deps: start working on ncrypto dep

[jasnell]

The idea here is to start moving the bulk of the implementation of src/crypto/*.h and src/crypto.c++ into a separate dependency that can be used by other runtimes that are seeking to emulate Node.js' behaviors.

Implementing this will be incremental since there is a lot of code to migrate. Accordingly, while the idea is to eventually move ncrypto into its own nodejs/ncrypto repo, it will remain only in deps until most of the functionality that will be moved to it is moved. Doing so will make it much easier to review individual changes that move function out to the dep.

[nodejs-github-bot]

Review requested:

• @nodejs/crypto
• @nodejs/gyp
• @nodejs/security-wg

[tniessen]

a separate dependency that can be used by other runtimes that are seeking to emulate Node.js' behaviors.

Is this specifically for workerd or have other runtimes expressed interest in this?

while the idea is to eventually move ncrypto into its own nodejs/ncrypto repo

What about versioning of such a dependency? If multiple other runtimes depend on this library, wouldn't they expect API/ABI stability that we currently do not provide for such internal bindings?

Regarding contributions, would future pull requests then target nodejs/ncrypto, and would this repository then have its own set of test suites?

[jasnell]

Is this specially for workerd...

That's the immediate target for me, yes, but I wouldn't say it is only for that.

FWIW, I'm also hoping that by separating this out we can more easily deal with various openssl updates, differences with boringssl in environments that use that, and provide some isolate to work on performance and functionality improvements.

What about versioning of such a dependency? If multiple other runtimes depend on this library, wouldn't they expect API/ABI stability that we currently do not provide for such internal bindings?

I think we address that problem if/when it becomes a problem. For workerd we really wouldn't need to expect strict API/ABI stability as we would be able to track any updates accordingly.

Regarding contributions, would future pull requests then target nodejs/ncrypto, and would this repository then have its own set of test suites?

Yes. Future PRs that specifically touch the underlying c++ code would happen there. The nodejs/ncrypto repo would have its own set of tests that would need to be created as part of this effort since we currently do not have any c++ tests for the low level crypto stuff in the runtime.

[anonrig]

Can you add version and add it to node metadata just like nbytes?

[jasnell]

Can you add version and add it to node metadata...

Already done https://github.com/nodejs/node/pull/53803/files#diff-906d4d2a785066ab68f8cbadfdf32b34991648ec259d97b61be70b0ed502bf3c

[Jarred-Sumner]

Is this specifically for workerd or have other runtimes expressed interest in this?

We (Bun) are interested!

[jasnell]

We (Bun) are interested!

Awesome. Yeah, I figured y'all might be. Re-implementing this stuff so that it works consistently with node.js and tracks changes is a ton of work. Separating out the key bits that do not directly depend on v8 will make life a whole lot easier and will make it easier to be actually compatible with node.js

[panva]

the idea is to eventually move ncrypto into its own nodejs/ncrypto repo

I think it's worth pointing out that this might reduce visibility in this subsystem's development/maintenance. Example being nodejs/undici contributions and releases that occasionaly include breaking behaviours in a core API.

[jasnell]

...Example being nodejs/undici contributions and releases that occasionaly include breaking behaviours in a core API.

Noted and agreed that is a risk. I think the benefits for cross-runtime compatibility and preventing divergence across implementations are benefits that outweigh the risk.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/60344/ 💛

[jasnell]

Landed in efe5b81