diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc index 70182313ab431e..e3e8d5db51dede 100644 --- a/deps/ncrypto/ncrypto.cc +++ b/deps/ncrypto/ncrypto.cc @@ -2402,6 +2402,15 @@ EVPKeyPointer::operator Rsa() const { return Rsa(rsa); } +EVPKeyPointer::operator Dsa() const { + int type = id(); + if (type != EVP_PKEY_DSA) return {}; + + OSSL3_CONST DSA* dsa = EVP_PKEY_get0_DSA(get()); + if (dsa == nullptr) return {}; + return Dsa(dsa); +} + bool EVPKeyPointer::validateDsaParameters() const { if (!pkey_) return false; /* Validate DSA2 parameters from FIPS 186-4 */ @@ -2660,8 +2669,8 @@ bool SSLCtxPointer::setGroups(const char* groups) { // ============================================================================ -const Cipher Cipher::FromName(const char* name) { - return Cipher(EVP_get_cipherbyname(name)); +const Cipher Cipher::FromName(std::string_view name) { + return Cipher(EVP_get_cipherbyname(name.data())); } const Cipher Cipher::FromNid(int nid) { @@ -2748,6 +2757,10 @@ bool Cipher::isSupportedAuthenticatedMode() const { } } +bool Cipher::IsValidGCMTagLength(unsigned int tag_len) { + return tag_len == 4 || tag_len == 8 || (tag_len >= 12 && tag_len <= 16); +} + // ============================================================================ CipherCtxPointer CipherCtxPointer::New() { @@ -3902,4 +3915,34 @@ std::pair X509Name::Iterator::operator*() const { std::string(reinterpret_cast(value_str), value_str_size)}; } +// ============================================================================ + +Dsa::Dsa() : dsa_(nullptr) {} + +Dsa::Dsa(OSSL3_CONST DSA* dsa) : dsa_(dsa) {} + +const BIGNUM* Dsa::getP() const { + if (dsa_ == nullptr) return nullptr; + const BIGNUM* p; + DSA_get0_pqg(dsa_, &p, nullptr, nullptr); + return p; +} + +const BIGNUM* Dsa::getQ() const { + if (dsa_ == nullptr) return nullptr; + const BIGNUM* q; + DSA_get0_pqg(dsa_, nullptr, &q, nullptr); + return q; +} + +size_t Dsa::getModulusLength() const { + if (dsa_ == nullptr) return 0; + return BignumPointer::GetBitCount(getP()); +} + +size_t Dsa::getDivisorLength() const { + if (dsa_ == nullptr) return 0; + return BignumPointer::GetBitCount(getQ()); +} + } // namespace ncrypto diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h index 3340c137e52669..abc829aec712ee 100644 --- a/deps/ncrypto/ncrypto.h +++ b/deps/ncrypto/ncrypto.h @@ -221,6 +221,7 @@ class ECDSASigPointer; class ECGroupPointer; class ECPointPointer; class ECKeyPointer; +class Dsa; class Rsa; class Ec; @@ -267,7 +268,7 @@ class Cipher final { bool isSupportedAuthenticatedMode() const; - static const Cipher FromName(const char* name); + static const Cipher FromName(std::string_view name); static const Cipher FromNid(int nid); static const Cipher FromCtx(const CipherCtxPointer& ctx); @@ -292,10 +293,33 @@ class Cipher final { const CipherParams& params, const Buffer in); + static bool IsValidGCMTagLength(unsigned int tag_len); + private: const EVP_CIPHER* cipher_ = nullptr; }; +// ============================================================================ +// DSA + +class Dsa final { + public: + Dsa(); + Dsa(OSSL3_CONST DSA* dsa); + NCRYPTO_DISALLOW_COPY_AND_MOVE(Dsa) + + inline operator bool() const { return dsa_ != nullptr; } + inline operator OSSL3_CONST DSA*() const { return dsa_; } + + const BIGNUM* getP() const; + const BIGNUM* getQ() const; + size_t getModulusLength() const; + size_t getDivisorLength() const; + + private: + OSSL3_CONST DSA* dsa_; +}; + // ============================================================================ // RSA @@ -767,6 +791,7 @@ class EVPKeyPointer final { std::optional getBytesOfRS() const; int getDefaultSignPadding() const; operator Rsa() const; + operator Dsa() const; bool isRsaVariant() const; bool isOneShotVariant() const; diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc index dca59f16723ef8..85996f605a9c52 100644 --- a/src/crypto/crypto_cipher.cc +++ b/src/crypto/crypto_cipher.cc @@ -35,10 +35,6 @@ using v8::Value; namespace crypto { namespace { -bool IsValidGCMTagLength(unsigned int tag_len) { - return tag_len == 4 || tag_len == 8 || (tag_len >= 12 && tag_len <= 16); -} - // Collects and returns information on the given cipher void GetCipherInfo(const FunctionCallbackInfo& args) { Environment* env = Environment::GetCurrent(args); @@ -50,7 +46,7 @@ void GetCipherInfo(const FunctionCallbackInfo& args) { const auto cipher = ([&] { if (args[1]->IsString()) { Utf8Value name(env->isolate(), args[1]); - return Cipher::FromName(*name); + return Cipher::FromName(name.ToStringView()); } else { int nid = args[1].As()->Value(); return Cipher::FromNid(nid); @@ -166,16 +162,19 @@ void GetCipherInfo(const FunctionCallbackInfo& args) { } // namespace void CipherBase::GetSSLCiphers(const FunctionCallbackInfo& args) { + MarkPopErrorOnReturn mark_pop_error_on_return; Environment* env = Environment::GetCurrent(args); auto ctx = SSLCtxPointer::New(); if (!ctx) { - return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new"); + return ThrowCryptoError( + env, mark_pop_error_on_return.peekError(), "SSL_CTX_new"); } auto ssl = SSLPointer::New(ctx); if (!ssl) { - return ThrowCryptoError(env, ERR_get_error(), "SSL_new"); + return ThrowCryptoError( + env, mark_pop_error_on_return.peekError(), "SSL_new"); } LocalVector arr(env->isolate()); @@ -309,6 +308,7 @@ void CipherBase::CommonInit(const char* cipher_type, const unsigned char* iv, int iv_len, unsigned int auth_tag_len) { + MarkPopErrorOnReturn mark_pop_error_on_return; CHECK(!ctx_); ctx_ = CipherCtxPointer::New(); CHECK(ctx_); @@ -319,14 +319,16 @@ void CipherBase::CommonInit(const char* cipher_type, const bool encrypt = (kind_ == kCipher); if (!ctx_.init(cipher, encrypt)) { - return ThrowCryptoError(env(), ERR_get_error(), + return ThrowCryptoError(env(), + mark_pop_error_on_return.peekError(), "Failed to initialize cipher"); } if (cipher.isSupportedAuthenticatedMode()) { CHECK_GE(iv_len, 0); - if (!InitAuthenticated(cipher_type, iv_len, auth_tag_len)) + if (!InitAuthenticated(cipher_type, iv_len, auth_tag_len)) { return; + } } if (!ctx_.setKeyLength(key_len)) { @@ -335,7 +337,8 @@ void CipherBase::CommonInit(const char* cipher_type, } if (!ctx_.init(Cipher(), encrypt, key, iv)) { - return ThrowCryptoError(env(), ERR_get_error(), + return ThrowCryptoError(env(), + mark_pop_error_on_return.peekError(), "Failed to initialize cipher"); } } @@ -422,8 +425,9 @@ void CipherBase::InitIv(const char* cipher_type, const bool has_iv = iv_buf.size() > 0; // Throw if no IV was passed and the cipher requires an IV - if (!has_iv && expected_iv_len != 0) + if (!has_iv && expected_iv_len != 0) { return THROW_ERR_CRYPTO_INVALID_IV(env()); + } // Throw if an IV was passed which does not match the cipher's fixed IV length // static_cast for the iv_buf.size() is safe because we've verified @@ -438,8 +442,9 @@ void CipherBase::InitIv(const char* cipher_type, // Check for invalid IV lengths, since OpenSSL does not under some // conditions: // https://www.openssl.org/news/secadv/20190306.txt. - if (iv_buf.size() > 12) + if (iv_buf.size() > 12) { return THROW_ERR_CRYPTO_INVALID_IV(env()); + } } CommonInit( @@ -504,7 +509,7 @@ bool CipherBase::InitAuthenticated( const int mode = ctx_.getMode(); if (mode == EVP_CIPH_GCM_MODE) { if (auth_tag_len != kNoAuthTagLength) { - if (!IsValidGCMTagLength(auth_tag_len)) { + if (!Cipher::IsValidGCMTagLength(auth_tag_len)) { THROW_ERR_CRYPTO_INVALID_AUTH_TAG( env(), "Invalid authentication tag length: %u", @@ -595,9 +600,11 @@ void CipherBase::GetAuthTag(const FunctionCallbackInfo& args) { return; } - args.GetReturnValue().Set( - Buffer::Copy(env, cipher->auth_tag_, cipher->auth_tag_len_) - .FromMaybe(Local())); + Local ret; + if (Buffer::Copy(env, cipher->auth_tag_, cipher->auth_tag_len_) + .ToLocal(&ret)) { + args.GetReturnValue().Set(ret); + } } void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { @@ -624,7 +631,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { // Restrict GCM tag lengths according to NIST 800-38d, page 9. is_valid = (cipher->auth_tag_len_ == kNoAuthTagLength || cipher->auth_tag_len_ == tag_len) && - IsValidGCMTagLength(tag_len); + Cipher::IsValidGCMTagLength(tag_len); } else { // At this point, the tag length is already known and must match the // length of the given authentication tag. @@ -693,12 +700,12 @@ bool CipherBase::SetAAD( return false; } - if (!CheckCCMMessageLength(plaintext_len)) + if (!CheckCCMMessageLength(plaintext_len)) { return false; + } - if (kind_ == kDecipher) { - if (!MaybePassAuthTagToOpenSSL()) - return false; + if (kind_ == kDecipher && !MaybePassAuthTagToOpenSSL()) { + return false; } ncrypto::Buffer buffer{ @@ -738,19 +745,20 @@ CipherBase::UpdateResult CipherBase::Update( const char* data, size_t len, std::unique_ptr* out) { - if (!ctx_ || len > INT_MAX) - return kErrorState; + if (!ctx_ || len > INT_MAX) return kErrorState; MarkPopErrorOnReturn mark_pop_error_on_return; const int mode = ctx_.getMode(); - if (mode == EVP_CIPH_CCM_MODE && !CheckCCMMessageLength(len)) + if (mode == EVP_CIPH_CCM_MODE && !CheckCCMMessageLength(len)) { return kErrorMessageSize; + } // Pass the authentication tag to OpenSSL if possible. This will only happen // once, usually on the first update. - if (kind_ == kDecipher && IsAuthenticatedMode()) + if (kind_ == kDecipher && IsAuthenticatedMode()) { CHECK(MaybePassAuthTagToOpenSSL()); + } const int block_size = ctx_.getBlockSize(); CHECK_GT(block_size, 0); @@ -800,34 +808,38 @@ CipherBase::UpdateResult CipherBase::Update( } void CipherBase::Update(const FunctionCallbackInfo& args) { - Decode(args, [](CipherBase* cipher, - const FunctionCallbackInfo& args, - const char* data, size_t size) { - std::unique_ptr out; - Environment* env = Environment::GetCurrent(args); - - if (size > INT_MAX) [[unlikely]] { - return THROW_ERR_OUT_OF_RANGE(env, "data is too long"); - } - UpdateResult r = cipher->Update(data, size, &out); - - if (r != kSuccess) { - if (r == kErrorState) { - ThrowCryptoError(env, ERR_get_error(), - "Trying to add data in unsupported state"); - } - return; - } + Decode( + args, + [](CipherBase* cipher, + const FunctionCallbackInfo& args, + const char* data, + size_t size) { + MarkPopErrorOnReturn mark_pop_error_on_return; + std::unique_ptr out; + Environment* env = Environment::GetCurrent(args); + + if (size > INT_MAX) [[unlikely]] { + return THROW_ERR_OUT_OF_RANGE(env, "data is too long"); + } + UpdateResult r = cipher->Update(data, size, &out); + + if (r != kSuccess) { + if (r == kErrorState) { + ThrowCryptoError(env, + mark_pop_error_on_return.peekError(), + "Trying to add data in unsupported state"); + } + return; + } - Local ab = ArrayBuffer::New(env->isolate(), std::move(out)); - args.GetReturnValue().Set( - Buffer::New(env, ab, 0, ab->ByteLength()).FromMaybe(Local())); - }); + auto ab = ArrayBuffer::New(env->isolate(), std::move(out)); + args.GetReturnValue().Set(Buffer::New(env, ab, 0, ab->ByteLength()) + .FromMaybe(Local())); + }); } bool CipherBase::SetAutoPadding(bool auto_padding) { - if (!ctx_) - return false; + if (!ctx_) return false; MarkPopErrorOnReturn mark_pop_error_on_return; return ctx_.setPadding(auto_padding); } @@ -841,8 +853,7 @@ void CipherBase::SetAutoPadding(const FunctionCallbackInfo& args) { } bool CipherBase::Final(std::unique_ptr* out) { - if (!ctx_) - return false; + if (!ctx_) return false; const int mode = ctx_.getMode(); @@ -906,11 +917,13 @@ bool CipherBase::Final(std::unique_ptr* out) { void CipherBase::Final(const FunctionCallbackInfo& args) { Environment* env = Environment::GetCurrent(args); + MarkPopErrorOnReturn mark_pop_error_on_return; CipherBase* cipher; ASSIGN_OR_RETURN_UNWRAP(&cipher, args.This()); - if (cipher->ctx_ == nullptr) + if (cipher->ctx_ == nullptr) { return THROW_ERR_CRYPTO_INVALID_STATE(env); + } std::unique_ptr out; @@ -923,10 +936,10 @@ void CipherBase::Final(const FunctionCallbackInfo& args) { ? "Unsupported state or unable to authenticate data" : "Unsupported state"; - return ThrowCryptoError(env, ERR_get_error(), msg); + return ThrowCryptoError(env, mark_pop_error_on_return.peekError(), msg); } - Local ab = ArrayBuffer::New(env->isolate(), std::move(out)); + auto ab = ArrayBuffer::New(env->isolate(), std::move(out)); args.GetReturnValue().Set( Buffer::New(env, ab, 0, ab->ByteLength()).FromMaybe(Local())); } @@ -974,8 +987,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo& args) { auto data = KeyObjectData::GetPublicOrPrivateKeyFromJs(args, &offset); if (!data) return; const auto& pkey = data.GetAsymmetricKey(); - if (!pkey) - return; + if (!pkey) return; ArrayBufferOrViewContents buf(args[offset]); if (!buf.CheckSizeInt32()) [[unlikely]] { diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc index 0e25a937e175fa..3cfcc42a989f55 100644 --- a/src/crypto/crypto_dh.cc +++ b/src/crypto/crypto_dh.cc @@ -524,11 +524,11 @@ bool DHBitsTraits::DeriveBits( return true; } -Maybe GetDhKeyDetail(Environment* env, - const KeyObjectData& key, - Local target) { +bool GetDhKeyDetail(Environment* env, + const KeyObjectData& key, + Local target) { CHECK_EQ(key.GetAsymmetricKey().id(), EVP_PKEY_DH); - return JustVoid(); + return true; } void DiffieHellman::Initialize(Environment* env, Local target) { diff --git a/src/crypto/crypto_dh.h b/src/crypto/crypto_dh.h index 2af668035bbb0a..c18729ad114a3f 100644 --- a/src/crypto/crypto_dh.h +++ b/src/crypto/crypto_dh.h @@ -115,9 +115,9 @@ struct DHBitsTraits final { using DHBitsJob = DeriveBitsJob; -v8::Maybe GetDhKeyDetail(Environment* env, - const KeyObjectData& key, - v8::Local target); +bool GetDhKeyDetail(Environment* env, + const KeyObjectData& key, + v8::Local target); } // namespace crypto } // namespace node diff --git a/src/crypto/crypto_dsa.cc b/src/crypto/crypto_dsa.cc index cac05aa55f8dd2..05f370ce70ea13 100644 --- a/src/crypto/crypto_dsa.cc +++ b/src/crypto/crypto_dsa.cc @@ -14,14 +14,13 @@ namespace node { -using ncrypto::BignumPointer; +using ncrypto::Dsa; using ncrypto::EVPKeyCtxPointer; using v8::FunctionCallbackInfo; using v8::Int32; using v8::JustVoid; using v8::Local; using v8::Maybe; -using v8::Nothing; using v8::Number; using v8::Object; using v8::Uint32; @@ -106,41 +105,28 @@ WebCryptoKeyExportStatus DSAKeyExportTraits::DoExport( } } -Maybe GetDsaKeyDetail(Environment* env, - const KeyObjectData& key, - Local target) { - const BIGNUM* p; // Modulus length - const BIGNUM* q; // Divisor length - - Mutex::ScopedLock lock(key.mutex()); - const auto& m_pkey = key.GetAsymmetricKey(); - int type = m_pkey.id(); - CHECK(type == EVP_PKEY_DSA); - - const DSA* dsa = EVP_PKEY_get0_DSA(m_pkey.get()); - CHECK_NOT_NULL(dsa); - - DSA_get0_pqg(dsa, &p, &q, nullptr); - - size_t modulus_length = BignumPointer::GetBitCount(p); - size_t divisor_length = BignumPointer::GetBitCount(q); - - if (target - ->Set( - env->context(), - env->modulus_length_string(), - Number::New(env->isolate(), static_cast(modulus_length))) - .IsNothing() || - target - ->Set( - env->context(), - env->divisor_length_string(), - Number::New(env->isolate(), static_cast(divisor_length))) - .IsNothing()) { - return Nothing(); - } - - return JustVoid(); +bool GetDsaKeyDetail(Environment* env, + const KeyObjectData& key, + Local target) { + if (!key) return false; + Dsa dsa = key.GetAsymmetricKey(); + if (!dsa) return false; + + size_t modulus_length = dsa.getModulusLength(); + size_t divisor_length = dsa.getDivisorLength(); + + return target + ->Set(env->context(), + env->modulus_length_string(), + Number::New(env->isolate(), + static_cast(modulus_length))) + .IsJust() && + target + ->Set(env->context(), + env->divisor_length_string(), + Number::New(env->isolate(), + static_cast(divisor_length))) + .IsJust(); } namespace DSAAlg { diff --git a/src/crypto/crypto_dsa.h b/src/crypto/crypto_dsa.h index c31aa9786558c2..d761aad2ad02c7 100644 --- a/src/crypto/crypto_dsa.h +++ b/src/crypto/crypto_dsa.h @@ -10,8 +10,7 @@ #include "memory_tracker.h" #include "v8.h" -namespace node { -namespace crypto { +namespace node::crypto { struct DsaKeyPairParams final : public MemoryRetainer { unsigned int modulus_bits; int divisor_bits; @@ -60,16 +59,15 @@ struct DSAKeyExportTraits final { using DSAKeyExportJob = KeyExportJob; -v8::Maybe GetDsaKeyDetail(Environment* env, - const KeyObjectData& key, - v8::Local target); +bool GetDsaKeyDetail(Environment* env, + const KeyObjectData& key, + v8::Local target); namespace DSAAlg { void Initialize(Environment* env, v8::Local target); void RegisterExternalReferences(ExternalReferenceRegistry* registry); } // namespace DSAAlg -} // namespace crypto -} // namespace node +} // namespace node::crypto #endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS #endif // SRC_CRYPTO_CRYPTO_DSA_H_ diff --git a/src/crypto/crypto_ec.cc b/src/crypto/crypto_ec.cc index d453d79a07341e..3753adaee80385 100644 --- a/src/crypto/crypto_ec.cc +++ b/src/crypto/crypto_ec.cc @@ -697,9 +697,9 @@ WebCryptoKeyExportStatus ECKeyExportTraits::DoExport( } } -Maybe ExportJWKEcKey(Environment* env, - const KeyObjectData& key, - Local target) { +bool ExportJWKEcKey(Environment* env, + const KeyObjectData& key, + Local target) { Mutex::ScopedLock lock(key.mutex()); const auto& m_pkey = key.GetAsymmetricKey(); CHECK_EQ(m_pkey.id(), EVP_PKEY_EC); @@ -720,14 +720,14 @@ Maybe ExportJWKEcKey(Environment* env, if (!EC_POINT_get_affine_coordinates(group, pub, x.get(), y.get(), nullptr)) { ThrowCryptoError(env, ERR_get_error(), "Failed to get elliptic-curve point coordinates"); - return Nothing(); + return false; } if (target->Set( env->context(), env->jwk_kty_string(), env->jwk_ec_string()).IsNothing()) { - return Nothing(); + return false; } if (SetEncodedValue( @@ -742,7 +742,7 @@ Maybe ExportJWKEcKey(Environment* env, env->jwk_y_string(), y.get(), degree_bytes).IsNothing()) { - return Nothing(); + return false; } Local crv_name; @@ -763,27 +763,28 @@ Maybe ExportJWKEcKey(Environment* env, default: { THROW_ERR_CRYPTO_JWK_UNSUPPORTED_CURVE( env, "Unsupported JWK EC curve: %s.", OBJ_nid2sn(nid)); - return Nothing(); + return false; } } if (target->Set( env->context(), env->jwk_crv_string(), crv_name).IsNothing()) { - return Nothing(); + return false; } if (key.GetKeyType() == kKeyTypePrivate) { auto pvt = ECKeyPointer::GetPrivateKey(ec); - return SetEncodedValue(env, target, env->jwk_d_string(), pvt, degree_bytes); + return SetEncodedValue(env, target, env->jwk_d_string(), pvt, degree_bytes) + .IsJust(); } - return JustVoid(); + return true; } -Maybe ExportJWKEdKey(Environment* env, - const KeyObjectData& key, - Local target) { +bool ExportJWKEdKey(Environment* env, + const KeyObjectData& key, + Local target) { Mutex::ScopedLock lock(key.mutex()); const auto& pkey = key.GetAsymmetricKey(); @@ -820,7 +821,8 @@ Maybe ExportJWKEdKey(Environment* env, return true; }; - if (target + return !( + target ->Set(env->context(), env->jwk_crv_string(), OneByteString(env->isolate(), curve)) @@ -829,11 +831,7 @@ Maybe ExportJWKEdKey(Environment* env, !trySetKey(env, pkey.rawPrivateKey(), target, env->jwk_d_string())) || !trySetKey(env, pkey.rawPublicKey(), target, env->jwk_x_string()) || target->Set(env->context(), env->jwk_kty_string(), env->jwk_okp_string()) - .IsNothing()) { - return Nothing(); - } - - return JustVoid(); + .IsNothing()); } KeyObjectData ImportJWKEcKey(Environment* env, @@ -897,9 +895,9 @@ KeyObjectData ImportJWKEcKey(Environment* env, return KeyObjectData::CreateAsymmetric(type, std::move(pkey)); } -Maybe GetEcKeyDetail(Environment* env, - const KeyObjectData& key, - Local target) { +bool GetEcKeyDetail(Environment* env, + const KeyObjectData& key, + Local target) { Mutex::ScopedLock lock(key.mutex()); const auto& m_pkey = key.GetAsymmetricKey(); CHECK_EQ(m_pkey.id(), EVP_PKEY_EC); @@ -910,14 +908,11 @@ Maybe GetEcKeyDetail(Environment* env, const auto group = ECKeyPointer::GetGroup(ec); int nid = EC_GROUP_get_curve_name(group); - if (target - ->Set(env->context(), - env->named_curve_string(), - OneByteString(env->isolate(), OBJ_nid2sn(nid))) - .IsNothing()) { - return Nothing(); - } - return JustVoid(); + return target + ->Set(env->context(), + env->named_curve_string(), + OneByteString(env->isolate(), OBJ_nid2sn(nid))) + .IsJust(); } // WebCrypto requires a different format for ECDSA signatures than diff --git a/src/crypto/crypto_ec.h b/src/crypto/crypto_ec.h index 7aeeebbe303eda..308f0b6d0440ab 100644 --- a/src/crypto/crypto_ec.h +++ b/src/crypto/crypto_ec.h @@ -141,22 +141,22 @@ struct ECKeyExportTraits final { using ECKeyExportJob = KeyExportJob; -v8::Maybe ExportJWKEcKey(Environment* env, - const KeyObjectData& key, - v8::Local target); +bool ExportJWKEcKey(Environment* env, + const KeyObjectData& key, + v8::Local target); -v8::Maybe ExportJWKEdKey(Environment* env, - const KeyObjectData& key, - v8::Local target); +bool ExportJWKEdKey(Environment* env, + const KeyObjectData& key, + v8::Local target); KeyObjectData ImportJWKEcKey(Environment* env, v8::Local jwk, const v8::FunctionCallbackInfo& args, unsigned int offset); -v8::Maybe GetEcKeyDetail(Environment* env, - const KeyObjectData& key, - v8::Local target); +bool GetEcKeyDetail(Environment* env, + const KeyObjectData& key, + v8::Local target); } // namespace crypto } // namespace node diff --git a/src/crypto/crypto_keygen.cc b/src/crypto/crypto_keygen.cc index 34f1e726d6c010..597c8bab781fc0 100644 --- a/src/crypto/crypto_keygen.cc +++ b/src/crypto/crypto_keygen.cc @@ -73,8 +73,9 @@ KeyGenJobStatus SecretKeyGenTraits::DoKeyGen(Environment* env, SecretKeyGenConfig* params) { auto bytes = DataPointer::Alloc(params->length); if (!ncrypto::CSPRNG(static_cast(bytes.get()), - params->length)) + params->length)) { return KeyGenJobStatus::FAILED; + } params->out = ByteSource::Allocated(bytes.release()); return KeyGenJobStatus::OK; } @@ -82,11 +83,7 @@ KeyGenJobStatus SecretKeyGenTraits::DoKeyGen(Environment* env, MaybeLocal SecretKeyGenTraits::EncodeKey(Environment* env, SecretKeyGenConfig* params) { auto data = KeyObjectData::CreateSecret(std::move(params->out)); - Local ret; - if (!KeyObjectHandle::Create(env, data).ToLocal(&ret)) { - return MaybeLocal(); - } - return ret; + return KeyObjectHandle::Create(env, data).FromMaybe(Local()); } namespace Keygen { @@ -99,7 +96,6 @@ void RegisterExternalReferences(ExternalReferenceRegistry* registry) { NidKeyPairGenJob::RegisterExternalReferences(registry); SecretKeyGenJob::RegisterExternalReferences(registry); } - } // namespace Keygen } // namespace crypto } // namespace node diff --git a/src/crypto/crypto_keygen.h b/src/crypto/crypto_keygen.h index 6fdac8333b6ac6..e43d8cb0475ff2 100644 --- a/src/crypto/crypto_keygen.h +++ b/src/crypto/crypto_keygen.h @@ -11,8 +11,7 @@ #include "memory_tracker.h" #include "v8.h" -namespace node { -namespace crypto { +namespace node::crypto { namespace Keygen { void Initialize(Environment* env, v8::Local target); void RegisterExternalReferences(ExternalReferenceRegistry* registry); @@ -184,13 +183,11 @@ struct KeyPairGenTraits final { static v8::MaybeLocal EncodeKey(Environment* env, AdditionalParameters* params) { v8::Local keys[2]; - if (params->key - .ToEncodedPublicKey(env, params->public_key_encoding, &keys[0]) - .IsNothing() || - params->key - .ToEncodedPrivateKey(env, params->private_key_encoding, &keys[1]) - .IsNothing()) { - return v8::MaybeLocal(); + if (!params->key.ToEncodedPublicKey( + env, params->public_key_encoding, &keys[0]) || + !params->key.ToEncodedPrivateKey( + env, params->private_key_encoding, &keys[1])) { + return {}; } return v8::Array::New(env->isolate(), keys, arraysize(keys)); } @@ -233,11 +230,6 @@ struct KeyPairGenConfig final : public MemoryRetainer { AlgorithmParams params; KeyPairGenConfig() = default; - ~KeyPairGenConfig() { - if (key) { - Mutex::ScopedLock priv_lock(key.mutex()); - } - } explicit KeyPairGenConfig(KeyPairGenConfig&& other) noexcept : public_key_encoding(other.public_key_encoding), @@ -291,8 +283,7 @@ struct NidKeyPairGenTraits final { using NidKeyPairGenJob = KeyGenJob>; using SecretKeyGenJob = KeyGenJob; -} // namespace crypto -} // namespace node +} // namespace node::crypto #endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS #endif // SRC_CRYPTO_CRYPTO_KEYGEN_H_ diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc index 2c55828facc35b..2ec1589c41621a 100644 --- a/src/crypto/crypto_keys.cc +++ b/src/crypto/crypto_keys.cc @@ -32,7 +32,6 @@ using v8::FunctionTemplate; using v8::Int32; using v8::Isolate; using v8::Just; -using v8::JustVoid; using v8::Local; using v8::Maybe; using v8::MaybeLocal; @@ -82,10 +81,11 @@ Maybe GetKeyFormatAndTypeFromJs( return Just(config); } -MaybeLocal BIOToStringOrBuffer( +MaybeLocal ToV8Value( Environment* env, const BIOPointer& bio, const EVPKeyPointer::AsymmetricKeyEncodingConfig& config) { + if (!bio) return {}; BUF_MEM* bptr = bio; if (config.format == EVPKeyPointer::PKFormatType::PEM) { // PEM is an ASCII format, so we will return it as a string. @@ -103,11 +103,9 @@ MaybeLocal WritePrivateKey( Environment* env, const EVPKeyPointer& pkey, const EVPKeyPointer::PrivateKeyEncodingConfig& config) { - CHECK(pkey); + if (!pkey) return {}; auto res = pkey.writePrivateKey(config); - if (res) { - return BIOToStringOrBuffer(env, std::move(res.value), config); - } + if (res) return ToV8Value(env, std::move(res.value), config); ThrowCryptoError( env, res.openssl_error.value_or(0), "Failed to encode private key"); @@ -118,47 +116,37 @@ MaybeLocal WritePublicKey( Environment* env, const EVPKeyPointer& pkey, const EVPKeyPointer::PublicKeyEncodingConfig& config) { - CHECK(pkey); + if (!pkey) return {}; auto res = pkey.writePublicKey(config); - if (res) { - return BIOToStringOrBuffer(env, res.value, config); - } + if (res) return ToV8Value(env, res.value, config); ThrowCryptoError( env, res.openssl_error.value_or(0), "Failed to encode public key"); return MaybeLocal(); } -Maybe ExportJWKSecretKey(Environment* env, - const KeyObjectData& key, - Local target) { +bool ExportJWKSecretKey(Environment* env, + const KeyObjectData& key, + Local target) { CHECK_EQ(key.GetKeyType(), kKeyTypeSecret); Local error; Local raw; - MaybeLocal key_data = StringBytes::Encode(env->isolate(), - key.GetSymmetricKey(), - key.GetSymmetricKeySize(), - BASE64URL, - &error); - if (!key_data.ToLocal(&raw)) { - CHECK(!error.IsEmpty()); + if (!StringBytes::Encode(env->isolate(), + key.GetSymmetricKey(), + key.GetSymmetricKeySize(), + BASE64URL, + &error) + .ToLocal(&raw)) { + DCHECK(!error.IsEmpty()); env->isolate()->ThrowException(error); - return Nothing(); + return false; } - if (target->Set( - env->context(), - env->jwk_kty_string(), - env->jwk_oct_string()).IsNothing() || - target->Set( - env->context(), - env->jwk_k_string(), - raw).IsNothing()) { - return Nothing(); - } - - return JustVoid(); + return target + ->Set(env->context(), env->jwk_kty_string(), env->jwk_oct_string()) + .IsJust() && + target->Set(env->context(), env->jwk_k_string(), raw).IsJust(); } KeyObjectData ImportJWKSecretKey(Environment* env, Local jwk) { @@ -174,10 +162,10 @@ KeyObjectData ImportJWKSecretKey(Environment* env, Local jwk) { ByteSource::FromEncodedString(env, key.As())); } -Maybe ExportJWKAsymmetricKey(Environment* env, - const KeyObjectData& key, - Local target, - bool handleRsaPss) { +bool ExportJWKAsymmetricKey(Environment* env, + const KeyObjectData& key, + Local target, + bool handleRsaPss) { switch (key.GetAsymmetricKey().id()) { case EVP_PKEY_RSA_PSS: { if (handleRsaPss) return ExportJWKRsaKey(env, key, target); @@ -197,7 +185,7 @@ Maybe ExportJWKAsymmetricKey(Environment* env, return ExportJWKEdKey(env, key, target); } THROW_ERR_CRYPTO_JWK_UNSUPPORTED_KEY_TYPE(env); - return Nothing(); + return false; } KeyObjectData ImportJWKAsymmetricKey(Environment* env, @@ -216,35 +204,39 @@ KeyObjectData ImportJWKAsymmetricKey(Environment* env, return {}; } -Maybe GetSecretKeyDetail(Environment* env, - const KeyObjectData& key, - Local target) { +bool GetSecretKeyDetail(Environment* env, + const KeyObjectData& key, + Local target) { // For the secret key detail, all we care about is the length, // converted to bits. - size_t length = key.GetSymmetricKeySize() * CHAR_BIT; - if (target - ->Set(env->context(), - env->length_string(), - Number::New(env->isolate(), static_cast(length))) - .IsNothing()) { - return Nothing(); - } - return JustVoid(); + return target + ->Set(env->context(), + env->length_string(), + Number::New( + env->isolate(), + static_cast(key.GetSymmetricKeySize() * CHAR_BIT))) + .IsJust(); } -Maybe GetAsymmetricKeyDetail(Environment* env, - const KeyObjectData& key, - Local target) { +bool GetAsymmetricKeyDetail(Environment* env, + const KeyObjectData& key, + Local target) { + if (!key) { + THROW_ERR_CRYPTO_OPERATION_FAILED(env); + return false; + } switch (key.GetAsymmetricKey().id()) { case EVP_PKEY_RSA: // Fall through + case EVP_PKEY_RSA2: + // Fall through case EVP_PKEY_RSA_PSS: return GetRsaKeyDetail(env, key, target); case EVP_PKEY_DSA: return GetDsaKeyDetail(env, key, target); case EVP_PKEY_EC: return GetEcKeyDetail(env, key, target); case EVP_PKEY_DH: return GetDhKeyDetail(env, key, target); } THROW_ERR_CRYPTO_INVALID_KEYTYPE(env); - return Nothing(); + return false; } KeyObjectData TryParsePrivateKey( @@ -266,30 +258,34 @@ KeyObjectData TryParsePrivateKey( return {}; } -// This maps true to JustVoid and false to Nothing(). -static inline Maybe NothingIfFalse(bool b) { - return b ? JustVoid() : Nothing(); +bool ExportJWKInner(Environment* env, + const KeyObjectData& key, + Local result, + bool handleRsaPss) { + return key.GetKeyType() == kKeyTypeSecret + ? ExportJWKSecretKey(env, key, result.As()) + : ExportJWKAsymmetricKey( + env, key, result.As(), handleRsaPss); } -Maybe ExportJWKInner(Environment* env, - const KeyObjectData& key, - Local result, - bool handleRsaPss) { - switch (key.GetKeyType()) { - case kKeyTypeSecret: - return ExportJWKSecretKey(env, key, result.As()); - case kKeyTypePublic: - // Fall through - case kKeyTypePrivate: - return ExportJWKAsymmetricKey( - env, key, result.As(), handleRsaPss); - default: - UNREACHABLE(); +int GetOKPCurveFromName(const char* name) { + int nid; + if (strcmp(name, "Ed25519") == 0) { + nid = EVP_PKEY_ED25519; + } else if (strcmp(name, "Ed448") == 0) { + nid = EVP_PKEY_ED448; + } else if (strcmp(name, "X25519") == 0) { + nid = EVP_PKEY_X25519; + } else if (strcmp(name, "X448") == 0) { + nid = EVP_PKEY_X448; + } else { + nid = NID_undef; } + return nid; } } // namespace -Maybe KeyObjectData::ToEncodedPublicKey( +bool KeyObjectData::ToEncodedPublicKey( Environment* env, const EVPKeyPointer::PublicKeyEncodingConfig& config, Local* out) { @@ -297,36 +293,33 @@ Maybe KeyObjectData::ToEncodedPublicKey( if (config.output_key_object) { // Note that this has the downside of containing sensitive data of the // private key. - return NothingIfFalse( - KeyObjectHandle::Create(env, addRefWithType(KeyType::kKeyTypePublic)) - .ToLocal(out)); + return KeyObjectHandle::Create(env, addRefWithType(KeyType::kKeyTypePublic)) + .ToLocal(out); } else if (config.format == EVPKeyPointer::PKFormatType::JWK) { *out = Object::New(env->isolate()); return ExportJWKInner( env, addRefWithType(KeyType::kKeyTypePublic), *out, false); } - return NothingIfFalse( - WritePublicKey(env, GetAsymmetricKey(), config).ToLocal(out)); + return WritePublicKey(env, GetAsymmetricKey(), config).ToLocal(out); } -Maybe KeyObjectData::ToEncodedPrivateKey( +bool KeyObjectData::ToEncodedPrivateKey( Environment* env, const EVPKeyPointer::PrivateKeyEncodingConfig& config, Local* out) { CHECK(key_type_ != KeyType::kKeyTypeSecret); if (config.output_key_object) { - return NothingIfFalse( - KeyObjectHandle::Create(env, addRefWithType(KeyType::kKeyTypePrivate)) - .ToLocal(out)); + return KeyObjectHandle::Create(env, + addRefWithType(KeyType::kKeyTypePrivate)) + .ToLocal(out); } else if (config.format == EVPKeyPointer::PKFormatType::JWK) { *out = Object::New(env->isolate()); return ExportJWKInner( env, addRefWithType(KeyType::kKeyTypePrivate), *out, false); } - return NothingIfFalse( - WritePrivateKey(env, GetAsymmetricKey(), config).ToLocal(out)); + return WritePrivateKey(env, GetAsymmetricKey(), config).ToLocal(out); } Maybe @@ -502,6 +495,7 @@ KeyObjectData KeyObjectData::GetParsedKey(KeyType type, EVPKeyPointer&& pkey, ParseKeyResult ret, const char* default_msg) { + MarkPopErrorOnReturn mark_pop_error_on_return; switch (ret) { case ParseKeyResult::kParseKeyOk: { return CreateAsymmetric(type, std::move(pkey)); @@ -512,7 +506,7 @@ KeyObjectData KeyObjectData::GetParsedKey(KeyType type, return {}; } default: { - ThrowCryptoError(env, ERR_get_error(), default_msg); + ThrowCryptoError(env, mark_pop_error_on_return.peekError(), default_msg); return {}; } } @@ -593,12 +587,12 @@ size_t KeyObjectData::GetSymmetricKeySize() const { } bool KeyObjectHandle::HasInstance(Environment* env, Local value) { - Local t = env->crypto_key_object_handle_constructor(); + auto t = env->crypto_key_object_handle_constructor(); return !t.IsEmpty() && t->HasInstance(value); } Local KeyObjectHandle::Initialize(Environment* env) { - Local templ = env->crypto_key_object_handle_constructor(); + auto templ = env->crypto_key_object_handle_constructor(); if (templ.IsEmpty()) { Isolate* isolate = env->isolate(); templ = NewFunctionTemplate(isolate, New); @@ -646,8 +640,9 @@ MaybeLocal KeyObjectHandle::Create(Environment* env, Local obj; Local ctor = KeyObjectHandle::Initialize(env); CHECK(!env->crypto_key_object_handle_constructor().IsEmpty()); - if (!ctor->NewInstance(env->context(), 0, nullptr).ToLocal(&obj)) - return MaybeLocal(); + if (!ctor->NewInstance(env->context(), 0, nullptr).ToLocal(&obj)) { + return {}; + } KeyObjectHandle* key = Unwrap(obj); CHECK_NOT_NULL(key); @@ -783,22 +778,6 @@ void KeyObjectHandle::InitECRaw(const FunctionCallbackInfo& args) { args.GetReturnValue().Set(true); } -int GetOKPCurveFromName(const char* name) { - int nid; - if (strcmp(name, "Ed25519") == 0) { - nid = EVP_PKEY_ED25519; - } else if (strcmp(name, "Ed448") == 0) { - nid = EVP_PKEY_ED448; - } else if (strcmp(name, "X25519") == 0) { - nid = EVP_PKEY_X25519; - } else if (strcmp(name, "X448") == 0) { - nid = EVP_PKEY_X448; - } else { - nid = NID_undef; - } - return nid; -} - void KeyObjectHandle::InitEDRaw(const FunctionCallbackInfo& args) { Environment* env = Environment::GetCurrent(args); KeyObjectHandle* key; @@ -867,6 +846,7 @@ void KeyObjectHandle::Equals(const FunctionCallbackInfo& args) { break; } case kKeyTypePublic: + // Fall through case kKeyTypePrivate: { EVP_PKEY* pkey = key.GetAsymmetricKey().get(); EVP_PKEY* pkey2 = key2.GetAsymmetricKey().get(); @@ -898,22 +878,16 @@ void KeyObjectHandle::GetKeyDetail(const FunctionCallbackInfo& args) { const auto& data = key->Data(); - switch (data.GetKeyType()) { - case kKeyTypeSecret: - if (GetSecretKeyDetail(env, data, args[0].As()).IsNothing()) - return; - break; - case kKeyTypePublic: - // Fall through - case kKeyTypePrivate: - if (GetAsymmetricKeyDetail(env, data, args[0].As()).IsNothing()) - return; - break; - default: - UNREACHABLE(); + if (data.GetKeyType() == kKeyTypeSecret) { + if (GetSecretKeyDetail(env, data, args[0].As())) [[likely]] { + args.GetReturnValue().Set(args[0]); + } + return; } - args.GetReturnValue().Set(args[0]); + if (GetAsymmetricKeyDetail(env, data, args[0].As())) [[likely]] { + args.GetReturnValue().Set(args[0]); + } } Local KeyObjectHandle::GetAsymmetricKeyType() const { @@ -957,11 +931,8 @@ bool KeyObjectHandle::CheckEcKeyData() const { CHECK(ctx); CHECK_EQ(key.id(), EVP_PKEY_EC); - if (data_.GetKeyType() == kKeyTypePrivate) { - return ctx.privateCheck(); - } - - return ctx.publicCheck(); + return data_.GetKeyType() == kKeyTypePrivate ? ctx.privateCheck() + : ctx.publicCheck(); } void KeyObjectHandle::CheckEcKeyData(const FunctionCallbackInfo& args) { @@ -984,12 +955,17 @@ void KeyObjectHandle::Export(const FunctionCallbackInfo& args) { ASSIGN_OR_RETURN_UNWRAP(&key, args.This()); KeyType type = key->Data().GetKeyType(); + unsigned int offset = 0; - MaybeLocal result; + Local result; if (type == kKeyTypeSecret) { - result = key->ExportSecretKey(); - } else if (type == kKeyTypePublic) { - unsigned int offset = 0; + if (key->ExportSecretKey().ToLocal(&result)) [[likely]] { + args.GetReturnValue().Set(result); + } + return; + } + + if (type == kKeyTypePublic) { EVPKeyPointer::PublicKeyEncodingConfig config; if (!KeyObjectData::GetPublicKeyEncodingFromJs( args, &offset, kKeyContextExport) @@ -997,28 +973,29 @@ void KeyObjectHandle::Export(const FunctionCallbackInfo& args) { return; } CHECK_EQ(offset, static_cast(args.Length())); - result = key->ExportPublicKey(config); - } else { - CHECK_EQ(type, kKeyTypePrivate); - unsigned int offset = 0; - EVPKeyPointer::PrivateKeyEncodingConfig config; - if (!KeyObjectData::GetPrivateKeyEncodingFromJs( - args, &offset, kKeyContextExport) - .To(&config)) { - return; + if (key->ExportPublicKey(config).ToLocal(&result)) [[likely]] { + args.GetReturnValue().Set(result); } - CHECK_EQ(offset, static_cast(args.Length())); - result = key->ExportPrivateKey(config); + return; } - if (!result.IsEmpty()) - args.GetReturnValue().Set(result.FromMaybe(Local())); + CHECK_EQ(type, kKeyTypePrivate); + EVPKeyPointer::PrivateKeyEncodingConfig config; + if (!KeyObjectData::GetPrivateKeyEncodingFromJs( + args, &offset, kKeyContextExport) + .To(&config)) { + return; + } + CHECK_EQ(offset, static_cast(args.Length())); + if (key->ExportPrivateKey(config).ToLocal(&result)) [[likely]] { + args.GetReturnValue().Set(result); + } } MaybeLocal KeyObjectHandle::ExportSecretKey() const { - const char* buf = data_.GetSymmetricKey(); - unsigned int len = data_.GetSymmetricKeySize(); - return Buffer::Copy(env(), buf, len).FromMaybe(Local()); + return Buffer::Copy( + env(), data_.GetSymmetricKey(), data_.GetSymmetricKeySize()) + .FromMaybe(Local()); } MaybeLocal KeyObjectHandle::ExportPublicKey( @@ -1040,9 +1017,9 @@ void KeyObjectHandle::ExportJWK( CHECK(args[0]->IsObject()); CHECK(args[1]->IsBoolean()); - ExportJWKInner(env, key->Data(), args[0], args[1]->IsTrue()); - - args.GetReturnValue().Set(args[0]); + if (ExportJWKInner(env, key->Data(), args[0], args[1]->IsTrue())) { + args.GetReturnValue().Set(args[0]); + } } void NativeKeyObject::Initialize(Environment* env, Local target) { diff --git a/src/crypto/crypto_keys.h b/src/crypto/crypto_keys.h index e4f3e03e59bf48..794e2699c8163f 100644 --- a/src/crypto/crypto_keys.h +++ b/src/crypto/crypto_keys.h @@ -16,9 +16,7 @@ #include #include -namespace node { -namespace crypto { - +namespace node::crypto { enum KeyType { kKeyTypeSecret, kKeyTypePublic, @@ -85,12 +83,12 @@ class KeyObjectData final : public MemoryRetainer { unsigned int* offset, KeyEncodingContext context); - v8::Maybe ToEncodedPublicKey( + bool ToEncodedPublicKey( Environment* env, const ncrypto::EVPKeyPointer::PublicKeyEncodingConfig& config, v8::Local* out); - v8::Maybe ToEncodedPrivateKey( + bool ToEncodedPrivateKey( Environment* env, const ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig& config, v8::Local* out); @@ -378,15 +376,11 @@ WebCryptoKeyExportStatus PKEY_SPKI_Export(const KeyObjectData& key_data, WebCryptoKeyExportStatus PKEY_PKCS8_Export(const KeyObjectData& key_data, ByteSource* out); -int GetOKPCurveFromName(const char* name); - namespace Keys { void Initialize(Environment* env, v8::Local target); void RegisterExternalReferences(ExternalReferenceRegistry* registry); } // namespace Keys - -} // namespace crypto -} // namespace node +} // namespace node::crypto #endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS #endif // SRC_CRYPTO_CRYPTO_KEYS_H_ diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc index f0e0f9fd5f94a1..7742cf204df6d8 100644 --- a/src/crypto/crypto_rsa.cc +++ b/src/crypto/crypto_rsa.cc @@ -318,9 +318,9 @@ WebCryptoCipherStatus RSACipherTraits::DoCipher(Environment* env, return WebCryptoCipherStatus::FAILED; } -Maybe ExportJWKRsaKey(Environment* env, - const KeyObjectData& key, - Local target) { +bool ExportJWKRsaKey(Environment* env, + const KeyObjectData& key, + Local target) { Mutex::ScopedLock lock(key.mutex()); const auto& m_pkey = key.GetAsymmetricKey(); @@ -328,7 +328,7 @@ Maybe ExportJWKRsaKey(Environment* env, if (!rsa || target->Set(env->context(), env->jwk_kty_string(), env->jwk_rsa_string()) .IsNothing()) { - return Nothing(); + return false; } auto pub_key = rsa.getPublicKey(); @@ -337,7 +337,7 @@ Maybe ExportJWKRsaKey(Environment* env, .IsNothing() || SetEncodedValue(env, target, env->jwk_e_string(), pub_key.e) .IsNothing()) { - return Nothing(); + return false; } if (key.GetKeyType() == kKeyTypePrivate) { @@ -354,11 +354,11 @@ Maybe ExportJWKRsaKey(Environment* env, .IsNothing() || SetEncodedValue(env, target, env->jwk_qi_string(), pvt_key.qi) .IsNothing()) { - return Nothing(); + return false; } } - return JustVoid(); + return true; } KeyObjectData ImportJWKRsaKey(Environment* env, @@ -441,16 +441,16 @@ KeyObjectData ImportJWKRsaKey(Environment* env, return KeyObjectData::CreateAsymmetric(type, std::move(pkey)); } -Maybe GetRsaKeyDetail(Environment* env, - const KeyObjectData& key, - Local target) { +bool GetRsaKeyDetail(Environment* env, + const KeyObjectData& key, + Local target) { Mutex::ScopedLock lock(key.mutex()); const auto& m_pkey = key.GetAsymmetricKey(); // TODO(tniessen): Remove the "else" branch once we drop support for OpenSSL // versions older than 1.1.1e via FIPS / dynamic linking. const ncrypto::Rsa rsa = m_pkey; - if (!rsa) return Nothing(); + if (!rsa) return false; auto pub_key = rsa.getPublicKey(); @@ -461,7 +461,7 @@ Maybe GetRsaKeyDetail(Environment* env, env->isolate(), static_cast(BignumPointer::GetBitCount(pub_key.n)))) .IsNothing()) { - return Nothing(); + return false; } auto public_exponent = ArrayBuffer::NewBackingStore( @@ -479,7 +479,7 @@ Maybe GetRsaKeyDetail(Environment* env, env->public_exponent_string(), ArrayBuffer::New(env->isolate(), std::move(public_exponent))) .IsNothing()) { - return Nothing(); + return false; } if (m_pkey.id() == EVP_PKEY_RSA_PSS) { @@ -500,7 +500,7 @@ Maybe GetRsaKeyDetail(Environment* env, env->hash_algorithm_string(), OneByteString(env->isolate(), params.digest)) .IsNothing()) { - return Nothing(); + return false; } // If, for some reason, the MGF is not MGF1, then the MGF1 hash function @@ -512,7 +512,7 @@ Maybe GetRsaKeyDetail(Environment* env, env->mgf1_hash_algorithm_string(), OneByteString(env->isolate(), digest)) .IsNothing()) { - return Nothing(); + return false; } } @@ -521,12 +521,12 @@ Maybe GetRsaKeyDetail(Environment* env, env->salt_length_string(), Integer::New(env->isolate(), params.salt_length)) .IsNothing()) { - return Nothing(); + return false; } } } - return JustVoid(); + return true; } namespace RSAAlg { diff --git a/src/crypto/crypto_rsa.h b/src/crypto/crypto_rsa.h index 6fc48da1aea2cd..db5ba492faa398 100644 --- a/src/crypto/crypto_rsa.h +++ b/src/crypto/crypto_rsa.h @@ -112,18 +112,18 @@ struct RSACipherTraits final { using RSACipherJob = CipherJob; -v8::Maybe ExportJWKRsaKey(Environment* env, - const KeyObjectData& key, - v8::Local target); +bool ExportJWKRsaKey(Environment* env, + const KeyObjectData& key, + v8::Local target); KeyObjectData ImportJWKRsaKey(Environment* env, v8::Local jwk, const v8::FunctionCallbackInfo& args, unsigned int offset); -v8::Maybe GetRsaKeyDetail(Environment* env, - const KeyObjectData& key, - v8::Local target); +bool GetRsaKeyDetail(Environment* env, + const KeyObjectData& key, + v8::Local target); namespace RSAAlg { void Initialize(Environment* env, v8::Local target);