New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unknown ciphers: aes-256-cfb, aes-128-cfb #16195
Comments
👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can. To help make it easier for us to investigate your issue, please follow the contributing guidelines. |
@DessertBoy which version of Node 10 are you testing on locally that works with your sample code? I ask because Electron 3 is based on Node 10.2 and Electron 4 is based on Node 10.11, so having more data points here about what works and what doesn't will help us troubleshoot the issue better... |
@shiftkey I have tried v10.2.0 and v10.11.0 on locally with sample code in test.js , and execute the sample code via node cmd. As a result both versions can succeed |
It seems that the problem is far bigger than just missing cipher I compared Electron 3, Electron 4 and NodeJS 10.11.0 Electron 3/NodeJS 10.11.0 const crypto = require('crypto') [ 'RSA-MD4', Electron 4 var crypto = require('crypto') [ 'md4', 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512' ] quite a lot of hash functions just disappeared in Electron 4 |
confirm the above issue - seems the v4 incl. crypto module got "rid of" most hash funcs which breaks backwards compatiblity in our software. |
@ca333 yes. That's it. |
@DessertBoy I'm not sure offhand. You'd have to look into how the Electron team are building and packaging Node into Electron - https://github.com/electron/node is the repository where that happens |
The root cause here is that we switched from OpenSSL in Electron 3 to BoringSSL in Electron 4. In Electron 3, Chromium uses BoringSSL and Node uses OpenSSL. In Electron 4, we only ship one SSL library, and that's BoringSSL. The main reason for this is that Electron 4 is a single static binary, and BoringSSL and OpenSSL cannot coexist in the same binary because their symbols conflict (e.g. both of them define a function called In general, BoringSSL is more focused on providing up-to-date and secure ciphers than it is concerned with backwards compatibility, so if you really need OpenSSL specifically, I think the best path forward would be to have OpenSSL available as a native node module. That way the vast majority of folks that don't need access to obscure cipher suites can use the smaller, already-bundled BoringSSL, and anyone who needs OpenSSL specifically can install it from npm. That said, there is some precedent for BoringSSL adding support for less-commonly-used ciphers and cipher options via the Here's an example of a patch that would add support for the |
Also, as for the list of hashes, OpenSSL adds a lot of aliases to that list, so e.g. Digest algorithms present in OpenSSL that are not present in BoringSSL (decrepit or otherwise):
All the other elements in the list produced by ripemd160 (aka RSA-RIPEMD160, ripemd160, ripemd160WithRSA, rmd160) is present in BoringSSL's decrepit module and not currently built in Electron. |
@nornagon With Electron 3 (and OpenSSL rather than BoringSSL), 'aes256' was an alias for which cipher? In Electron 4, I have tried changing to aes-256-cbc, aes-256-ctr, aes-256-ecb, aes-256-ofb, and aes-256-xts. None of these have allowed me to achieve backwards compatibility with the version of my software that ran on Electron 3 (and used cipher aes256). |
Never mind. Was able to achieve compatibility using aes-256-cbc. |
Glad you found it! If you want to check the source, here's the list of aliases in the OpenSSL source: https://github.com/nodejs/node/blob/master/deps/openssl/openssl/crypto/evp/c_allc.c |
Is it planned to add ripemd160 to electron from boringSSL? it is needed for some cryptocurrency-related libraries, like https://github.com/cryptocoinjs/hdkey/blob/master/lib/hdkey.js#L238 |
Thanks @nornagon.
Does this mean that these |
Can someone change the label? This doesn't only affect windows. On macOS I see the same limited ciphers available as @pbca26 mentioned above:
|
ripemd160 is a digest, not a cipher. It's listed in |
Excuse me, will you support 'rmd160' in the follow-up? |
|
@nornagon So every single app that uses rmd160 (keeping in mind that NodeJS crypto uses aliases) will have to dance around with try catches every time a user tries to use their library in Electron? Just making sure. $ node -e "console.log(require('crypto').getHashes().filter(v => v.indexOf('160') > -1))"
[ 'RSA-RIPEMD160', 'ripemd160', 'ripemd160WithRSA', 'rmd160' ] Edit: I have asked some coworkers using various versions of NodeJS, Linux, MacOS, Windows 10 etc. and everyone gets the same results as me above... Which comes down to two choices:
Don't read into my words here. I am not implying anything. Just want to clarify that 1 is the proper way forward? If so I will go ahead and add a try catch to our library. |
I'd recommend you just use |
Ok, I'll use a try catch then. Wouldn't want someone's app to break because of it, and bumping major version for a string change is silly. |
Is there any fix to this problem? thanks |
Anything? We would also be very interested in a fix, especially for Electron 6. |
I've updated the title of this issue to refer to the initially-requested ciphers aes-256-cfb and aes-128-cfb, which are available & working in current versions of Electron. If you're having trouble with a different cipher, please open a new issue with the details of the problem you're experiencing. |
@nornagon Thank you for some very clear answers in this thread! I'm in need of |
@franzwilhelm as requested in my previous comment, please open a new issue for new ciphers. |
Removed the deprecated Buffer constructor calls and replaced with `Buffer.from()` and `Buffer.alloc()` Removed unused `toBinaryString` from buffer-tools Changed from cipher algorithm alias to real names (`aes128`, `aes192`, and `aes256` to `aes-128-cbc`, `aes-192-cbc`, and `aes-256-cbc`) to improve compatibility with Electron, see electron/electron#16195 for more details Now allows users to provide their own cipher algorithm name. To keep backwards compatibility, if an algorithm is not given then defaults to the old lookup table method
How did you solve it |
node_modules/.bin/electron --version
: 4.0.0node_modules/.bin/electron --version
on last known working Electron version (if applicable): v3.x.xExpected Behavior
Generally , invoke
crypto.createCipheriv ()
that should return a Cipheriv Object.Actual behavior
When I call
crypto.createCipheriv()
, it will response me a error that is unknown cipher .But If I run this program(test code ) alone by node cmd. (ex. node test.js ) that it work.
So I don't think it is a node10 problem.
To Reproduce
sample code
in main.js
Response:
in Electron 4 or more newer
in Electron 3.x , more older or run alone by node cmd
The text was updated successfully, but these errors were encountered: