6524,7 +6686,7 @@ void GenerateKeyPairDH(const FunctionCallbackInfo<Value>& args) {
new DHKeyPairGenerationConfig(std::move(prime_info), generator));
GenerateKeyPair(args, 2, std::move(config));
}

#endif

void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
Expand Down Expand Up @@ -7021,10 +7183,14 @@ void Initialize(Local<Object> target,
env->SetMethod(target, "pbkdf2", PBKDF2);
env->SetMethod(target, "generateKeyPairRSA", GenerateKeyPairRSA);
env->SetMethod(target, "generateKeyPairRSAPSS", GenerateKeyPairRSAPSS);
#ifndef OPENSSL_IS_BORINGSSL
env->SetMethod(target, "generateKeyPairDSA", GenerateKeyPairDSA);
#endif
env->SetMethod(target, "generateKeyPairEC", GenerateKeyPairEC);
env->SetMethod(target, "generateKeyPairNid", GenerateKeyPairNid);
#ifndef OPENSSL_IS_BORINGSSL
env->SetMethod(target, "generateKeyPairDH", GenerateKeyPairDH);
#endif
NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED25519);
NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED448);
NODE_DEFINE_CONSTANT(target, EVP_PKEY_X25519);
Expand Down
Loading