Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src: cleanup crypto more #57323

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

src: cleanup crypto more #57323

wants to merge 10 commits into from

Conversation

jasnell
Copy link
Member

@jasnell jasnell commented Mar 5, 2025

More cleanup in the crypto code... encapsulating stuff into ncrypto, moving ifdef branches into ncrypto, removing some obsolete stuff, simplifying and improving some error handling, etc.

@jasnell jasnell requested review from anonrig and tniessen March 5, 2025 01:16
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto
  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Mar 5, 2025
@codecov Codecov
Copy link

codecov bot commented Mar 5, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 67.69231% with 21 lines in your changes missing coverage. Please review.

Project coverage is 90.22%. Comparing base (a790901) to head (b63dd85).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_util.cc 63.63% 8 Missing and 8 partials ⚠️
src/crypto/crypto_common.cc 0.00% 2 Missing ⚠️
src/crypto/crypto_ec.cc 83.33% 0 Missing and 2 partials ⚠️
src/crypto/crypto_dsa.cc 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #57323      +/-   ##
==========================================
+ Coverage   90.21%   90.22%   +0.01%     
==========================================
  Files         630      630              
  Lines      185304   185289      -15     
  Branches    36266    36265       -1     
==========================================
+ Hits       167171   167184      +13     
+ Misses      11084    11072      -12     
+ Partials     7049     7033      -16
Files with missing lines Coverage Δ
src/crypto/crypto_cipher.cc 72.52% <ø> (ø)
src/crypto/crypto_dh.cc 62.01% <100.00%> (+0.42%) ⬆️
src/crypto/crypto_ec.h 9.09% <ø> (ø)
src/crypto/crypto_hash.cc 65.03% <ø> (-0.62%) ⬇️
src/crypto/crypto_hkdf.cc 65.27% <ø> (ø)
src/crypto/crypto_hmac.cc 66.86% <ø> (ø)
src/crypto/crypto_keys.cc 72.32% <ø> (-0.28%) ⬇️
src/crypto/crypto_pbkdf2.cc 68.11% <ø> (ø)
src/crypto/crypto_rsa.cc 64.37% <ø> (+0.32%) ⬆️
src/crypto/crypto_scrypt.cc 76.82% <ø> (ø)
... and 7 more

... and 30 files with indirect coverage changes

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from 23c0321 to 5ed620a Compare March 5, 2025 15:41
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell

This comment was marked as outdated.

Sign in to view
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from 5ed620a to 062c774 Compare March 5, 2025 22:11
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from 062c774 to a8744d3 Compare March 5, 2025 22:17
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell jasnell added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Mar 6, 2025
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from a8744d3 to defdb2f Compare March 6, 2025 00:17
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell
Copy link
Member Author

jasnell commented Mar 6, 2025

There are relevant CI failures to investigate before this can land.

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from 0f7222f to e025d3f Compare March 6, 2025 21:53
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from e025d3f to 2c83aa7 Compare March 6, 2025 22:19
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from 2c83aa7 to 066f084 Compare March 6, 2025 22:54
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from 066f084 to 76afdc6 Compare March 6, 2025 23:05
jasnell added 4 commits March 6, 2025 15:13
@jasnell
src: cleanup crypto more
aff058c 
* Use ncrypto APIs where appropriate
* Remove obsolete no-longer used functions
* Improve error handling a bit
@jasnell
src: move secure heap handling to ncrypto
9de8f9a 
To simplify handling of boringssl/openssl, move secure
heap impl to ncrypto. Overall the reduces the complexity
of the code in crypto_util by eliminating additional
ifdef branches.
@jasnell
src: fixup linting after multiple edits
b730145
@jasnell
src: simplify CryptoErrorStore::ToException a bit
f780e87
jasnell added 5 commits March 6, 2025 15:13
@jasnell
src: simplify error handling in crypto_common
ba318d2
@jasnell
src: move curve utility methods to ncrypto
b100101
@jasnell
src: verify that released DataPointers aren't on secure heap
d8dac5d 
The ByteSource does not currently know how to free a DataPointer
allocated on the secure heap, so just verify.

DataPointers on the secure heap are not something that users can
allocate on their own. Their use is rare. Eventually ByteSource
is going to be refactored around ncrypto APIs so these additional
checks should be temporary.
@jasnell
src: simplify some ifdefs that are covered by ncrypto
999c73d
@jasnell
src: cleanup some obsolete includes in crypto_util
f6d919c
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from 76afdc6 to f6d919c Compare March 6, 2025 23:14
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@jasnell jasnell force-pushed the jasnell/more-crypto-cleanups branch from 24bbedd to b63dd85 Compare March 6, 2025 23:45
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 6, 2025
edited by jasnell
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/65625/ 💛

sorry for the extra CI runs.. the issue is happening only with openssl 1.1.1 and I have no way of testing it locally and the CI output is not enough to fully diagnose what the issues are... so... repeated CI runs are necessary.

mertcanaltin
mertcanaltin approved these changes Mar 7, 2025
View reviewed changes
Copy link
Member

@mertcanaltin mertcanaltin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anonrig anonrig anonrig approved these changes

@mertcanaltin mertcanaltin mertcanaltin approved these changes

@tniessen tniessen Awaiting requested review from tniessen

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jasnell @nodejs-github-bot @anonrig @mertcanaltin