Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

node-crypto : Unknown message digest sha256 #280

Closed
timoxley opened this Issue · 15 comments

6 participants

@timoxley

I am having this issue with the error:
"node-crypto : Unknown message digest sha256"
when trying to use connect/express sessions.

node 0.4.7,
express 2.3.4,
OSX 10.5.8,
openssl-1.0.0d

I recompiled node after compiling and installing latest openssl. Still an issue.

Possible duplicate of #249

@timoxley

Simplest express app exhibiting the issue:

var express = require('express'),
    app = express.createServer();

app.use(express.cookieParser());
app.use(express.session({ secret: "string" }));
app.get('/', function(req, res){
    res.render("blah");

})
app.listen(3000);

Full error output on visiting localhost:3000/:

node-crypto : Unknown message digest sha256 
Error: hmac error
    at Object.createHmac (crypto.js:103:21)
    at MemoryStore.hash (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/session.js:224:8)
    at MemoryStore.generate (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/session.js:233:40)
    at generate (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/session.js:295:13)
    at Object.session [as handle] (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/session.js:303:7)
    at next (/Users/timoxley/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at Object.cookieParser [as handle] (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/cookieParser.js:44:5)
    at next (/Users/timoxley/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at Object.handle (/Users/timoxley/node_modules/express/lib/http.js:83:5)
    at next (/Users/timoxley/node_modules/express/node_modules/connect/lib/http.js:204:15)
@timoxley

Looks like session hashing has recently changed from md5 to sha256:
1677881

Apparently, compared to sha256, bcrypt is the bees knees though:
http://codahale.com/how-to-safely-store-a-password/

Perhaps a two birds one stone approach would be to increase connect's overall security by modifying the hashing function to use bcrypt instead, there's even a node lib for it:
https://github.com/ncb000gt/node.bcrypt.js

@tj
Owner
tj commented

I'm happy with making it configurable, but I dont want to depend on c++ for core connect

@timoxley

Sounds perfect.

@timoxley

something about this crypto stuff seems to have broken the latest node install script for me as well:

…
[73/75] cxx: src/platform_darwin.cc -> build/default/src/platform_darwin_4.o
[74/75] cxx: src/node_crypto.cc -> build/default/src/node_crypto_4.o
../src/node_crypto.cc: In function ‘void node::crypto::InitCrypto(v8::Handle<v8::Object>)’:
../src/node_crypto.cc:2917: error: ‘SSL_COMP_get_compression_methods’ was not declared in this scope
Waf: Leaving directory `/private/tmp/homebrew-node-0.4.8-0UNy/node-v0.4.8/build'
Build failed:  -> task failed (err #1): 
{task: cxx node_crypto.cc -> node_crypto_4.o}
…

ouch.

@tj
Owner
tj commented

homebrew might be the issue, it sucks

@timoxley

same issue with n. Going to upgrade to 10.6 asap, see if that fixes it

@coleGillespie

did you ever get this issue resolved?

@timoxley

Currently waiting for snow leopard to be delivered. Looks like this guy had the same issue: http://twitter.com/#!/iantruslove No idea if 10.6 will fix it, perhaps upgrading xcode will help as well

@timoxley

Apparently this is a fix, haven't tried yet though: http://brownsofa.org/blog/archives/334
Getting a bit OT.

@coleGillespie

I am also running leopard. i installed node on my snow leopard imac and everything went over smooth. i guess it is the outdated os...

@bnoordhuis

@secoif joyent/node#1242 <- does the patch in that issue fix the SSL_COMP_get_compression_methods build error?

@timoxley

Not sure, I've upgraded to snow leopard now and everything works as expected. Would need to track down a leopard box to test on.

@tonyto

Is the resolution to this bug to upgrade the os?

I'm currently on osx 10.5.8 and I've also tried http://brownsofa.org/blog/archives/334 but still no joy.

@contactm

For me, method described in http://zacharycancio.com/upgrading-openssl-on-mac-os-x-1066-for-node-0 worked.

It was a bit odd. Upgrading to "openssl-1.0.0e" and reinstalled node.js didn't work.
Upgraded to "openssl-1.0.0d" and installed node with brew worked.

@tj tj closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.