Skip to content

Commit 9783a82

Browse files
author
Julien Gilli
committed
tls,crypto: small refactoring for legacy ciphers
1 parent cebce08 commit 9783a82

6 files changed

Lines changed: 49 additions & 41 deletions

File tree

lib/crypto.js

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,6 @@ var constants = process.binding('constants');
4141

4242
var stream = require('stream');
4343
var util = require('util');
44-
var tls = require('tls');
4544

4645
// This is here because many functions accepted binary strings without
4746
// any explicit encoding in older versions of node, and we don't want
@@ -136,7 +135,7 @@ exports.createCredentials = function(options, context) {
136135

137136
if (options.ciphers) {
138137
c.context.setCiphers(options.ciphers);
139-
} else if (!(tls.usingV1038Ciphers() && options.ciphers === undefined)) {
138+
} else if (!(process._usingV1038Ciphers() && options.ciphers === undefined)) {
140139
// Set the ciphers to the default ciphers list unless
141140
// --enable-legacy-cipher-list=v0.10.38 was passed on the command line and
142141
// no ciphers value was passed explicitly. In that case, we want to

lib/tls.js

Lines changed: 1 addition & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1330,21 +1330,6 @@ function normalizeConnectArgs(listArgs) {
13301330
return (cb) ? [options, cb] : [options];
13311331
}
13321332

1333-
// Returns true if the --enable-legacy-cipher-list command line
1334-
// switch, or the NODE_LEGACY_CIPHER_LIST environment variable
1335-
// are set to v0.10.38 and the DEFAULT_CIPHERS equal the v0.10.38
1336-
// list.
1337-
function usingV1038Ciphers() {
1338-
var argv = process.execArgv;
1339-
if ((argv.indexOf('--enable-legacy-cipher-list=v0.10.38') > -1 ||
1340-
process.env['NODE_LEGACY_CIPHER_LIST'] === 'v0.10.38') &&
1341-
DEFAULT_CIPHERS === _crypto.getLegacyCiphers('v0.10.38')) {
1342-
return true;
1343-
}
1344-
return false;
1345-
}
1346-
exports.usingV1038Ciphers = usingV1038Ciphers;
1347-
13481333
exports.connect = function(/* [port, host], options, cb */) {
13491334
var args = normalizeConnectArgs(arguments);
13501335
var options = args[0];
@@ -1353,7 +1338,7 @@ exports.connect = function(/* [port, host], options, cb */) {
13531338
var defaults = {
13541339
rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED
13551340
};
1356-
if (!usingV1038Ciphers()) {
1341+
if (!process._usingV1038Ciphers()) {
13571342
// only set the default ciphers if we are _not_ using the
13581343
// v0.10.38 legacy cipher list. Node v0.10.38 had a bug
13591344
// that failed to set the default ciphers on the default

src/node.cc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2662,7 +2662,7 @@ static void ParseArgs(int argc, char **argv) {
26622662
DEFAULT_CIPHER_LIST = arg + 14;
26632663
argv[i] = const_cast<char*>("");
26642664
} else if (strncmp(arg, "--enable-legacy-cipher-list=", 28) == 0) {
2665-
const char * legacy_list = legacy_cipher_list(arg+28);
2665+
const char * legacy_list = crypto::LegacyCipherList(arg+28);
26662666
if (legacy_list != NULL) {
26672667
DEFAULT_CIPHER_LIST = legacy_list;
26682668
} else {
@@ -2957,7 +2957,7 @@ char** Init(int argc, char *argv[]) {
29572957
const char * leg_cipher_id = getenv("NODE_LEGACY_CIPHER_LIST");
29582958
if (leg_cipher_id != NULL) {
29592959
const char * leg_cipher_list =
2960-
legacy_cipher_list(leg_cipher_id);
2960+
crypto::LegacyCipherList(leg_cipher_id);
29612961
if (leg_cipher_list != NULL) {
29622962
DEFAULT_CIPHER_LIST = leg_cipher_list;
29632963
} else {

src/node.js

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,8 @@
4646
startup.globalTimeouts();
4747
startup.globalConsole();
4848

49+
startup.setupLegacyCiphers();
50+
4951
startup.processAssert();
5052
startup.processConfig();
5153
startup.processNextTick();
@@ -168,6 +170,25 @@
168170
process._exiting = false;
169171
};
170172

173+
startup.setupLegacyCiphers = function setupLegacyCiphers() {
174+
process._usingV1038Ciphers = function _usingV1038Ciphers() {
175+
// Returns true if the --enable-legacy-cipher-list command line
176+
// switch, or the NODE_LEGACY_CIPHER_LIST environment variable
177+
// are set to v0.10.38 and the DEFAULT_CIPHERS equal the v0.10.38
178+
// list.
179+
var crypto = process.binding('crypto');
180+
181+
var argv = process.execArgv;
182+
if ((argv.indexOf('--enable-legacy-cipher-list=v0.10.38') > -1 ||
183+
process.env.NODE_LEGACY_CIPHER_LIST === 'v0.10.38') &&
184+
crypto.DEFAULT_CIPHER_LIST === crypto.getLegacyCiphers('v0.10.38')) {
185+
return true;
186+
}
187+
188+
return false;
189+
};
190+
};
191+
171192
startup.globalTimeouts = function() {
172193
global.setTimeout = function() {
173194
var t = NativeModule.require('timers');

src/node_crypto.cc

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,12 @@ static const int X509_NAME_FLAGS = ASN1_STRFLGS_ESC_CTRL
6262
| XN_FLAG_SEP_MULTILINE
6363
| XN_FLAG_FN_SN;
6464

65+
#define DEFAULT_CIPHER_LIST_V10_38 "ECDHE-RSA-AES128-SHA256:" \
66+
"AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
67+
68+
#define DEFAULT_CIPHER_LIST_HEAD "ECDHE-RSA-AES128-SHA256:" \
69+
"AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH"
70+
6571
namespace node {
6672

6773
const char* root_certs[] = {
@@ -4197,16 +4203,30 @@ const char* ToCString(const node::Utf8Value& value) {
41974203
return *value ? *value : "<string conversion failed>";
41984204
}
41994205

4200-
Handle<Value> DefaultCiphers(const Arguments& args) {
4206+
const char* LegacyCipherList(const char * ver) {
4207+
if (ver == NULL) {
4208+
return NULL;
4209+
}
4210+
if (strncmp(ver, "v0.10.38", 8) == 0) {
4211+
return DEFAULT_CIPHER_LIST_V10_38;
4212+
} else {
4213+
return NULL;
4214+
}
4215+
}
4216+
4217+
Handle<Value> GetLegacyCiphers(const Arguments& args) {
42014218
HandleScope scope;
4219+
42024220
unsigned int len = args.Length();
42034221
if (len != 1 || !args[0]->IsString()) {
42044222
return ThrowException(
42054223
Exception::TypeError(
42064224
String::New("A single string parameter is required")));
42074225
}
4226+
42084227
node::Utf8Value key(args[0]);
4209-
const char * list = legacy_cipher_list(ToCString(key));
4228+
const char * list = LegacyCipherList(ToCString(key));
4229+
42104230
if (list != NULL) {
42114231
return scope.Close(v8::String::New(list));
42124232
} else {
@@ -4294,7 +4314,7 @@ void InitCrypto(Handle<Object> target) {
42944314
v8::String::New(DEFAULT_CIPHER_LIST),
42954315
static_cast<v8::PropertyAttribute>(v8::ReadOnly | v8::DontDelete));
42964316

4297-
NODE_SET_METHOD(target, "getLegacyCiphers", DefaultCiphers);
4317+
NODE_SET_METHOD(target, "getLegacyCiphers", GetLegacyCiphers);
42984318
}
42994319

43004320
} // namespace crypto

src/node_crypto.h

Lines changed: 1 addition & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -44,24 +44,6 @@
4444

4545
#define EVP_F_EVP_DECRYPTFINAL 101
4646

47-
#define DEFAULT_CIPHER_LIST_V10_38 "ECDHE-RSA-AES128-SHA256:" \
48-
"AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
49-
50-
#define DEFAULT_CIPHER_LIST_HEAD "ECDHE-RSA-AES128-SHA256:" \
51-
"AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH"
52-
53-
static inline const char * legacy_cipher_list(const char * ver) {
54-
if (ver == NULL) {
55-
return NULL;
56-
}
57-
if (strncmp(ver, "v0.10.38", 8) == 0) {
58-
return DEFAULT_CIPHER_LIST_V10_38;
59-
} else {
60-
return NULL;
61-
}
62-
}
63-
64-
6547
namespace node {
6648

6749
extern bool SSL2_ENABLE;
@@ -314,6 +296,7 @@ class Connection : ObjectWrap {
314296
friend class SecureContext;
315297
};
316298

299+
const char* LegacyCipherList(const char * ver);
317300
bool EntropySource(unsigned char* buffer, size_t length);
318301
void InitCrypto(v8::Handle<v8::Object> target);
319302

0 commit comments

Comments
 (0)