You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our current implementation of node:crypto is an incrementally modified fork of the browserify crypto polyfill with a lot of BoringSSL bindings added in key places.
The browserify crypto polyfill was a great starting point, but we've outgrown it.
When you skim through the code, you'll note that very little of it makes sense in the context of Bun
It has a JavaScript implementation of MD5, SHA1, crypto.randomBytes, DES, AES, diffieHelman, etc. We have BoringSSL. We even expose BoringSSL's MD5, SHA1, etc. Let's use it.
Let's also get rid of the commonJS wrappers in it. The only JavaScript code in node:crypto should be related to streams, or wrapping a native implementation in a stream. Everything else should be in native code.
The other issue here is in the particular stream implementations themselves. There are likely many small subtly incompatible bugs in the various classes exposed by node:crypto. We need to be running node's tests against our crypto implementation. Ideally, we'd be running other test suites too for this.
The text was updated successfully, but these errors were encountered:
There are several open issues about node:crypto
bun --bun dev
#9569jose
is not working in sveltekit #7560JsonWebToken
(jsonwebtoken
package) #13682Our current implementation of
node:crypto
is an incrementally modified fork of the browserify crypto polyfill with a lot of BoringSSL bindings added in key places.The browserify crypto polyfill was a great starting point, but we've outgrown it.
When you skim through the code, you'll note that very little of it makes sense in the context of Bun
bun/src/js/node/crypto.ts
Lines 2238 to 2258 in 1bec6c3
It has a JavaScript implementation of MD5, SHA1, crypto.randomBytes, DES, AES, diffieHelman, etc. We have BoringSSL. We even expose BoringSSL's MD5, SHA1, etc. Let's use it.
Let's also get rid of the
commonJS
wrappers in it. The only JavaScript code innode:crypto
should be related to streams, or wrapping a native implementation in a stream. Everything else should be in native code.The other issue here is in the particular stream implementations themselves. There are likely many small subtly incompatible bugs in the various classes exposed by node:crypto. We need to be running node's tests against our crypto implementation. Ideally, we'd be running other test suites too for this.
The text was updated successfully, but these errors were encountered: