1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tls: use emitWarning() for dhparam < 2048 bits

Browse Source 
When a dhparam less than 2048 bits was used, a warning was being
printed directly to console.error using an internalUtil.trace
function that was not used anywhere else. This replaces it with
a proper process warning and removes the internalUtil.trace
function.

PR-URL: https://github.com/nodejs/node/pull/11447
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
This commit is contained in:
James M Snell 2017-02-17 15:00:20 -08:00
parent 051047231e
commit d523eb9c40
4 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/_tls_common.js
View File

@ -1,6 +1,5 @@
'use strict'; 'use strict';
const internalUtil = require('internal/util');
const tls = require('tls'); const tls = require('tls');
const SSL_OP_CIPHER_SERVER_PREFERENCE = const SSL_OP_CIPHER_SERVER_PREFERENCE =
@ -99,7 +98,7 @@ exports.createSecureContext = function createSecureContext(options, context) {
if (options.dhparam) { if (options.dhparam) {
const warning = c.context.setDHParam(options.dhparam); const warning = c.context.setDHParam(options.dhparam);
if (warning) if (warning)
internalUtil.trace(warning); process.emitWarning(warning, 'SecurityWarning');
} }
if (options.crl) { if (options.crl) {

5
lib/internal/util.js
View File

@ -1,7 +1,6 @@
'use strict'; 'use strict';
const binding = process.binding('util'); const binding = process.binding('util');
const prefix = `(${process.release.name}:${process.pid}) `;
const kArrowMessagePrivateSymbolIndex = binding['arrow_message_private_symbol']; const kArrowMessagePrivateSymbolIndex = binding['arrow_message_private_symbol'];
const kDecoratedPrivateSymbolIndex = binding['decorated_private_symbol']; const kDecoratedPrivateSymbolIndex = binding['decorated_private_symbol'];
@ -10,10 +9,6 @@ const kDecoratedPrivateSymbolIndex = binding['decorated_private_symbol'];
// `util` module makes it accessible without having to `require('util')` there. // `util` module makes it accessible without having to `require('util')` there.
exports.customInspectSymbol = Symbol('util.inspect.custom'); exports.customInspectSymbol = Symbol('util.inspect.custom');
exports.trace = function(msg) {
console.trace(`${prefix}${msg}`);
};
// Mark that a method should not be used. // Mark that a method should not be used.
// Returns a modified function which warns once by default. // Returns a modified function which warns once by default.
// If --no-deprecation is set, then it is a no-op. // If --no-deprecation is set, then it is a no-op.

2
src/node_crypto.cc
View File

@ -933,7 +933,7 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
return env->ThrowError("DH parameter is less than 1024 bits"); return env->ThrowError("DH parameter is less than 1024 bits");
} else if (size < 2048) { } else if (size < 2048) {
args.GetReturnValue().Set(FIXED_ONE_BYTE_STRING( args.GetReturnValue().Set(FIXED_ONE_BYTE_STRING(
env->isolate(), "WARNING: DH parameter is less than 2048 bits")); env->isolate(), "DH parameter is less than 2048 bits"));
} }
SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE); SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE);

4
test/parallel/test-tls-dhe.js
View File

@ -1,3 +1,4 @@
// Flags: --no-warnings
'use strict'; 'use strict';
const common = require('../common'); const common = require('../common');
const assert = require('assert'); const assert = require('assert');
@ -22,6 +23,9 @@ let nsuccess = 0;
let ntests = 0; let ntests = 0;
const ciphers = 'DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; const ciphers = 'DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
// Test will emit a warning because the DH parameter size is < 2048 bits
common.expectWarning('SecurityWarning',
'DH parameter is less than 2048 bits');
function loadDHParam(n) { function loadDHParam(n) {
let path = common.fixturesDir; let path = common.fixturesDir;