From 356ece933457ff7216658236ec5cf05f906e8f69 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Fri, 14 Sep 2018 13:39:05 +0000
Subject: [PATCH 2/2] Remove OpenSSL 1.0.2 features
---
src/node_crypto.cc | 150 ++++++++++++++++++++---------
src/node_crypto.h | 28 ++++--
test/parallel/test-crypto-authenticated.js | 6 +-
3 files changed, 128 insertions(+), 56 deletions(-)
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 7bdb1b1..6111e2e 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -1077,8 +1077,8 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) {
node::Utf8Value curve(env->isolate(), args[0]);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE);
- SSL_CTX_set_ecdh_auto(sc->ctx_, 1);
+ SSL_CTX_set_options(sc->ctx_.get(), SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_ecdh_auto(sc->ctx_.get(), 1);
#endif
if (strcmp(*curve, "auto") == 0)
@@ -1340,7 +1340,7 @@ void SecureContext::GetTicketKeys(const FunctionCallbackInfo<Value>& args) {
memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16);
memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16);
#else
- if (SSL_CTX_get_tlsext_ticket_keys(wrap->ctx_,
+ if (SSL_CTX_get_tlsext_ticket_keys(wrap->ctx_.get(),
Buffer::Data(buff),
Buffer::Length(buff)) != 1) {
return wrap->env()->ThrowError("Failed to fetch tls ticket keys");
@@ -1374,7 +1374,7 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo<Value>& args) {
memcpy(wrap->ticket_key_hmac_, Buffer::Data(args[0]) + 16, 16);
memcpy(wrap->ticket_key_aes_, Buffer::Data(args[0]) + 32, 16);
#else
- if (SSL_CTX_set_tlsext_ticket_keys(wrap->ctx_,
+ if (SSL_CTX_set_tlsext_ticket_keys(wrap->ctx_.get(),
Buffer::Data(args[0]),
Buffer::Length(args[0])) != 1) {
return env->ThrowError("Failed to fetch tls ticket keys");
@@ -2804,14 +2804,14 @@ void CipherBase::Init(const char* cipher_type,
iv);
CHECK_NE(key_len, 0);
- ctx_.reset(EVP_CIPHER_CTX_new());
+ ctx_ = EVP_CIPHER_CTX_new();
const int mode = EVP_CIPHER_mode(cipher);
if (mode == EVP_CIPH_WRAP_MODE)
- EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+ EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
const bool encrypt = (kind_ == kCipher);
- if (1 != EVP_CipherInit_ex(ctx_.get(), cipher, nullptr,
+ if (1 != EVP_CipherInit_ex(ctx_, cipher, nullptr,
nullptr, nullptr, encrypt)) {
return ThrowCryptoError(env(), ERR_get_error(),
"Failed to initialize cipher");
@@ -2832,9 +2832,9 @@ void CipherBase::Init(const char* cipher_type,
return;
}
- CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len));
+ CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_, key_len));
- if (1 != EVP_CipherInit_ex(ctx_.get(),
+ if (1 != EVP_CipherInit_ex(ctx_,
nullptr,
nullptr,
reinterpret_cast<unsigned char*>(key),
@@ -2871,8 +2871,8 @@ void CipherBase::Init(const FunctionCallbackInfo<Value>& args) {
static bool IsSupportedAuthenticatedMode(int mode) {
return mode == EVP_CIPH_CCM_MODE ||
- mode == EVP_CIPH_GCM_MODE ||
- mode == EVP_CIPH_OCB_MODE;
+ mode == EVP_CIPH_GCM_MODE;
+ // mode == EVP_CIPH_OCB_MODE;
}
void CipherBase::InitIv(const char* cipher_type,
@@ -2906,13 +2906,13 @@ void CipherBase::InitIv(const char* cipher_type,
return env()->ThrowError("Invalid IV length");
}
- ctx_.reset(EVP_CIPHER_CTX_new());
+ ctx_ = EVP_CIPHER_CTX_new();
if (mode == EVP_CIPH_WRAP_MODE)
- EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+ EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
const bool encrypt = (kind_ == kCipher);
- if (1 != EVP_CipherInit_ex(ctx_.get(), cipher, nullptr,
+ if (1 != EVP_CipherInit_ex(ctx_, cipher, nullptr,
nullptr, nullptr, encrypt)) {
return ThrowCryptoError(env(), ERR_get_error(),
"Failed to initialize cipher");
@@ -2924,12 +2924,13 @@ void CipherBase::InitIv(const char* cipher_type,
return;
}
- if (!EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len)) {
- ctx_.reset();
+ if (!EVP_CIPHER_CTX_set_key_length(ctx_, key_len)) {
+ EVP_CIPHER_CTX_free(ctx_);
+ ctx_ = nullptr;
return env()->ThrowError("Invalid key length");
}
- if (1 != EVP_CipherInit_ex(ctx_.get(),
+ if (1 != EVP_CipherInit_ex(ctx_,
nullptr,
nullptr,
reinterpret_cast<const unsigned char*>(key),
@@ -2992,8 +2993,8 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
return false;
}
- const int mode = EVP_CIPHER_CTX_mode(ctx_.get());
- if (mode == EVP_CIPH_CCM_MODE || mode == EVP_CIPH_OCB_MODE) {
+ const int mode = EVP_CIPHER_CTX_mode(ctx_);
+ if (mode == EVP_CIPH_CCM_MODE) {
if (auth_tag_len == kNoAuthTagLength) {
char msg[128];
snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type);
@@ -3010,7 +3011,8 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
#endif
// Tell OpenSSL about the desired length.
- if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_SET_TAG, auth_tag_len,
+ if (!EVP_CIPHER_CTX_ctrl(ctx_, EVP_CTRL_CCM_SET_TAG, auth_tag_len,
+ // if (!EVP_CIPHER_CTX_ctrl(ctx_, EVP_CTRL_AEAD_SET_TAG, auth_tag_len,
nullptr)) {
env()->ThrowError("Invalid authentication tag length");
return false;
@@ -3049,7 +3051,7 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
bool CipherBase::CheckCCMMessageLength(int message_len) {
CHECK(ctx_);
- CHECK(EVP_CIPHER_CTX_mode(ctx_.get()) == EVP_CIPH_CCM_MODE);
+ CHECK(EVP_CIPHER_CTX_mode(ctx_) == EVP_CIPH_CCM_MODE);
if (message_len > max_message_size_) {
env()->ThrowError("Message exceeds maximum size");
@@ -3063,7 +3065,7 @@ bool CipherBase::CheckCCMMessageLength(int message_len) {
bool CipherBase::IsAuthenticatedMode() const {
// Check if this cipher operates in an AEAD mode that we support.
CHECK(ctx_);
- const int mode = EVP_CIPHER_CTX_mode(ctx_.get());
+ const int mode = EVP_CIPHER_CTX_mode(ctx_);
return IsSupportedAuthenticatedMode(mode);
}
@@ -3098,7 +3100,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
}
unsigned int tag_len = Buffer::Length(args[0]);
- const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_.get());
+ const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_);
if (mode == EVP_CIPH_GCM_MODE) {
if (cipher->auth_tag_len_ != kNoAuthTagLength &&
cipher->auth_tag_len_ != tag_len) {
@@ -3114,6 +3116,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
"Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.", tag_len);
ProcessEmitDeprecationWarning(cipher->env(), msg, "DEP0090");
}
+/*
} else if (mode == EVP_CIPH_OCB_MODE) {
// At this point, the tag length is already known and must match the
// length of the given authentication tag.
@@ -3125,6 +3128,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
"Invalid authentication tag length: %u", tag_len);
return cipher->env()->ThrowError(msg);
}
+*/
}
// Note: we don't use std::min() here to work around a header conflict.
@@ -3141,8 +3145,8 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
bool CipherBase::MaybePassAuthTagToOpenSSL() {
if (!auth_tag_set_ && auth_tag_len_ != kNoAuthTagLength) {
- if (!EVP_CIPHER_CTX_ctrl(ctx_.get(),
- EVP_CTRL_AEAD_SET_TAG,
+ if (!EVP_CIPHER_CTX_ctrl(ctx_,
+ EVP_CTRL_CCM_SET_TAG,
auth_tag_len_,
reinterpret_cast<unsigned char*>(auth_tag_))) {
return false;
@@ -3159,7 +3163,7 @@ bool CipherBase::SetAAD(const char* data, unsigned int len, int plaintext_len) {
MarkPopErrorOnReturn mark_pop_error_on_return;
int outlen;
- const int mode = EVP_CIPHER_CTX_mode(ctx_.get());
+ const int mode = EVP_CIPHER_CTX_mode(ctx_);
// When in CCM mode, we need to set the authentication tag and the plaintext
// length in advance.
@@ -3178,11 +3182,11 @@ bool CipherBase::SetAAD(const char* data, unsigned int len, int plaintext_len) {
}
// Specify the plaintext length.
- if (!EVP_CipherUpdate(ctx_.get(), nullptr, &outlen, nullptr, plaintext_len))
+ if (!EVP_CipherUpdate(ctx_, nullptr, &outlen, nullptr, plaintext_len))
return false;
}
- return 1 == EVP_CipherUpdate(ctx_.get(),
+ return 1 == EVP_CipherUpdate(ctx_,
nullptr,
&outlen,
reinterpret_cast<const unsigned char*>(data),
@@ -3212,7 +3216,7 @@ CipherBase::UpdateResult CipherBase::Update(const char* data,
return kErrorState;
MarkPopErrorOnReturn mark_pop_error_on_return;
- const int mode = EVP_CIPHER_CTX_mode(ctx_.get());
+ const int mode = EVP_CIPHER_CTX_mode(ctx_);
if (mode == EVP_CIPH_CCM_MODE) {
if (!CheckCCMMessageLength(len))
@@ -3226,11 +3230,11 @@ CipherBase::UpdateResult CipherBase::Update(const char* data,
}
*out_len = 0;
- int buff_len = len + EVP_CIPHER_CTX_block_size(ctx_.get());
+ int buff_len = len + EVP_CIPHER_CTX_block_size(ctx_);
// For key wrapping algorithms, get output size by calling
// EVP_CipherUpdate() with null output.
if (kind_ == kCipher && mode == EVP_CIPH_WRAP_MODE &&
- EVP_CipherUpdate(ctx_.get(),
+ EVP_CipherUpdate(ctx_,
nullptr,
&buff_len,
reinterpret_cast<const unsigned char*>(data),
@@ -3239,7 +3243,7 @@ CipherBase::UpdateResult CipherBase::Update(const char* data,
}
*out = Malloc<unsigned char>(buff_len);
- int r = EVP_CipherUpdate(ctx_.get(),
+ int r = EVP_CipherUpdate(ctx_,
*out,
out_len,
reinterpret_cast<const unsigned char*>(data),
@@ -3301,7 +3305,7 @@ bool CipherBase::SetAutoPadding(bool auto_padding) {
if (!ctx_)
return false;
MarkPopErrorOnReturn mark_pop_error_on_return;
- return EVP_CIPHER_CTX_set_padding(ctx_.get(), auto_padding);
+ return EVP_CIPHER_CTX_set_padding(ctx_, auto_padding);
}
@@ -3318,10 +3322,10 @@ bool CipherBase::Final(unsigned char** out, int* out_len) {
if (!ctx_)
return false;
- const int mode = EVP_CIPHER_CTX_mode(ctx_.get());
+ const int mode = EVP_CIPHER_CTX_mode(ctx_);
*out = Malloc<unsigned char>(
- static_cast<size_t>(EVP_CIPHER_CTX_block_size(ctx_.get())));
+ static_cast<size_t>(EVP_CIPHER_CTX_block_size(ctx_)));
if (kind_ == kDecipher && IsSupportedAuthenticatedMode(mode)) {
MaybePassAuthTagToOpenSSL();
@@ -3333,7 +3337,7 @@ bool CipherBase::Final(unsigned char** out, int* out_len) {
if (kind_ == kDecipher && mode == EVP_CIPH_CCM_MODE) {
ok = !pending_auth_failed_;
} else {
- ok = EVP_CipherFinal_ex(ctx_.get(), *out, out_len) == 1;
+ ok = EVP_CipherFinal_ex(ctx_, *out, out_len) == 1;
if (ok && kind_ == kCipher && IsAuthenticatedMode()) {
// In GCM mode, the authentication tag length can be specified in advance,
@@ -3351,7 +3355,8 @@ bool CipherBase::Final(unsigned char** out, int* out_len) {
}
}
- ctx_.reset();
+ EVP_CIPHER_CTX_free(ctx_);
+ ctx_ = nullptr;
return ok;
}
@@ -3394,6 +3399,11 @@ void CipherBase::Final(const FunctionCallbackInfo<Value>& args) {
}
+Hmac::~Hmac() {
+ HMAC_CTX_free(ctx_);
+}
+
+
void Hmac::Initialize(Environment* env, v8::Local<Object> target) {
Local<FunctionTemplate> t = env->NewFunctionTemplate(New);
@@ -3423,9 +3433,16 @@ void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) {
if (key_len == 0) {
key = "";
}
+/*
ctx_.reset(HMAC_CTX_new());
if (!ctx_ || !HMAC_Init_ex(ctx_.get(), key, key_len, md, nullptr)) {
ctx_.reset();
+*/
+ ctx_ = HMAC_CTX_new();
+ if (ctx_ == nullptr ||
+ !HMAC_Init_ex(ctx_, key, key_len, md, nullptr)) {
+ HMAC_CTX_free(ctx_);
+ ctx_ = nullptr;
return ThrowCryptoError(env(), ERR_get_error());
}
}
@@ -3446,7 +3463,7 @@ void Hmac::HmacInit(const FunctionCallbackInfo<Value>& args) {
bool Hmac::HmacUpdate(const char* data, int len) {
if (!ctx_)
return false;
- int r = HMAC_Update(ctx_.get(),
+ int r = HMAC_Update(ctx_,
reinterpret_cast<const unsigned char*>(data),
len);
return r == 1;
@@ -3493,10 +3510,17 @@ void Hmac::HmacDigest(const FunctionCallbackInfo<Value>& args) {
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len = 0;
+/*
if (hmac->ctx_) {
HMAC_Final(hmac->ctx_.get(), md_value, &md_len);
hmac->ctx_.reset();
}
+*/
+ if (hmac->ctx_ != nullptr) {
+ HMAC_Final(hmac->ctx_, md_value, &md_len);
+ HMAC_CTX_free(hmac->ctx_);
+ hmac->ctx_ = nullptr;
+ }
Local<Value> error;
MaybeLocal<Value> rc =
@@ -3514,6 +3538,11 @@ void Hmac::HmacDigest(const FunctionCallbackInfo<Value>& args) {
}
+Hash::~Hash() {
+ EVP_MD_CTX_free(mdctx_);
+}
+
+
void Hash::Initialize(Environment* env, v8::Local<Object> target) {
Local<FunctionTemplate> t = env->NewFunctionTemplate(New);
@@ -3543,9 +3572,16 @@ bool Hash::HashInit(const char* hash_type) {
const EVP_MD* md = EVP_get_digestbyname(hash_type);
if (md == nullptr)
return false;
+/*
mdctx_.reset(EVP_MD_CTX_new());
if (!mdctx_ || EVP_DigestInit_ex(mdctx_.get(), md, nullptr) <= 0) {
mdctx_.reset();
+*/
+ mdctx_ = EVP_MD_CTX_new();
+ if (mdctx_ == nullptr ||
+ EVP_DigestInit_ex(mdctx_, md, nullptr) <= 0) {
+ EVP_MD_CTX_free(mdctx_);
+ mdctx_ = nullptr;
return false;
}
finalized_ = false;
@@ -3556,7 +3592,7 @@ bool Hash::HashInit(const char* hash_type) {
bool Hash::HashUpdate(const char* data, int len) {
if (!mdctx_)
return false;
- EVP_DigestUpdate(mdctx_.get(), data, len);
+ EVP_DigestUpdate(mdctx_, data, len);
return true;
}
@@ -3601,7 +3637,7 @@ void Hash::HashDigest(const FunctionCallbackInfo<Value>& args) {
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
- EVP_DigestFinal_ex(hash->mdctx_.get(), md_value, &md_len);
+ EVP_DigestFinal_ex(hash->mdctx_, md_value, &md_len);
hash->finalized_ = true;
Local<Value> error;
@@ -3620,6 +3656,11 @@ void Hash::HashDigest(const FunctionCallbackInfo<Value>& args) {
}
+SignBase::~SignBase() {
+ EVP_MD_CTX_free(mdctx_);
+}
+
+
SignBase::Error SignBase::Init(const char* sign_type) {
CHECK_NULL(mdctx_);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -3634,9 +3675,16 @@ SignBase::Error SignBase::Init(const char* sign_type) {
if (md == nullptr)
return kSignUnknownDigest;
+/*
mdctx_.reset(EVP_MD_CTX_new());
if (!mdctx_ || !EVP_DigestInit_ex(mdctx_.get(), md, nullptr)) {
mdctx_.reset();
+*/
+ mdctx_ = EVP_MD_CTX_new();
+ if (mdctx_ == nullptr ||
+ !EVP_DigestInit_ex(mdctx_, md, nullptr)) {
+ EVP_MD_CTX_free(mdctx_);
+ mdctx_ = nullptr;
return kSignInit;
}
@@ -3647,7 +3695,7 @@ SignBase::Error SignBase::Init(const char* sign_type) {
SignBase::Error SignBase::Update(const char* data, int len) {
if (mdctx_ == nullptr)
return kSignNotInitialised;
- if (!EVP_DigestUpdate(mdctx_.get(), data, len))
+ if (!EVP_DigestUpdate(mdctx_, data, len))
return kSignUpdate;
return kSignOk;
}
@@ -3749,7 +3797,8 @@ void Sign::SignUpdate(const FunctionCallbackInfo<Value>& args) {
sign->CheckThrow(err);
}
-static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md,
+// static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md,
+static int Node_SignFinal(EVP_MD_CTX* mdctx, unsigned char* md,
unsigned int* sig_len,
const EVPKeyPointer& pkey, int padding,
int pss_salt_len) {
@@ -3757,7 +3806,7 @@ static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md,
unsigned int m_len;
*sig_len = 0;
- if (!EVP_DigestFinal_ex(mdctx.get(), m, &m_len))
+ if (!EVP_DigestFinal_ex(mdctx, m, &m_len))
return 0;
size_t sltmp = static_cast<size_t>(EVP_PKEY_size(pkey.get()));
@@ -3766,7 +3815,7 @@ static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md,
EVP_PKEY_sign_init(pkctx.get()) > 0 &&
ApplyRSAOptions(pkey, pkctx.get(), padding, pss_salt_len) &&
EVP_PKEY_CTX_set_signature_md(pkctx.get(),
- EVP_MD_CTX_md(mdctx.get())) > 0 &&
+ EVP_MD_CTX_md(mdctx)) > 0 &&
EVP_PKEY_sign(pkctx.get(), md, &sltmp, m, m_len) > 0) {
*sig_len = sltmp;
return 1;
@@ -3784,7 +3833,8 @@ SignBase::Error Sign::SignFinal(const char* key_pem,
if (!mdctx_)
return kSignNotInitialised;
- EVPMDPointer mdctx = std::move(mdctx_);
+ // EVPMDPointer mdctx = std::move(mdctx_);
+ EVP_MD_CTX* mdctx = std::move(mdctx_);
BIOPointer bp(BIO_new_mem_buf(const_cast<char*>(key_pem), key_pem_len));
if (!bp)
@@ -3967,12 +4017,12 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem,
unsigned int m_len;
int r = 0;
*verify_result = false;
- EVPMDPointer mdctx = std::move(mdctx_);
+ EVP_MD_CTX* mdctx = std::move(mdctx_);
if (ParsePublicKey(&pkey, key_pem, key_pem_len) != kParsePublicOk)
return kSignPublicKey;
- if (!EVP_DigestFinal_ex(mdctx.get(), m, &m_len))
+ if (!EVP_DigestFinal_ex(mdctx, m, &m_len))
return kSignPublicKey;
EVPKeyCtxPointer pkctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));
@@ -3980,7 +4030,7 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem,
EVP_PKEY_verify_init(pkctx.get()) > 0 &&
ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) &&
EVP_PKEY_CTX_set_signature_md(pkctx.get(),
- EVP_MD_CTX_md(mdctx.get())) > 0) {
+ EVP_MD_CTX_md(mdctx)) > 0) {
r = EVP_PKEY_verify(pkctx.get(),
reinterpret_cast<const unsigned char*>(sig),
siglen,
@@ -4948,6 +4998,7 @@ inline void PBKDF2(const FunctionCallbackInfo<Value>& args) {
}
+/*
#ifndef OPENSSL_NO_SCRYPT
struct ScryptJob : public CryptoJob {
unsigned char* keybuf_data;
@@ -5038,6 +5089,7 @@ void Scrypt(const FunctionCallbackInfo<Value>& args) {
args.GetReturnValue().Set(job->ToResult());
}
#endif // OPENSSL_NO_SCRYPT
+*/
void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
@@ -5478,9 +5530,11 @@ void Initialize(Local<Object> target,
PublicKeyCipher::Cipher<PublicKeyCipher::kPublic,
EVP_PKEY_verify_recover_init,
EVP_PKEY_verify_recover>);
+/*
#ifndef OPENSSL_NO_SCRYPT
env->SetMethod(target, "scrypt", Scrypt);
#endif // OPENSSL_NO_SCRYPT
+*/
}
} // namespace crypto
diff --git a/src/node_crypto.h b/src/node_crypto.h
index e850358..49eb078 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -81,7 +81,7 @@ using SSLSessionPointer = DeleteFnPtr<SSL_SESSION, SSL_SESSION_free>;
using SSLPointer = DeleteFnPtr<SSL, SSL_free>;
using EVPKeyPointer = DeleteFnPtr<EVP_PKEY, EVP_PKEY_free>;
using EVPKeyCtxPointer = DeleteFnPtr<EVP_PKEY_CTX, EVP_PKEY_CTX_free>;
-using EVPMDPointer = DeleteFnPtr<EVP_MD_CTX, EVP_MD_CTX_free>;
+// using EVPMDPointer = DeleteFnPtr<EVP_MD_CTX, EVP_MD_CTX_free>;
using RSAPointer = DeleteFnPtr<RSA, RSA_free>;
using BignumPointer = DeleteFnPtr<BIGNUM, BN_free>;
using NetscapeSPKIPointer = DeleteFnPtr<NETSCAPE_SPKI, NETSCAPE_SPKI_free>;
@@ -347,6 +347,10 @@ class SSLWrap {
class CipherBase : public BaseObject {
public:
+// ~CipherBase() override {
+// EVP_CIPHER_CTX_cleanup(ctx_);
+// }
+
static void Initialize(Environment* env, v8::Local<v8::Object> target);
void MemoryInfo(MemoryTracker* tracker) const override {
@@ -413,7 +417,9 @@ class CipherBase : public BaseObject {
}
private:
- DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> ctx_;
+ EVP_CIPHER_CTX* ctx_;
+ // DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> ctx_;
+ // DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_cleanup> ctx_;
const CipherKind kind_;
bool auth_tag_set_;
unsigned int auth_tag_len_;
@@ -424,6 +430,8 @@ class CipherBase : public BaseObject {
class Hmac : public BaseObject {
public:
+ ~Hmac() override;
+
static void Initialize(Environment* env, v8::Local<v8::Object> target);
void MemoryInfo(MemoryTracker* tracker) const override {
@@ -448,11 +456,14 @@ class Hmac : public BaseObject {
}
private:
- DeleteFnPtr<HMAC_CTX, HMAC_CTX_free> ctx_;
+ // DeleteFnPtr<HMAC_CTX, HMAC_CTX_free> ctx_;
+ HMAC_CTX* ctx_;
};
class Hash : public BaseObject {
public:
+ ~Hash() override;
+
static void Initialize(Environment* env, v8::Local<v8::Object> target);
void MemoryInfo(MemoryTracker* tracker) const override {
@@ -477,7 +488,8 @@ class Hash : public BaseObject {
}
private:
- EVPMDPointer mdctx_;
+ // EVPMDPointer mdctx_;
+ EVP_MD_CTX* mdctx_;
bool finalized_;
};
@@ -494,9 +506,12 @@ class SignBase : public BaseObject {
} Error;
SignBase(Environment* env, v8::Local<v8::Object> wrap)
- : BaseObject(env, wrap) {
+ : BaseObject(env, wrap),
+ mdctx_(nullptr) {
}
+ ~SignBase() override;
+
Error Init(const char* sign_type);
Error Update(const char* data, int len);
@@ -509,7 +524,8 @@ class SignBase : public BaseObject {
protected:
void CheckThrow(Error error);
- EVPMDPointer mdctx_;
+ // EVPMDPointer mdctx_;
+ EVP_MD_CTX* mdctx_;
};
class Sign : public SignBase {
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
index 4b2d852..cb0bc41 100644
--- a/test/parallel/test-crypto-authenticated.js
+++ b/test/parallel/test-crypto-authenticated.js
@@ -99,7 +99,8 @@ for (const test of TEST_CASES) {
const isOCB = /^aes-(128|192|256)-ocb$/.test(test.algo);
let options;
- if (isCCM || isOCB)
+ //if (isCCM || isOCB)
+ if (isCCM)
options = { authTagLength: test.tag.length / 2 };
const inputEncoding = test.plainIsHex ? 'hex' : 'ascii';
@@ -425,7 +426,8 @@ for (const test of TEST_CASES) {
// Test that create(De|C)ipher(iv)? throws if the mode is CCM or OCB and no
// authentication tag has been specified.
{
- for (const mode of ['ccm', 'ocb']) {
+ // for (const mode of ['ccm', 'ocb']) {
+ for (const mode of ['ccm']) {
assert.throws(() => {
crypto.createCipheriv(`aes-256-${mode}`,
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
--
1.8.3.1