crypto: upgrade pbkdf2 without digest to an error #11305
Conversation
jasnell
added
the
semver-major
nodejs-github-bot
added
the
crypto
|
cc @nodejs/crypto @bnoordhuis |
lib/crypto.js
Outdated
| pbkdf2DeprecationWarning(); | ||
| // Formerly Deprecation code DEP0009 | ||
| throw new TypeError( | ||
| 'The "digest" argument is required and must not be undefined'); |
There was a problem hiding this comment.
Can you indent by two additional spaces here?
There was a problem hiding this comment.
It checks if digest is a function and throws error saying must not be undefined. I think this could do stricter validations.
lib/crypto.js
Outdated
| if (digest === undefined) { | ||
| // Formerly Deprecation code DEP0009 | ||
| throw new TypeError( | ||
| 'The "digest" argument is required and must not be undefined'); |
There was a problem hiding this comment.
Ditto. Out of curiosity, is there a reason you can't move the check to the pbkdf2 function below? That would avoid the duplication.
There was a problem hiding this comment.
and null is allowed? Or will another layer throw for that case? basically, looks like the check should be against == undefined to me, but there is clearly another layer doing a check for digests like 'the-happy-digest', and other invalid input (numbers, etc.), so maybe its covered there.
doc/api/deprecations.md
Outdated
| Use of the [`crypto.pbkdf2()`][] API without specifying a digest was deprecated | ||
| in Node.js 6.0 because the method defaulted to using the non-recommendend | ||
| `'SHA1'` digest. Previously, a deprecation warning was printed. Starting in | ||
| Node.js 8.0.0, calling the `crypto.pbkdf2()` or `crypto.pbkdf2Sync()` with an |
doc/api/deprecations.md
Outdated
| in Node.js 6.0 because the method defaulted to using the non-recommendend | ||
| `'SHA1'` digest. Previously, a deprecation warning was printed. Starting in | ||
| Node.js 8.0.0, calling the `crypto.pbkdf2()` or `crypto.pbkdf2Sync()` with an | ||
| undefined `digest` will throw a `TypeError`. |
There was a problem hiding this comment.
what if its null? Maybe, "with an unspecified digest" or "with a non-string digest"?
lib/crypto.js
Outdated
| if (digest === undefined) { | ||
| // Formerly Deprecation code DEP0009 | ||
| throw new TypeError( | ||
| 'The "digest" argument is required and must not be undefined'); |
There was a problem hiding this comment.
and null is allowed? Or will another layer throw for that case? basically, looks like the check should be against == undefined to me, but there is clearly another layer doing a check for digests like 'the-happy-digest', and other invalid input (numbers, etc.), so maybe its covered there.
|
to be honest, not sure what we should do with null. the current code only prints the deprecation notice if it's undefined so this only throws if it's undefined. The assumption, I believe, is that passing null is more explicit and is therefore ok. |
|
Updated to address feedback. New CI: https://ci.nodejs.org/job/node-test-pull-request/6365/ |
Commit a116358 added a deprecation warning when pbkdf2 was called without an explicit `digest` argument. This was because the default digest is `sha1`, which is not-recommended from a security point of view. This upgrades it to a runtime error when `digest` is undefined per the plan discussed in the original issue. Ref: nodejs@a116358
jasnell
force-pushed
the
crypto-error-pbkdf2-without-digest
branch
from
62568ab
to
6c58166
Compare
|
@nodejs/ctc ... any further thoughts? |
| @@ -562,15 +556,17 @@ exports.pbkdf2 = function(password, | |||
|
|
|||
|
|
|||
| exports.pbkdf2Sync = function(password, salt, iterations, keylen, digest) { | |||
There was a problem hiding this comment.
Let's simply do exports.pbkdf2Sync = pbkdf2
There was a problem hiding this comment.
That would change the signature of pbkdf2Sync (it would accept the callback argument and change the value of pbkdf2Sync.length).
Commit a116358 added a deprecation warning when pbkdf2 was called without an explicit `digest` argument. This was because the default digest is `sha1`, which is not-recommended from a security point of view. This upgrades it to a runtime error when `digest` is undefined per the plan discussed in the original issue. Ref: a116358 PR-URL: #11305 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
|
Landed in 9f74184 |
Calling `crypto.pbkdf2()` without a digest has been deprecated in Node and is scheduled to be broken in Node 8. Fix this by actually passing a digest. ref: nodejs/node#11305
|
@jasnell This breaks CITGM because it was used in the express tests in the deprecated way… it’s “just” in an example script, but we really should have run that on this :/ I opened expressjs/express#3207 but there might be another problem with express + Node master… I’m looking into it |
|
Argh... Ok. |
Commit a116358 added a deprecation warning when pbkdf2 was called without an explicit
digestargument. This was because the default digest issha1, which is not-recommended from a security point of view. This upgrades it to a runtime error whendigestis undefined per the plan discussed in the original issue.Ref: a116358
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAffected core subsystem(s)
crypto