New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: fail early when loading crypto module w/o openssl #5611

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
5 participants
@jasnell
Member

jasnell commented Mar 8, 2016

Pull Request check-list

Please make sure to review and check all of these items:

  • Does make -j8 test (UNIX) or vcbuild test nosign (Windows) pass with
    this change (including linting)?
  • Is the commit message formatted according to [CONTRIBUTING.md][0]?
  • If this change fixes a bug (or a performance problem), is a regression
    test (or a benchmark) included?
  • Is a documentation update included (if this change modifies
    existing APIs, or introduces new ones)?

Affected core subsystem(s)

crypto, tls, https, process, src

Description of change

Updated
Fail early in require('crypto'), require('tls'), require('https'), etc when crypto is not available
(rather than depending on an internal try/catch).

Add documentation for detecting when crypto is not available.

(this previously had a process.noCrypto flag that was removed)

@evanlucas

This comment has been minimized.

Member

evanlucas commented Mar 8, 2016

what about something like process.hasCrypto? Using process.noCrypto seems a little odd to me

@vkurchatkin

This comment has been minimized.

Member

vkurchatkin commented Mar 8, 2016

the only way to determine if crypto is enabled is to either attempt to require the 'crypto' module

It seems to be perfectly fine

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 8, 2016

The typical check is to see if crypto is disabled. Having it as process.hasCrypto would require developers to negate in the typical case... e.g. if (!process.hasCrypto)

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 8, 2016

@vkurchatkin ... sure, it works, but it also requires two try/catch blocks (one outside crypto.js, one inside) and a call to process.binding to determine if crypto to present... which is silly because node already knows that crypto isn't available when it is compiled. This alternative is more efficient, consolidates the checking, and makes it easier on developers.

@vkurchatkin

This comment has been minimized.

Member

vkurchatkin commented Mar 9, 2016

@jasnell I just don't like adding more and more properties to process. We can change internal implementation to throw immediately on require, but I think we shouldn't add a flag.

In most cases if script requires crypto and node is compiled without OpenSSL, failing is the only option. In other cases (which should be rare, in my opinion) try catch is good enough.

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 9, 2016

I just don't like adding more and more properties to process

Out of curiosity... how come? Would it be more palatable if the flag was _ prefixed and left undocumented?

Other than adding the flag, this PR does modify the internal implementation to throw immediately on require eliminating the internal try/catch.

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 9, 2016

Btw, see https://github.com/npm/npm/blob/master/lib/adduser.js#L7-L20 for an example of the kind of "is crypto enabled" check this is intended to address.

@vkurchatkin

This comment has been minimized.

Member

vkurchatkin commented Mar 9, 2016

how come? Would it be more palatable if the flag was _ prefixed and left undocumented

no, it's much worse. The problem is that we use process for all kinds of unrelated things, both public and private. The only reason for this is that there is no other simple way to expose something to js without thinking too much. Because of this process is really littered.

Other than adding the flag, this PR does modify the internal implementation to throw immediately on require eliminating the internal try/catch.

This seems reasonable to me

@rvagg

This comment has been minimized.

Member

rvagg commented Mar 9, 2016

wouldn't !!process.versions.openssl do this same thing?

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 9, 2016

@rvagg +1 ... was just going to suggest the same thing. The only reason I had added the process.noCrypto was to make the check slightly easier.

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 9, 2016

@vkurchatkin @rvagg: ok, I'll pull the process.noCrypto flag and will keep everything else.

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 9, 2016

@vkurchatkin @rvagg ... ok, new commit added. PTAL

@jasnell jasnell added semver-major and removed semver-minor labels Mar 9, 2016

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 9, 2016

Thinking about it further, I think this may actually be semver-major because it changes the error reported when doing require('https') and others when openssl is not available.

@jasnell jasnell changed the title from src: add process.noCrypto flag to crypto: fail early when loading crypto module w/o openssl Mar 9, 2016

@rvagg

View changes

doc/api/crypto.markdown Outdated
There are two ways of determining if `crypto` support is unavailable:
First, by checking that `process.versions.openssl` is `undefined`:
```js

This comment has been minimized.

@rvagg

rvagg Mar 9, 2016

Member

empty line above code blocks is standard isn't it?

@rvagg

This comment has been minimized.

Member

rvagg commented Mar 9, 2016

lgtm sans two minor formatting nits in doc, I'm not sold on semver-minor mainly since no-crypto mode isn't really something we "officially" support, although I don't imagine there's any great hurry to get this in so I'll leave that call to you.

@jasnell jasnell removed the process label Mar 9, 2016

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 9, 2016

Nope, no hurry at all. I'll let this one sit for a bit. I suspect you're right tho... it's entirely possible this could land as a patch without any real impact.

@bnoordhuis

This comment has been minimized.

Member

bnoordhuis commented Mar 9, 2016

I'm -1. The try/catch approach is still the most future-proof. What if we switch to another crypto library some day?

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 10, 2016

@bnoordhuis ... not sure how switching to another crypto library would impact this. Wouldn't we still know that it's not available without having to do the internal try/catch?

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 10, 2016

... and even if we did switch to a different library, the assertCrypto utility method could simply be modified to check for any crypto as opposed to specifically for process.versions.openssl

@jasnell jasnell force-pushed the jasnell:no-openssl-flag branch Mar 19, 2016

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 19, 2016

@bnoordhuis .. updated! squashed. PTAL!

@bnoordhuis

View changes

lib/internal/util.js Outdated
const noCrypto = !process.versions.openssl;
exports.assertCrypto = function(exports) {
if (noCrypto) {
exports.noCrypto = true;

This comment has been minimized.

@bnoordhuis

bnoordhuis Mar 19, 2016

Member

Is there still a reason to set this property?

@jasnell jasnell force-pushed the jasnell:no-openssl-flag branch Mar 21, 2016

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 21, 2016

@bnoordhuis ... PTAL

@bnoordhuis

This comment has been minimized.

Member

bnoordhuis commented Mar 23, 2016

LGTM

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 23, 2016

One final CI before landing (although we don't actually run CI with openssl off): https://ci.nodejs.org/job/node-test-pull-request/2044/

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 23, 2016

CI had a couple of red tests that I believe are unrelated. Just to be safe, running again: https://ci.nodejs.org/job/node-test-pull-request/2045/

crypto: fail early when loading crypto without openssl
Fail early in require('crypto'), require('tls'),
require('https'), etc when crypto is not available
(rather than depending on an internal try/catch).

Add documentation for detecting when crypto is not available.

@jasnell jasnell force-pushed the jasnell:no-openssl-flag branch to d1fbbdf Mar 23, 2016

@jasnell

This comment has been minimized.

Member

jasnell commented Mar 23, 2016

CI is green. One unrelated failure.

jasnell added a commit that referenced this pull request Mar 23, 2016

crypto: fail early when loading crypto without openssl
Fail early in require('crypto'), require('tls'),
require('https'), etc when crypto is not available
(rather than depending on an internal try/catch).

Add documentation for detecting when crypto is not available.

PR-URL: #5611
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@jasnell

This comment has been minimized.

Member

jasnell commented Mar 23, 2016

Landed in f429fe1

@jasnell jasnell closed this Mar 23, 2016

@jasnell jasnell referenced this pull request Apr 19, 2016

Closed

What is new in v6? #6264

jasnell added a commit that referenced this pull request Apr 26, 2016

2016-04-26, Version 6.0.0 (Current) Release
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.

* Buffer
  * New Buffer constructors have been added
    [#4682](#4682)
  * Previously deprecated Buffer APIs are removed
    [#5048](#5048),
    [#4594](#4594)
  * Improved error handling [#4514](#4514)
* Cluster
  * Worker emitted as first argument in 'message' event
    [#5361](#5361).
* Crypto
  * Improved error handling [#3100](#3100),
    [#5611](#5611)
  * Simplified Certificate class bindings
    [#5382](#5382)
  * Improved control over FIPS mode
    [#5181](#5181)
  * pbkdf2 digest overloading is deprecated
    [#4047](#4047)
* Dependencies
  * Reintroduce shared c-ares build support
    [#5775](#5775).
  * V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
  * Add resolvePtr API to query plain DNS PTR records
    [#4921](#4921).
* Domains
  * Clear stack when no error handler
  [#4659](#4659).
* File System
  * The `fs.realpath()` and `fs.realpathSync()` methods have been updated
    to use a more efficient libuv implementation. This change includes the
    removal of the `cache` argument and the method can throw new errors
    [#3594](#3594)
  * FS apis can now accept and return paths as Buffers
    [#5616](#5616).
  * Error handling and type checking improvements
    [#5616](#5616),
    [#5590](#5590),
    [#4518](#4518),
    [#3917](#3917).
  * fs.read's string interface is deprecated
    [#4525](#4525)
* HTTP
  * 'clientError' can now be used to return custom errors from an
    HTTP server [#4557](#4557).
* Modules
  * Current directory is now prioritized for local lookups
    [#5689](#5689)
  * Symbolic links are preserved when requiring modules
    [#5950](#5950)
* Net
  * DNS hints no longer implicitly set
    [#6021](#6021).
  * Improved error handling and type checking
    [#5981](#5981),
    [#5733](#5733),
    [#2904](#2904)
* Path
  * Improved type checking [#5348](#5348).
* Process
  * Introduce process warnings API
    [#4782](#4782).
  * Throw exception when non-function passed to nextTick
    [#3860](#3860).
* Readline
  * Emit key info unconditionally
    [#6024](#6024)
* REPL
  * Assignment to `_` will emit a warning.
    [#5535](#5535)
* Timers
  * Fail early when callback is not a function
    [#4362](#4362)
* TLS
  * Rename 'clientError' to 'tlsClientError'
    [#4557](#4557)
  * SHA1 used for sessionIdContext
    [#3866](#3866)
* TTY
  * Previously deprecated setRawMode wrapper is removed
    [#2528](#2528).
* Util
  * Changes to Error object formatting
    [#4582](#4582).
* Windows
  * Windows XP and Vista are no longer supported
    [#5167](#5167),
    [#5167](#5167).

jasnell added a commit that referenced this pull request Apr 26, 2016

2016-04-26, Version 6.0.0 (Current) Release
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.

* Buffer
  * New Buffer constructors have been added
    [#4682](#4682)
  * Previously deprecated Buffer APIs are removed
    [#5048](#5048),
    [#4594](#4594)
  * Improved error handling [#4514](#4514)
* Cluster
  * Worker emitted as first argument in 'message' event
    [#5361](#5361).
* Crypto
  * Improved error handling [#3100](#3100),
    [#5611](#5611)
  * Simplified Certificate class bindings
    [#5382](#5382)
  * Improved control over FIPS mode
    [#5181](#5181)
  * pbkdf2 digest overloading is deprecated
    [#4047](#4047)
* Dependencies
  * Reintroduce shared c-ares build support
    [#5775](#5775).
  * V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
  * Add resolvePtr API to query plain DNS PTR records
    [#4921](#4921).
* Domains
  * Clear stack when no error handler
  [#4659](#4659).
* File System
  * The `fs.realpath()` and `fs.realpathSync()` methods have been updated
    to use a more efficient libuv implementation. This change includes the
    removal of the `cache` argument and the method can throw new errors
    [#3594](#3594)
  * FS apis can now accept and return paths as Buffers
    [#5616](#5616).
  * Error handling and type checking improvements
    [#5616](#5616),
    [#5590](#5590),
    [#4518](#4518),
    [#3917](#3917).
  * fs.read's string interface is deprecated
    [#4525](#4525)
* HTTP
  * 'clientError' can now be used to return custom errors from an
    HTTP server [#4557](#4557).
* Modules
  * Current directory is now prioritized for local lookups
    [#5689](#5689)
  * Symbolic links are preserved when requiring modules
    [#5950](#5950)
* Net
  * DNS hints no longer implicitly set
    [#6021](#6021).
  * Improved error handling and type checking
    [#5981](#5981),
    [#5733](#5733),
    [#2904](#2904)
* Path
  * Improved type checking [#5348](#5348).
* Process
  * Introduce process warnings API
    [#4782](#4782).
  * Throw exception when non-function passed to nextTick
    [#3860](#3860).
* Readline
  * Emit key info unconditionally
    [#6024](#6024)
* REPL
  * Assignment to `_` will emit a warning.
    [#5535](#5535)
* Timers
  * Fail early when callback is not a function
    [#4362](#4362)
* TLS
  * Rename 'clientError' to 'tlsClientError'
    [#4557](#4557)
  * SHA1 used for sessionIdContext
    [#3866](#3866)
* TTY
  * Previously deprecated setRawMode wrapper is removed
    [#2528](#2528).
* Util
  * Changes to Error object formatting
    [#4582](#4582).
* Windows
  * Windows XP and Vista are no longer supported
    [#5167](#5167),
    [#5167](#5167).

jasnell added a commit that referenced this pull request Apr 26, 2016

2016-04-26, Version 6.0.0 (Current) Release
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.

* Buffer
  * New Buffer constructors have been added
    [#4682](#4682)
  * Previously deprecated Buffer APIs are removed
    [#5048](#5048),
    [#4594](#4594)
  * Improved error handling [#4514](#4514)
* Cluster
  * Worker emitted as first argument in 'message' event
    [#5361](#5361).
* Crypto
  * Improved error handling [#3100](#3100),
    [#5611](#5611)
  * Simplified Certificate class bindings
    [#5382](#5382)
  * Improved control over FIPS mode
    [#5181](#5181)
  * pbkdf2 digest overloading is deprecated
    [#4047](#4047)
* Dependencies
  * Reintroduce shared c-ares build support
    [#5775](#5775).
  * V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
  * Add resolvePtr API to query plain DNS PTR records
    [#4921](#4921).
* Domains
  * Clear stack when no error handler
  [#4659](#4659).
* File System
  * The `fs.realpath()` and `fs.realpathSync()` methods have been updated
    to use a more efficient libuv implementation. This change includes the
    removal of the `cache` argument and the method can throw new errors
    [#3594](#3594)
  * FS apis can now accept and return paths as Buffers
    [#5616](#5616).
  * Error handling and type checking improvements
    [#5616](#5616),
    [#5590](#5590),
    [#4518](#4518),
    [#3917](#3917).
  * fs.read's string interface is deprecated
    [#4525](#4525)
* HTTP
  * 'clientError' can now be used to return custom errors from an
    HTTP server [#4557](#4557).
* Modules
  * Current directory is now prioritized for local lookups
    [#5689](#5689)
  * Symbolic links are preserved when requiring modules
    [#5950](#5950)
* Net
  * DNS hints no longer implicitly set
    [#6021](#6021).
  * Improved error handling and type checking
    [#5981](#5981),
    [#5733](#5733),
    [#2904](#2904)
* OS X
  * MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
    [#6402](#6402).
* Path
  * Improved type checking [#5348](#5348).
* Process
  * Introduce process warnings API
    [#4782](#4782).
  * Throw exception when non-function passed to nextTick
    [#3860](#3860).
* Readline
  * Emit key info unconditionally
    [#6024](#6024)
* REPL
  * Assignment to `_` will emit a warning.
    [#5535](#5535)
* Timers
  * Fail early when callback is not a function
    [#4362](#4362)
* TLS
  * Rename 'clientError' to 'tlsClientError'
    [#4557](#4557)
  * SHA1 used for sessionIdContext
    [#3866](#3866)
* TTY
  * Previously deprecated setRawMode wrapper is removed
    [#2528](#2528).
* Util
  * Changes to Error object formatting
    [#4582](#4582).
* Windows
  * Windows XP and Vista are no longer supported
    [#5167](#5167),
    [#5167](#5167).

jasnell added a commit that referenced this pull request Apr 26, 2016

2016-04-26, Version 6.0.0 (Current) Release
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.

* Buffer
  * New Buffer constructors have been added
    [#4682](#4682)
  * Previously deprecated Buffer APIs are removed
    [#5048](#5048),
    [#4594](#4594)
  * Improved error handling [#4514](#4514)
* Cluster
  * Worker emitted as first argument in 'message' event
    [#5361](#5361).
* Crypto
  * Improved error handling [#3100](#3100),
    [#5611](#5611)
  * Simplified Certificate class bindings
    [#5382](#5382)
  * Improved control over FIPS mode
    [#5181](#5181)
  * pbkdf2 digest overloading is deprecated
    [#4047](#4047)
* Dependencies
  * Reintroduce shared c-ares build support
    [#5775](#5775).
  * V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
  * Add resolvePtr API to query plain DNS PTR records
    [#4921](#4921).
* Domains
  * Clear stack when no error handler
  [#4659](#4659).
* File System
  * The `fs.realpath()` and `fs.realpathSync()` methods have been updated
    to use a more efficient libuv implementation. This change includes the
    removal of the `cache` argument and the method can throw new errors
    [#3594](#3594)
  * FS apis can now accept and return paths as Buffers
    [#5616](#5616).
  * Error handling and type checking improvements
    [#5616](#5616),
    [#5590](#5590),
    [#4518](#4518),
    [#3917](#3917).
  * fs.read's string interface is deprecated
    [#4525](#4525)
* HTTP
  * 'clientError' can now be used to return custom errors from an
    HTTP server [#4557](#4557).
* Modules
  * Current directory is now prioritized for local lookups
    [#5689](#5689)
  * Symbolic links are preserved when requiring modules
    [#5950](#5950)
* Net
  * DNS hints no longer implicitly set
    [#6021](#6021).
  * Improved error handling and type checking
    [#5981](#5981),
    [#5733](#5733),
    [#2904](#2904)
* OS X
  * MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
    [#6402](#6402).
* Path
  * Improved type checking [#5348](#5348).
* Process
  * Introduce process warnings API
    [#4782](#4782).
  * Throw exception when non-function passed to nextTick
    [#3860](#3860).
* Readline
  * Emit key info unconditionally
    [#6024](#6024)
* REPL
  * Assignment to `_` will emit a warning.
    [#5535](#5535)
* Timers
  * Fail early when callback is not a function
    [#4362](#4362)
* TLS
  * Rename 'clientError' to 'tlsClientError'
    [#4557](#4557)
  * SHA1 used for sessionIdContext
    [#3866](#3866)
* TTY
  * Previously deprecated setRawMode wrapper is removed
    [#2528](#2528).
* Util
  * Changes to Error object formatting
    [#4582](#4582).
* Windows
  * Windows XP and Vista are no longer supported
    [#5167](#5167),
    [#5167](#5167).

jasnell added a commit that referenced this pull request Apr 26, 2016

2016-04-26, Version 6.0.0 (Current) Release
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.

* Buffer
  * New Buffer constructors have been added
    [#4682](#4682)
  * Previously deprecated Buffer APIs are removed
    [#5048](#5048),
    [#4594](#4594)
  * Improved error handling [#4514](#4514)
* Cluster
  * Worker emitted as first argument in 'message' event
    [#5361](#5361).
* Crypto
  * Improved error handling [#3100](#3100),
    [#5611](#5611)
  * Simplified Certificate class bindings
    [#5382](#5382)
  * Improved control over FIPS mode
    [#5181](#5181)
  * pbkdf2 digest overloading is deprecated
    [#4047](#4047)
* Dependencies
  * Reintroduce shared c-ares build support
    [#5775](#5775).
  * V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
  * Add resolvePtr API to query plain DNS PTR records
    [#4921](#4921).
* Domains
  * Clear stack when no error handler
  [#4659](#4659).
* File System
  * The `fs.realpath()` and `fs.realpathSync()` methods have been updated
    to use a more efficient libuv implementation. This change includes the
    removal of the `cache` argument and the method can throw new errors
    [#3594](#3594)
  * FS apis can now accept and return paths as Buffers
    [#5616](#5616).
  * Error handling and type checking improvements
    [#5616](#5616),
    [#5590](#5590),
    [#4518](#4518),
    [#3917](#3917).
  * fs.read's string interface is deprecated
    [#4525](#4525)
* HTTP
  * 'clientError' can now be used to return custom errors from an
    HTTP server [#4557](#4557).
* Modules
  * Current directory is now prioritized for local lookups
    [#5689](#5689)
  * Symbolic links are preserved when requiring modules
    [#5950](#5950)
* Net
  * DNS hints no longer implicitly set
    [#6021](#6021).
  * Improved error handling and type checking
    [#5981](#5981),
    [#5733](#5733),
    [#2904](#2904)
* OS X
  * MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
    [#6402](#6402).
* Path
  * Improved type checking [#5348](#5348).
* Process
  * Introduce process warnings API
    [#4782](#4782).
  * Throw exception when non-function passed to nextTick
    [#3860](#3860).
* Readline
  * Emit key info unconditionally
    [#6024](#6024)
* REPL
  * Assignment to `_` will emit a warning.
    [#5535](#5535)
* Timers
  * Fail early when callback is not a function
    [#4362](#4362)
* TLS
  * Rename 'clientError' to 'tlsClientError'
    [#4557](#4557)
  * SHA1 used for sessionIdContext
    [#3866](#3866)
* TTY
  * Previously deprecated setRawMode wrapper is removed
    [#2528](#2528).
* Util
  * Changes to Error object formatting
    [#4582](#4582).
* Windows
  * Windows XP and Vista are no longer supported
    [#5167](#5167),
    [#5167](#5167).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment