From 356ece933457ff7216658236ec5cf05f906e8f69 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 14 Sep 2018 13:39:05 +0000 Subject: [PATCH 2/2] Remove OpenSSL 1.0.2 features --- src/node_crypto.cc | 150 ++++++++++++++++++++--------- src/node_crypto.h | 28 ++++-- test/parallel/test-crypto-authenticated.js | 6 +- 3 files changed, 128 insertions(+), 56 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 7bdb1b1..6111e2e 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1077,8 +1077,8 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo& args) { node::Utf8Value curve(env->isolate(), args[0]); #if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE); - SSL_CTX_set_ecdh_auto(sc->ctx_, 1); + SSL_CTX_set_options(sc->ctx_.get(), SSL_OP_SINGLE_ECDH_USE); + SSL_CTX_set_ecdh_auto(sc->ctx_.get(), 1); #endif if (strcmp(*curve, "auto") == 0) @@ -1340,7 +1340,7 @@ void SecureContext::GetTicketKeys(const FunctionCallbackInfo& args) { memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16); memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16); #else - if (SSL_CTX_get_tlsext_ticket_keys(wrap->ctx_, + if (SSL_CTX_get_tlsext_ticket_keys(wrap->ctx_.get(), Buffer::Data(buff), Buffer::Length(buff)) != 1) { return wrap->env()->ThrowError("Failed to fetch tls ticket keys"); @@ -1374,7 +1374,7 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo& args) { memcpy(wrap->ticket_key_hmac_, Buffer::Data(args[0]) + 16, 16); memcpy(wrap->ticket_key_aes_, Buffer::Data(args[0]) + 32, 16); #else - if (SSL_CTX_set_tlsext_ticket_keys(wrap->ctx_, + if (SSL_CTX_set_tlsext_ticket_keys(wrap->ctx_.get(), Buffer::Data(args[0]), Buffer::Length(args[0])) != 1) { return env->ThrowError("Failed to fetch tls ticket keys"); @@ -2804,14 +2804,14 @@ void CipherBase::Init(const char* cipher_type, iv); CHECK_NE(key_len, 0); - ctx_.reset(EVP_CIPHER_CTX_new()); + ctx_ = EVP_CIPHER_CTX_new(); const int mode = EVP_CIPHER_mode(cipher); if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); const bool encrypt = (kind_ == kCipher); - if (1 != EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, + if (1 != EVP_CipherInit_ex(ctx_, cipher, nullptr, nullptr, nullptr, encrypt)) { return ThrowCryptoError(env(), ERR_get_error(), "Failed to initialize cipher"); @@ -2832,9 +2832,9 @@ void CipherBase::Init(const char* cipher_type, return; } - CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len)); + CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_, key_len)); - if (1 != EVP_CipherInit_ex(ctx_.get(), + if (1 != EVP_CipherInit_ex(ctx_, nullptr, nullptr, reinterpret_cast(key), @@ -2871,8 +2871,8 @@ void CipherBase::Init(const FunctionCallbackInfo& args) { static bool IsSupportedAuthenticatedMode(int mode) { return mode == EVP_CIPH_CCM_MODE || - mode == EVP_CIPH_GCM_MODE || - mode == EVP_CIPH_OCB_MODE; + mode == EVP_CIPH_GCM_MODE; + // mode == EVP_CIPH_OCB_MODE; } void CipherBase::InitIv(const char* cipher_type, @@ -2906,13 +2906,13 @@ void CipherBase::InitIv(const char* cipher_type, return env()->ThrowError("Invalid IV length"); } - ctx_.reset(EVP_CIPHER_CTX_new()); + ctx_ = EVP_CIPHER_CTX_new(); if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); const bool encrypt = (kind_ == kCipher); - if (1 != EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, + if (1 != EVP_CipherInit_ex(ctx_, cipher, nullptr, nullptr, nullptr, encrypt)) { return ThrowCryptoError(env(), ERR_get_error(), "Failed to initialize cipher"); @@ -2924,12 +2924,13 @@ void CipherBase::InitIv(const char* cipher_type, return; } - if (!EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len)) { - ctx_.reset(); + if (!EVP_CIPHER_CTX_set_key_length(ctx_, key_len)) { + EVP_CIPHER_CTX_free(ctx_); + ctx_ = nullptr; return env()->ThrowError("Invalid key length"); } - if (1 != EVP_CipherInit_ex(ctx_.get(), + if (1 != EVP_CipherInit_ex(ctx_, nullptr, nullptr, reinterpret_cast(key), @@ -2992,8 +2993,8 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, return false; } - const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); - if (mode == EVP_CIPH_CCM_MODE || mode == EVP_CIPH_OCB_MODE) { + const int mode = EVP_CIPHER_CTX_mode(ctx_); + if (mode == EVP_CIPH_CCM_MODE) { if (auth_tag_len == kNoAuthTagLength) { char msg[128]; snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type); @@ -3010,7 +3011,8 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, #endif // Tell OpenSSL about the desired length. - if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_SET_TAG, auth_tag_len, + if (!EVP_CIPHER_CTX_ctrl(ctx_, EVP_CTRL_CCM_SET_TAG, auth_tag_len, + // if (!EVP_CIPHER_CTX_ctrl(ctx_, EVP_CTRL_AEAD_SET_TAG, auth_tag_len, nullptr)) { env()->ThrowError("Invalid authentication tag length"); return false; @@ -3049,7 +3051,7 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, bool CipherBase::CheckCCMMessageLength(int message_len) { CHECK(ctx_); - CHECK(EVP_CIPHER_CTX_mode(ctx_.get()) == EVP_CIPH_CCM_MODE); + CHECK(EVP_CIPHER_CTX_mode(ctx_) == EVP_CIPH_CCM_MODE); if (message_len > max_message_size_) { env()->ThrowError("Message exceeds maximum size"); @@ -3063,7 +3065,7 @@ bool CipherBase::CheckCCMMessageLength(int message_len) { bool CipherBase::IsAuthenticatedMode() const { // Check if this cipher operates in an AEAD mode that we support. CHECK(ctx_); - const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); + const int mode = EVP_CIPHER_CTX_mode(ctx_); return IsSupportedAuthenticatedMode(mode); } @@ -3098,7 +3100,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { } unsigned int tag_len = Buffer::Length(args[0]); - const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_.get()); + const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_); if (mode == EVP_CIPH_GCM_MODE) { if (cipher->auth_tag_len_ != kNoAuthTagLength && cipher->auth_tag_len_ != tag_len) { @@ -3114,6 +3116,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { "Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.", tag_len); ProcessEmitDeprecationWarning(cipher->env(), msg, "DEP0090"); } +/* } else if (mode == EVP_CIPH_OCB_MODE) { // At this point, the tag length is already known and must match the // length of the given authentication tag. @@ -3125,6 +3128,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { "Invalid authentication tag length: %u", tag_len); return cipher->env()->ThrowError(msg); } +*/ } // Note: we don't use std::min() here to work around a header conflict. @@ -3141,8 +3145,8 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { bool CipherBase::MaybePassAuthTagToOpenSSL() { if (!auth_tag_set_ && auth_tag_len_ != kNoAuthTagLength) { - if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), - EVP_CTRL_AEAD_SET_TAG, + if (!EVP_CIPHER_CTX_ctrl(ctx_, + EVP_CTRL_CCM_SET_TAG, auth_tag_len_, reinterpret_cast(auth_tag_))) { return false; @@ -3159,7 +3163,7 @@ bool CipherBase::SetAAD(const char* data, unsigned int len, int plaintext_len) { MarkPopErrorOnReturn mark_pop_error_on_return; int outlen; - const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); + const int mode = EVP_CIPHER_CTX_mode(ctx_); // When in CCM mode, we need to set the authentication tag and the plaintext // length in advance. @@ -3178,11 +3182,11 @@ bool CipherBase::SetAAD(const char* data, unsigned int len, int plaintext_len) { } // Specify the plaintext length. - if (!EVP_CipherUpdate(ctx_.get(), nullptr, &outlen, nullptr, plaintext_len)) + if (!EVP_CipherUpdate(ctx_, nullptr, &outlen, nullptr, plaintext_len)) return false; } - return 1 == EVP_CipherUpdate(ctx_.get(), + return 1 == EVP_CipherUpdate(ctx_, nullptr, &outlen, reinterpret_cast(data), @@ -3212,7 +3216,7 @@ CipherBase::UpdateResult CipherBase::Update(const char* data, return kErrorState; MarkPopErrorOnReturn mark_pop_error_on_return; - const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); + const int mode = EVP_CIPHER_CTX_mode(ctx_); if (mode == EVP_CIPH_CCM_MODE) { if (!CheckCCMMessageLength(len)) @@ -3226,11 +3230,11 @@ CipherBase::UpdateResult CipherBase::Update(const char* data, } *out_len = 0; - int buff_len = len + EVP_CIPHER_CTX_block_size(ctx_.get()); + int buff_len = len + EVP_CIPHER_CTX_block_size(ctx_); // For key wrapping algorithms, get output size by calling // EVP_CipherUpdate() with null output. if (kind_ == kCipher && mode == EVP_CIPH_WRAP_MODE && - EVP_CipherUpdate(ctx_.get(), + EVP_CipherUpdate(ctx_, nullptr, &buff_len, reinterpret_cast(data), @@ -3239,7 +3243,7 @@ CipherBase::UpdateResult CipherBase::Update(const char* data, } *out = Malloc(buff_len); - int r = EVP_CipherUpdate(ctx_.get(), + int r = EVP_CipherUpdate(ctx_, *out, out_len, reinterpret_cast(data), @@ -3301,7 +3305,7 @@ bool CipherBase::SetAutoPadding(bool auto_padding) { if (!ctx_) return false; MarkPopErrorOnReturn mark_pop_error_on_return; - return EVP_CIPHER_CTX_set_padding(ctx_.get(), auto_padding); + return EVP_CIPHER_CTX_set_padding(ctx_, auto_padding); } @@ -3318,10 +3322,10 @@ bool CipherBase::Final(unsigned char** out, int* out_len) { if (!ctx_) return false; - const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); + const int mode = EVP_CIPHER_CTX_mode(ctx_); *out = Malloc( - static_cast(EVP_CIPHER_CTX_block_size(ctx_.get()))); + static_cast(EVP_CIPHER_CTX_block_size(ctx_))); if (kind_ == kDecipher && IsSupportedAuthenticatedMode(mode)) { MaybePassAuthTagToOpenSSL(); @@ -3333,7 +3337,7 @@ bool CipherBase::Final(unsigned char** out, int* out_len) { if (kind_ == kDecipher && mode == EVP_CIPH_CCM_MODE) { ok = !pending_auth_failed_; } else { - ok = EVP_CipherFinal_ex(ctx_.get(), *out, out_len) == 1; + ok = EVP_CipherFinal_ex(ctx_, *out, out_len) == 1; if (ok && kind_ == kCipher && IsAuthenticatedMode()) { // In GCM mode, the authentication tag length can be specified in advance, @@ -3351,7 +3355,8 @@ bool CipherBase::Final(unsigned char** out, int* out_len) { } } - ctx_.reset(); + EVP_CIPHER_CTX_free(ctx_); + ctx_ = nullptr; return ok; } @@ -3394,6 +3399,11 @@ void CipherBase::Final(const FunctionCallbackInfo& args) { } +Hmac::~Hmac() { + HMAC_CTX_free(ctx_); +} + + void Hmac::Initialize(Environment* env, v8::Local target) { Local t = env->NewFunctionTemplate(New); @@ -3423,9 +3433,16 @@ void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) { if (key_len == 0) { key = ""; } +/* ctx_.reset(HMAC_CTX_new()); if (!ctx_ || !HMAC_Init_ex(ctx_.get(), key, key_len, md, nullptr)) { ctx_.reset(); +*/ + ctx_ = HMAC_CTX_new(); + if (ctx_ == nullptr || + !HMAC_Init_ex(ctx_, key, key_len, md, nullptr)) { + HMAC_CTX_free(ctx_); + ctx_ = nullptr; return ThrowCryptoError(env(), ERR_get_error()); } } @@ -3446,7 +3463,7 @@ void Hmac::HmacInit(const FunctionCallbackInfo& args) { bool Hmac::HmacUpdate(const char* data, int len) { if (!ctx_) return false; - int r = HMAC_Update(ctx_.get(), + int r = HMAC_Update(ctx_, reinterpret_cast(data), len); return r == 1; @@ -3493,10 +3510,17 @@ void Hmac::HmacDigest(const FunctionCallbackInfo& args) { unsigned char md_value[EVP_MAX_MD_SIZE]; unsigned int md_len = 0; +/* if (hmac->ctx_) { HMAC_Final(hmac->ctx_.get(), md_value, &md_len); hmac->ctx_.reset(); } +*/ + if (hmac->ctx_ != nullptr) { + HMAC_Final(hmac->ctx_, md_value, &md_len); + HMAC_CTX_free(hmac->ctx_); + hmac->ctx_ = nullptr; + } Local error; MaybeLocal rc = @@ -3514,6 +3538,11 @@ void Hmac::HmacDigest(const FunctionCallbackInfo& args) { } +Hash::~Hash() { + EVP_MD_CTX_free(mdctx_); +} + + void Hash::Initialize(Environment* env, v8::Local target) { Local t = env->NewFunctionTemplate(New); @@ -3543,9 +3572,16 @@ bool Hash::HashInit(const char* hash_type) { const EVP_MD* md = EVP_get_digestbyname(hash_type); if (md == nullptr) return false; +/* mdctx_.reset(EVP_MD_CTX_new()); if (!mdctx_ || EVP_DigestInit_ex(mdctx_.get(), md, nullptr) <= 0) { mdctx_.reset(); +*/ + mdctx_ = EVP_MD_CTX_new(); + if (mdctx_ == nullptr || + EVP_DigestInit_ex(mdctx_, md, nullptr) <= 0) { + EVP_MD_CTX_free(mdctx_); + mdctx_ = nullptr; return false; } finalized_ = false; @@ -3556,7 +3592,7 @@ bool Hash::HashInit(const char* hash_type) { bool Hash::HashUpdate(const char* data, int len) { if (!mdctx_) return false; - EVP_DigestUpdate(mdctx_.get(), data, len); + EVP_DigestUpdate(mdctx_, data, len); return true; } @@ -3601,7 +3637,7 @@ void Hash::HashDigest(const FunctionCallbackInfo& args) { unsigned char md_value[EVP_MAX_MD_SIZE]; unsigned int md_len; - EVP_DigestFinal_ex(hash->mdctx_.get(), md_value, &md_len); + EVP_DigestFinal_ex(hash->mdctx_, md_value, &md_len); hash->finalized_ = true; Local error; @@ -3620,6 +3656,11 @@ void Hash::HashDigest(const FunctionCallbackInfo& args) { } +SignBase::~SignBase() { + EVP_MD_CTX_free(mdctx_); +} + + SignBase::Error SignBase::Init(const char* sign_type) { CHECK_NULL(mdctx_); #if OPENSSL_VERSION_NUMBER >= 0x10100000L @@ -3634,9 +3675,16 @@ SignBase::Error SignBase::Init(const char* sign_type) { if (md == nullptr) return kSignUnknownDigest; +/* mdctx_.reset(EVP_MD_CTX_new()); if (!mdctx_ || !EVP_DigestInit_ex(mdctx_.get(), md, nullptr)) { mdctx_.reset(); +*/ + mdctx_ = EVP_MD_CTX_new(); + if (mdctx_ == nullptr || + !EVP_DigestInit_ex(mdctx_, md, nullptr)) { + EVP_MD_CTX_free(mdctx_); + mdctx_ = nullptr; return kSignInit; } @@ -3647,7 +3695,7 @@ SignBase::Error SignBase::Init(const char* sign_type) { SignBase::Error SignBase::Update(const char* data, int len) { if (mdctx_ == nullptr) return kSignNotInitialised; - if (!EVP_DigestUpdate(mdctx_.get(), data, len)) + if (!EVP_DigestUpdate(mdctx_, data, len)) return kSignUpdate; return kSignOk; } @@ -3749,7 +3797,8 @@ void Sign::SignUpdate(const FunctionCallbackInfo& args) { sign->CheckThrow(err); } -static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md, +// static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md, +static int Node_SignFinal(EVP_MD_CTX* mdctx, unsigned char* md, unsigned int* sig_len, const EVPKeyPointer& pkey, int padding, int pss_salt_len) { @@ -3757,7 +3806,7 @@ static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md, unsigned int m_len; *sig_len = 0; - if (!EVP_DigestFinal_ex(mdctx.get(), m, &m_len)) + if (!EVP_DigestFinal_ex(mdctx, m, &m_len)) return 0; size_t sltmp = static_cast(EVP_PKEY_size(pkey.get())); @@ -3766,7 +3815,7 @@ static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md, EVP_PKEY_sign_init(pkctx.get()) > 0 && ApplyRSAOptions(pkey, pkctx.get(), padding, pss_salt_len) && EVP_PKEY_CTX_set_signature_md(pkctx.get(), - EVP_MD_CTX_md(mdctx.get())) > 0 && + EVP_MD_CTX_md(mdctx)) > 0 && EVP_PKEY_sign(pkctx.get(), md, &sltmp, m, m_len) > 0) { *sig_len = sltmp; return 1; @@ -3784,7 +3833,8 @@ SignBase::Error Sign::SignFinal(const char* key_pem, if (!mdctx_) return kSignNotInitialised; - EVPMDPointer mdctx = std::move(mdctx_); + // EVPMDPointer mdctx = std::move(mdctx_); + EVP_MD_CTX* mdctx = std::move(mdctx_); BIOPointer bp(BIO_new_mem_buf(const_cast(key_pem), key_pem_len)); if (!bp) @@ -3967,12 +4017,12 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem, unsigned int m_len; int r = 0; *verify_result = false; - EVPMDPointer mdctx = std::move(mdctx_); + EVP_MD_CTX* mdctx = std::move(mdctx_); if (ParsePublicKey(&pkey, key_pem, key_pem_len) != kParsePublicOk) return kSignPublicKey; - if (!EVP_DigestFinal_ex(mdctx.get(), m, &m_len)) + if (!EVP_DigestFinal_ex(mdctx, m, &m_len)) return kSignPublicKey; EVPKeyCtxPointer pkctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); @@ -3980,7 +4030,7 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem, EVP_PKEY_verify_init(pkctx.get()) > 0 && ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) && EVP_PKEY_CTX_set_signature_md(pkctx.get(), - EVP_MD_CTX_md(mdctx.get())) > 0) { + EVP_MD_CTX_md(mdctx)) > 0) { r = EVP_PKEY_verify(pkctx.get(), reinterpret_cast(sig), siglen, @@ -4948,6 +4998,7 @@ inline void PBKDF2(const FunctionCallbackInfo& args) { } +/* #ifndef OPENSSL_NO_SCRYPT struct ScryptJob : public CryptoJob { unsigned char* keybuf_data; @@ -5038,6 +5089,7 @@ void Scrypt(const FunctionCallbackInfo& args) { args.GetReturnValue().Set(job->ToResult()); } #endif // OPENSSL_NO_SCRYPT +*/ void GetSSLCiphers(const FunctionCallbackInfo& args) { @@ -5478,9 +5530,11 @@ void Initialize(Local target, PublicKeyCipher::Cipher); +/* #ifndef OPENSSL_NO_SCRYPT env->SetMethod(target, "scrypt", Scrypt); #endif // OPENSSL_NO_SCRYPT +*/ } } // namespace crypto diff --git a/src/node_crypto.h b/src/node_crypto.h index e850358..49eb078 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -81,7 +81,7 @@ using SSLSessionPointer = DeleteFnPtr; using SSLPointer = DeleteFnPtr; using EVPKeyPointer = DeleteFnPtr; using EVPKeyCtxPointer = DeleteFnPtr; -using EVPMDPointer = DeleteFnPtr; +// using EVPMDPointer = DeleteFnPtr; using RSAPointer = DeleteFnPtr; using BignumPointer = DeleteFnPtr; using NetscapeSPKIPointer = DeleteFnPtr; @@ -347,6 +347,10 @@ class SSLWrap { class CipherBase : public BaseObject { public: +// ~CipherBase() override { +// EVP_CIPHER_CTX_cleanup(ctx_); +// } + static void Initialize(Environment* env, v8::Local target); void MemoryInfo(MemoryTracker* tracker) const override { @@ -413,7 +417,9 @@ class CipherBase : public BaseObject { } private: - DeleteFnPtr ctx_; + EVP_CIPHER_CTX* ctx_; + // DeleteFnPtr ctx_; + // DeleteFnPtr ctx_; const CipherKind kind_; bool auth_tag_set_; unsigned int auth_tag_len_; @@ -424,6 +430,8 @@ class CipherBase : public BaseObject { class Hmac : public BaseObject { public: + ~Hmac() override; + static void Initialize(Environment* env, v8::Local target); void MemoryInfo(MemoryTracker* tracker) const override { @@ -448,11 +456,14 @@ class Hmac : public BaseObject { } private: - DeleteFnPtr ctx_; + // DeleteFnPtr ctx_; + HMAC_CTX* ctx_; }; class Hash : public BaseObject { public: + ~Hash() override; + static void Initialize(Environment* env, v8::Local target); void MemoryInfo(MemoryTracker* tracker) const override { @@ -477,7 +488,8 @@ class Hash : public BaseObject { } private: - EVPMDPointer mdctx_; + // EVPMDPointer mdctx_; + EVP_MD_CTX* mdctx_; bool finalized_; }; @@ -494,9 +506,12 @@ class SignBase : public BaseObject { } Error; SignBase(Environment* env, v8::Local wrap) - : BaseObject(env, wrap) { + : BaseObject(env, wrap), + mdctx_(nullptr) { } + ~SignBase() override; + Error Init(const char* sign_type); Error Update(const char* data, int len); @@ -509,7 +524,8 @@ class SignBase : public BaseObject { protected: void CheckThrow(Error error); - EVPMDPointer mdctx_; + // EVPMDPointer mdctx_; + EVP_MD_CTX* mdctx_; }; class Sign : public SignBase { diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js index 4b2d852..cb0bc41 100644 --- a/test/parallel/test-crypto-authenticated.js +++ b/test/parallel/test-crypto-authenticated.js @@ -99,7 +99,8 @@ for (const test of TEST_CASES) { const isOCB = /^aes-(128|192|256)-ocb$/.test(test.algo); let options; - if (isCCM || isOCB) + //if (isCCM || isOCB) + if (isCCM) options = { authTagLength: test.tag.length / 2 }; const inputEncoding = test.plainIsHex ? 'hex' : 'ascii'; @@ -425,7 +426,8 @@ for (const test of TEST_CASES) { // Test that create(De|C)ipher(iv)? throws if the mode is CCM or OCB and no // authentication tag has been specified. { - for (const mode of ['ccm', 'ocb']) { + // for (const mode of ['ccm', 'ocb']) { + for (const mode of ['ccm']) { assert.throws(() => { crypto.createCipheriv(`aes-256-${mode}`, 'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8', -- 1.8.3.1