-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: upgrade pbkdf2 without digest to an error #11305
Conversation
cc @nodejs/crypto @bnoordhuis |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with style nits and a suggestion.
lib/crypto.js
Outdated
pbkdf2DeprecationWarning(); | ||
// Formerly Deprecation code DEP0009 | ||
throw new TypeError( | ||
'The "digest" argument is required and must not be undefined'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you indent by two additional spaces here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It checks if digest
is a function and throws error saying must not be undefined
. I think this could do stricter validations.
lib/crypto.js
Outdated
if (digest === undefined) { | ||
// Formerly Deprecation code DEP0009 | ||
throw new TypeError( | ||
'The "digest" argument is required and must not be undefined'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ditto. Out of curiosity, is there a reason you can't move the check to the pbkdf2 function below? That would avoid the duplication.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and null
is allowed? Or will another layer throw for that case? basically, looks like the check should be against == undefined
to me, but there is clearly another layer doing a check for digests like 'the-happy-digest'
, and other invalid input (numbers, etc.), so maybe its covered there.
doc/api/deprecations.md
Outdated
Use of the [`crypto.pbkdf2()`][] API without specifying a digest was deprecated | ||
in Node.js 6.0 because the method defaulted to using the non-recommendend | ||
`'SHA1'` digest. Previously, a deprecation warning was printed. Starting in | ||
Node.js 8.0.0, calling the `crypto.pbkdf2()` or `crypto.pbkdf2Sync()` with an |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
drop the "the"
doc/api/deprecations.md
Outdated
in Node.js 6.0 because the method defaulted to using the non-recommendend | ||
`'SHA1'` digest. Previously, a deprecation warning was printed. Starting in | ||
Node.js 8.0.0, calling the `crypto.pbkdf2()` or `crypto.pbkdf2Sync()` with an | ||
undefined `digest` will throw a `TypeError`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if its null
? Maybe, "with an unspecified digest" or "with a non-string digest"?
lib/crypto.js
Outdated
if (digest === undefined) { | ||
// Formerly Deprecation code DEP0009 | ||
throw new TypeError( | ||
'The "digest" argument is required and must not be undefined'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and null
is allowed? Or will another layer throw for that case? basically, looks like the check should be against == undefined
to me, but there is clearly another layer doing a check for digests like 'the-happy-digest'
, and other invalid input (numbers, etc.), so maybe its covered there.
to be honest, not sure what we should do with null. the current code only prints the deprecation notice if it's undefined so this only throws if it's undefined. The assumption, I believe, is that passing null is more explicit and is therefore ok. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Updated to address feedback. New CI: https://ci.nodejs.org/job/node-test-pull-request/6365/ |
Commit a116358 added a deprecation warning when pbkdf2 was called without an explicit `digest` argument. This was because the default digest is `sha1`, which is not-recommended from a security point of view. This upgrades it to a runtime error when `digest` is undefined per the plan discussed in the original issue. Ref: nodejs@a116358
62568ab
to
6c58166
Compare
@nodejs/ctc ... any further thoughts? |
@@ -562,15 +556,17 @@ exports.pbkdf2 = function(password, | |||
|
|||
|
|||
exports.pbkdf2Sync = function(password, salt, iterations, keylen, digest) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's simply do exports.pbkdf2Sync = pbkdf2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would change the signature of pbkdf2Sync
(it would accept the callback
argument and change the value of pbkdf2Sync.length
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept and API (error) change LGTM, no comment on the code
Commit a116358 added a deprecation warning when pbkdf2 was called without an explicit `digest` argument. This was because the default digest is `sha1`, which is not-recommended from a security point of view. This upgrades it to a runtime error when `digest` is undefined per the plan discussed in the original issue. Ref: a116358 PR-URL: #11305 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Landed in 9f74184 |
Calling `crypto.pbkdf2()` without a digest has been deprecated in Node and is scheduled to be broken in Node 8. Fix this by actually passing a digest. ref: nodejs/node#11305
@jasnell This breaks CITGM because it was used in the express tests in the deprecated way… it’s “just” in an example script, but we really should have run that on this :/ I opened expressjs/express#3207 but there might be another problem with express + Node master… I’m looking into it |
Argh... Ok. |
Commit a116358 added a deprecation warning when pbkdf2 was called without an explicit
digest
argument. This was because the default digest issha1
, which is not-recommended from a security point of view. This upgrades it to a runtime error whendigest
is undefined per the plan discussed in the original issue.Ref: a116358
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
crypto