diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index e84c10dfa4b469..aac0c6eed63926 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -856,6 +856,12 @@ thrown.
## `crypto` module methods and properties
+## crypto.constants
+
+Returns an object containing commonly used constants for crypto and security
+related operations. The specific constants currently defined are described in
+[Crypto Constants][].
+
### crypto.DEFAULT_ENCODING
The default encoding to use for functions that can take either strings
@@ -1205,11 +1211,11 @@ keys:
* `key` : {String} - PEM encoded private key
* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
- * `constants.RSA_NO_PADDING`
- * `constants.RSA_PKCS1_PADDING`
- * `constants.RSA_PKCS1_OAEP_PADDING`
+ * `crypto.constants.RSA_NO_PADDING`
+ * `crypto.constants.RSA_PKCS1_PADDING`
+ * `crypto.constants.RSA_PKCS1_OAEP_PADDING`
-All paddings are defined in the `constants` module.
+All paddings are defined in `crypto.constants`.
### crypto.privateEncrypt(private_key, buffer)
@@ -1223,11 +1229,11 @@ keys:
* `key` : {String} - PEM encoded private key
* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
- * `constants.RSA_NO_PADDING`
- * `constants.RSA_PKCS1_PADDING`
- * `constants.RSA_PKCS1_OAEP_PADDING`
+ * `crypto.constants.RSA_NO_PADDING`
+ * `crypto.constants.RSA_PKCS1_PADDING`
+ * `crypto.constants.RSA_PKCS1_OAEP_PADDING`
-All paddings are defined in the `constants` module.
+All paddings are defined in `crypto.constants`.
### crypto.publicDecrypt(public_key, buffer)
@@ -1241,14 +1247,14 @@ keys:
* `key` : {String} - PEM encoded public key
* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
- * `constants.RSA_NO_PADDING`
- * `constants.RSA_PKCS1_PADDING`
- * `constants.RSA_PKCS1_OAEP_PADDING`
+ * `crypto.constants.RSA_NO_PADDING`
+ * `crypto.constants.RSA_PKCS1_PADDING`
+ * `crypto.constants.RSA_PKCS1_OAEP_PADDING`
Because RSA public keys can be derived from private keys, a private key may
be passed instead of a public key.
-All paddings are defined in the `constants` module.
+All paddings are defined in `crypto.constants`.
### crypto.publicEncrypt(public_key, buffer)
@@ -1262,14 +1268,14 @@ keys:
* `key` : {String} - PEM encoded public key
* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
- * `constants.RSA_NO_PADDING`
- * `constants.RSA_PKCS1_PADDING`
- * `constants.RSA_PKCS1_OAEP_PADDING`
+ * `crypto.constants.RSA_NO_PADDING`
+ * `crypto.constants.RSA_PKCS1_PADDING`
+ * `crypto.constants.RSA_PKCS1_OAEP_PADDING`
Because RSA public keys can be derived from private keys, a private key may
be passed instead of a public key.
-All paddings are defined in the `constants` module.
+All paddings are defined in `crypto.constants`.
### crypto.randomBytes(size[, callback])
@@ -1313,22 +1319,22 @@ Load and set the `engine` for some or all OpenSSL functions (selected by flags).
`engine` could be either an id or a path to the engine's shared library.
The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags`
-is a bit field taking one of or a mix of the following flags (defined in the
-`constants` module):
-
-* `ENGINE_METHOD_RSA`
-* `ENGINE_METHOD_DSA`
-* `ENGINE_METHOD_DH`
-* `ENGINE_METHOD_RAND`
-* `ENGINE_METHOD_ECDH`
-* `ENGINE_METHOD_ECDSA`
-* `ENGINE_METHOD_CIPHERS`
-* `ENGINE_METHOD_DIGESTS`
-* `ENGINE_METHOD_STORE`
-* `ENGINE_METHOD_PKEY_METHS`
-* `ENGINE_METHOD_PKEY_ASN1_METHS`
-* `ENGINE_METHOD_ALL`
-* `ENGINE_METHOD_NONE`
+is a bit field taking one of or a mix of the following flags (defined in
+`crypto.constants`):
+
+* `crypto.constants.ENGINE_METHOD_RSA`
+* `crypto.constants.ENGINE_METHOD_DSA`
+* `crypto.constants.ENGINE_METHOD_DH`
+* `crypto.constants.ENGINE_METHOD_RAND`
+* `crypto.constants.ENGINE_METHOD_ECDH`
+* `crypto.constants.ENGINE_METHOD_ECDSA`
+* `crypto.constants.ENGINE_METHOD_CIPHERS`
+* `crypto.constants.ENGINE_METHOD_DIGESTS`
+* `crypto.constants.ENGINE_METHOD_STORE`
+* `crypto.constants.ENGINE_METHOD_PKEY_METHS`
+* `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS`
+* `crypto.constants.ENGINE_METHOD_ALL`
+* `crypto.constants.ENGINE_METHOD_NONE`
## Notes
@@ -1380,6 +1386,316 @@ Based on the recommendations of [NIST SP 800-131A][]:
See the reference for other recommendations and details.
+## Crypto Constants
+
+The following constants exported by `crypto.constants` apply to various uses of
+the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
+
+### OpenSSL Options
+
+
+
+ Constant |
+ Description |
+
+
+ SSL_OP_ALL |
+ Applies multiple bug workarounds within OpenSSL. See
+ https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html for
+ detail. |
+
+
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION |
+ Allows legacy insecure renegotiation between OpenSSL and unpatched
+ clients or servers. See
+ https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html. |
+
+
+ SSL_OP_CIPHER_SERVER_PREFERENCE |
+ Uses the server's preferences instead of the clients when selecting a
+ cipher. See
+ https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html. |
+
+
+ SSL_OP_CISCO_ANYCONNECT |
+ Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. |
+
+
+ SSL_OP_COOKIE_EXCHANGE |
+ Instructs OpenSSL to turn on cookie exchange. |
+
+
+ SSL_OP_CRYPTOPRO_TLSEXT_BUG |
+ Instructs OpenSSL to add server-hello extension from an early version
+ of the cryptopro draft. |
+
+
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
+ Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability
+ workaround added in OpenSSL 0.9.6d. |
+
+
+ SSL_OP_EPHEMERAL_RSA |
+ Instructs OpenSSL to always use the tmp_rsa key when performing RSA
+ operations. |
+
+
+ SSL_OP_LEGACY_SERVER_CONNECT |
+ Allow initial connection to servers that do not support RI. |
+
+
+ SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
+ |
+
+
+ SSL_OP_MICROSOFT_SESS_ID_BUG |
+ |
+
+
+ SSL_OP_MSIE_SSLV2_RSA_PADDING |
+ Instructs OpenSSL to disable the workaround for a man-in-the-middle
+ protocol-version vulnerability in the SSL 2.0 server implementation. |
+
+
+ SSL_OP_NETSCAPE_CA_DN_BUG |
+ |
+
+
+ SSL_OP_NETSCAPE_CHALLENGE_BUG |
+ |
+
+
+ SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG |
+ |
+
+
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
+ |
+
+
+ SSL_OP_NO_COMPRESSION |
+ Instructs OpenSSL to disable support for SSL/TLS compression. |
+
+
+ SSL_OP_NO_QUERY_MTU |
+ |
+
+
+ SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
+ Instructs OpenSSL to always start a new session when performing
+ renegotiation. |
+
+
+ SSL_OP_NO_SSLv2 |
+ Instructs OpenSSL to turn off SSL v2 |
+
+
+ SSL_OP_NO_SSLv3 |
+ Instructs OpenSSL to turn off SSL v3 |
+
+
+ SSL_OP_NO_TICKET |
+ Instructs OpenSSL to disable use of RFC4507bis tickets. |
+
+
+ SSL_OP_NO_TLSv1 |
+ Instructs OpenSSL to turn off TLS v1 |
+
+
+ SSL_OP_NO_TLSv1_1 |
+ Instructs OpenSSL to turn off TLS v1.1 |
+
+
+ SSL_OP_NO_TLSv1_2 |
+ Instructs OpenSSL to turn off TLS v1.2 |
+
+ SSL_OP_PKCS1_CHECK_1 |
+ |
+
+
+ SSL_OP_PKCS1_CHECK_2 |
+ |
+
+
+ SSL_OP_SINGLE_DH_USE |
+ Instructs OpenSSL to always create a new key when using
+ temporary/ephemeral DH parameters. |
+
+
+ SSL_OP_SINGLE_ECDH_USE |
+ Instructs OpenSSL to always create a new key when using
+ temporary/ephemeral ECDH parameters. |
+
+ SSL_OP_SSLEAY_080_CLIENT_DH_BUG |
+ |
+
+
+ SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG |
+ |
+
+
+ SSL_OP_TLS_BLOCK_PADDING_BUG |
+ |
+
+
+ SSL_OP_TLS_D5_BUG |
+ |
+
+
+ SSL_OP_TLS_ROLLBACK_BUG |
+ Instructs OpenSSL to disable version rollback attack detection. |
+
+
+
+### OpenSSL Engine Constants
+
+
+
+ Constant |
+ Description |
+
+
+ ENGINE_METHOD_RSA |
+ Limit engine usage to RSA |
+
+
+ ENGINE_METHOD_DSA |
+ Limit engine usage to DSA |
+
+
+ ENGINE_METHOD_DH |
+ Limit engine usage to DH |
+
+
+ ENGINE_METHOD_RAND |
+ Limit engine usage to RAND |
+
+
+ ENGINE_METHOD_ECDH |
+ Limit engine usage to ECDH |
+
+
+ ENGINE_METHOD_ECDSA |
+ Limit engine usage to ECDSA |
+
+
+ ENGINE_METHOD_CIPHERS |
+ Limit engine usage to CIPHERS |
+
+
+ ENGINE_METHOD_DIGESTS |
+ Limit engine usage to DIGESTS |
+
+
+ ENGINE_METHOD_STORE |
+ Limit engine usage to STORE |
+
+
+ ENGINE_METHOD_PKEY_METHS |
+ Limit engine usage to PKEY_METHDS |
+
+
+ ENGINE_METHOD_PKEY_ASN1_METHS |
+ Limit engine usage to PKEY_ASN1_METHS |
+
+
+ ENGINE_METHOD_ALL |
+ |
+
+
+ ENGINE_METHOD_NONE |
+ |
+
+
+
+### Other OpenSSL Constants
+
+
+
+ Constant |
+ Description |
+
+
+ O_RDONLY |
+ Flag indicating to open a file for read-only access. |
+
+
+ O_WRONLY |
+ Flag indicating to open a file for write-only access. |
+
+
+ O_RDWR |
+ Flag indicating to open a file for read-write access. |
+
+
+ O_CREAT |
+ Flag indicating to create the file if it does not already exist. |
+
+
+ O_EXCL |
+ Flag indicating that opening a file should fail if the
+ O_CREAT flag is set and the file already exists. |
+
+
+ O_NOCTTY |
+ Flag indicating that if path identifies a terminal device, opening the
+ path shall not cause that terminal to become the controlling terminal for
+ the process (if the process does not already have one). |
+
+
+ O_TRUNC |
+ Flag indicating that if the file exists and is a regular file, and the
+ file is opened successfully for write access, its length shall be truncated
+ to zero. |
+
+
+ O_APPEND |
+ Flag indicating that data will be appended to the end of the file. |
+
+
+ O_DIRECTORY |
+ Flag indicating that the open should fail if the path is not a
+ directory. |
+
+
+ O_NOATIME |
+ Flag indicating reading accesses to the file system will no longer
+ result in an update to the `atime` information associated with the file.
+ This flag is available on Linux operating systems only. |
+
+
+ O_NOFOLLOW |
+ Flag indicating that the open should fail if the path is a symbolic
+ link. |
+
+
+ O_SYNC |
+ Flag indicating that the file is opened for synchronous I/O. |
+
+
+ O_SYMLINK |
+ Flag indicating to open the symbolic link itself rather than the
+ resource it is pointing to. |
+
+
+ O_DIRECT |
+ When set, an attempt will be made to minimize caching effects of file
+ I/O. |
+
+
+ O_NONBLOCK |
+ Flag indicating to open the file in nonblocking mode when possible. |
+
+
+
+### File Type Constants
+
+The following constants are meant for use with the [`fs.Stats`][] object's
+`mode` property for determining a file's type.
+
+
+
+ Constant |
+ Description |
+
+
+ S_IRWXU |
+ File mode indicating readable, writable and executable by owner. |
+
+
+ S_IRUSR |
+ File mode indicating readable by owner. |
+
+
+ S_IWUSR |
+ File mode indicating writable by owner. |
+
+
+ S_IXUSR |
+ File mode indicating executable by owner. |
+
+
+ S_IRWXG |
+ File mode indicating readable, writable and executable by group. |
+
+
+ S_IRGRP |
+ File mode indicating readable by group. |
+
+
+ S_IWGRP |
+ File mode indicating writable by group. |
+
+
+ S_IXGRP |
+ File mode indicating executable by group. |
+
+
+ S_IRWXO |
+ File mode indicating readable, writable and executable by others. |
+
+
+ S_IROTH |
+ File mode indicating readable by others. |
+
+
+ S_IWOTH |
+ File mode indicating writable by others. |
+
+
+ S_IXOTH |
+ File mode indicating executable by others. |
+
+
+
[`Buffer.byteLength`]: buffer.html#buffer_class_method_buffer_bytelength_string_encoding
[`Buffer`]: buffer.html#buffer_buffer
[Caveats]: #fs_caveats
@@ -1418,3 +1646,4 @@ Synchronous versions of [`fs.write()`][]. Returns the number of bytes written.
[Readable Stream]: stream.html#stream_class_stream_readable
[Writable Stream]: stream.html#stream_class_stream_writable
[inode]: http://www.linux.org/threads/intro-to-inodes.4130
+[FS Constants]: #fs_fs_constants
diff --git a/doc/api/os.md b/doc/api/os.md
index 7e92f2bf434e37..59ed110666d203 100644
--- a/doc/api/os.md
+++ b/doc/api/os.md
@@ -22,6 +22,12 @@ added: v0.5.0
Returns the operating system CPU architecture. Possible values are `'x64'`,
`'arm'` and `'ia32'`. Returns the value of [`process.arch`][].
+## os.constants
+
+Returns an object containing commonly used operating system specific constants
+for error codes, process signals, and so on. The specific constants currently
+defined are described in [OS Constants][].
+
## os.cpus()