src: cleaning up more crypto internals for ncrypto

PR-URL: #56526 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
nodejs · Jan 14, 2025 · 6879ab9 · 6879ab9
1 parent afaa14b
commit 6879ab9
Show file tree

Hide file tree

Showing 40 changed files with 336 additions and 277 deletions.
diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h
@@ -197,10 +197,7 @@ using DeleteFnPtr = typename FunctionDeleter<T, function>::Pointer;
 
 using BignumCtxPointer = DeleteFnPtr<BN_CTX, BN_CTX_free>;
 using BignumGenCallbackPointer = DeleteFnPtr<BN_GENCB, BN_GENCB_free>;
-using DSAPointer = DeleteFnPtr<DSA, DSA_free>;
-using DSASigPointer = DeleteFnPtr<DSA_SIG, DSA_SIG_free>;
 using ECDSASigPointer = DeleteFnPtr<ECDSA_SIG, ECDSA_SIG_free>;
-using ECPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
 using ECGroupPointer = DeleteFnPtr<EC_GROUP, EC_GROUP_free>;
 using ECKeyPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
 using ECPointPointer = DeleteFnPtr<EC_POINT, EC_POINT_free>;

diff --git a/src/crypto/crypto_aes.cc b/src/crypto/crypto_aes.cc
@@ -16,6 +16,9 @@
 
 namespace node {
 
+using ncrypto::BignumPointer;
+using ncrypto::Cipher;
+using ncrypto::CipherCtxPointer;
 using v8::FunctionCallbackInfo;
 using v8::Just;
 using v8::JustVoid;
@@ -60,7 +63,7 @@ WebCryptoCipherStatus AES_Cipher(Environment* env,
 
   if (!ctx.setKeyLength(key_data.GetSymmetricKeySize()) ||
       !ctx.init(
-          ncrypto::Cipher(),
+          Cipher(),
           encrypt,
           reinterpret_cast<const unsigned char*>(key_data.GetSymmetricKey()),
           params.iv.data<unsigned char>())) {
@@ -464,7 +467,7 @@ Maybe<void> AESCipherTraits::AdditionalConfig(
   }
 #undef V
 
-  params->cipher = ncrypto::Cipher::FromNid(cipher_nid);
+  params->cipher = Cipher::FromNid(cipher_nid);
   if (!params->cipher) {
     THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
     return Nothing<void>();

diff --git a/src/crypto/crypto_bio.cc b/src/crypto/crypto_bio.cc
@@ -30,6 +30,9 @@
 #include <cstring>
 
 namespace node {
+
+using ncrypto::BIOPointer;
+
 namespace crypto {
 
 BIOPointer NodeBIO::New(Environment* env) {

diff --git a/src/crypto/crypto_bio.h b/src/crypto/crypto_bio.h
@@ -43,12 +43,13 @@ class NodeBIO : public MemoryRetainer {
  public:
   ~NodeBIO() override;
 
-  static BIOPointer New(Environment* env = nullptr);
+  static ncrypto::BIOPointer New(Environment* env = nullptr);
 
   // NewFixed takes a copy of `len` bytes from `data` and returns a BIO that,
   // when read from, returns those bytes followed by EOF.
-  static BIOPointer NewFixed(const char* data, size_t len,
-                             Environment* env = nullptr);
+  static ncrypto::BIOPointer NewFixed(const char* data,
+                                      size_t len,
+                                      Environment* env = nullptr);
 
   // Move read head to next buffer if needed
   void TryMoveReadHead();

diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
@@ -10,6 +10,13 @@
 
 namespace node {
 
+using ncrypto::Cipher;
+using ncrypto::CipherCtxPointer;
+using ncrypto::EVPKeyCtxPointer;
+using ncrypto::EVPKeyPointer;
+using ncrypto::MarkPopErrorOnReturn;
+using ncrypto::SSLCtxPointer;
+using ncrypto::SSLPointer;
 using v8::Array;
 using v8::ArrayBuffer;
 using v8::BackingStore;
@@ -42,10 +49,10 @@ void GetCipherInfo(const FunctionCallbackInfo<Value>& args) {
   const auto cipher = ([&] {
     if (args[1]->IsString()) {
       Utf8Value name(env->isolate(), args[1]);
-      return ncrypto::Cipher::FromName(*name);
+      return Cipher::FromName(*name);
     } else {
       int nid = args[1].As<Int32>()->Value();
-      return ncrypto::Cipher::FromNid(nid);
+      return Cipher::FromNid(nid);
     }
   })();
 
@@ -334,7 +341,7 @@ void CipherBase::CommonInit(const char* cipher_type,
     return THROW_ERR_CRYPTO_INVALID_KEYLEN(env());
   }
 
-  if (!ctx_.init(ncrypto::Cipher(), encrypt, key, iv)) {
+  if (!ctx_.init(Cipher(), encrypt, key, iv)) {
     return ThrowCryptoError(env(), ERR_get_error(),
                             "Failed to initialize cipher");
   }
@@ -345,7 +352,7 @@ void CipherBase::Init(const char* cipher_type,
                       unsigned int auth_tag_len) {
   HandleScope scope(env()->isolate());
   MarkPopErrorOnReturn mark_pop_error_on_return;
-  auto cipher = ncrypto::Cipher::FromName(cipher_type);
+  auto cipher = Cipher::FromName(cipher_type);
   if (!cipher) {
     return THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env());
   }
@@ -415,7 +422,7 @@ void CipherBase::InitIv(const char* cipher_type,
   HandleScope scope(env()->isolate());
   MarkPopErrorOnReturn mark_pop_error_on_return;
 
-  auto cipher = ncrypto::Cipher::FromName(cipher_type);
+  auto cipher = Cipher::FromName(cipher_type);
   if (!cipher) return THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env());
 
   const int expected_iv_len = cipher.getIvLength();
@@ -628,8 +635,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
   } else {
     // At this point, the tag length is already known and must match the
     // length of the given authentication tag.
-    CHECK(
-        ncrypto::Cipher::FromCtx(cipher->ctx_).isSupportedAuthenticatedMode());
+    CHECK(Cipher::FromCtx(cipher->ctx_).isSupportedAuthenticatedMode());
     CHECK_NE(cipher->auth_tag_len_, kNoAuthTagLength);
     is_valid = cipher->auth_tag_len_ == tag_len;
   }
@@ -854,7 +860,7 @@ bool CipherBase::Final(std::unique_ptr<BackingStore>* out) {
   }
 
   if (kind_ == kDecipher &&
-      ncrypto::Cipher::FromCtx(ctx_).isSupportedAuthenticatedMode()) {
+      Cipher::FromCtx(ctx_).isSupportedAuthenticatedMode()) {
     MaybePassAuthTagToOpenSSL();
   }
 

diff --git a/src/crypto/crypto_cipher.h b/src/crypto/crypto_cipher.h
@@ -85,7 +85,7 @@ class CipherBase : public BaseObject {
   CipherBase(Environment* env, v8::Local<v8::Object> wrap, CipherKind kind);
 
  private:
-  CipherCtxPointer ctx_;
+  ncrypto::CipherCtxPointer ctx_;
   const CipherKind kind_;
   AuthTagState auth_tag_state_;
   unsigned int auth_tag_len_;
@@ -110,7 +110,7 @@ class PublicKeyCipher {
             EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
             EVP_PKEY_cipher_t EVP_PKEY_cipher>
   static bool Cipher(Environment* env,
-                     const EVPKeyPointer& pkey,
+                     const ncrypto::EVPKeyPointer& pkey,
                      int padding,
                      const EVP_MD* digest,
                      const ArrayBufferOrViewContents<unsigned char>& oaep_label,

diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
@@ -27,7 +27,13 @@
 
 namespace node {
 
+using ncrypto::ClearErrorOnReturn;
+using ncrypto::EVPKeyPointer;
+using ncrypto::SSLPointer;
+using ncrypto::SSLSessionPointer;
 using ncrypto::StackOfX509;
+using ncrypto::X509Pointer;
+using ncrypto::X509View;
 using v8::ArrayBuffer;
 using v8::BackingStore;
 using v8::Context;
@@ -135,7 +141,7 @@ MaybeLocal<Object> AddIssuerChainToObject(X509Pointer* cert,
   for (;;) {
     int i;
     for (i = 0; i < sk_X509_num(peer_certs.get()); i++) {
-      ncrypto::X509View ca(sk_X509_value(peer_certs.get(), i));
+      X509View ca(sk_X509_value(peer_certs.get(), i));
       if (!cert->view().isIssuedBy(ca)) continue;
 
       Local<Value> ca_info;
@@ -243,7 +249,7 @@ MaybeLocal<Object> GetEphemeralKey(Environment* env, const SSLPointer& ssl) {
 
   EscapableHandleScope scope(env->isolate());
   Local<Object> info = Object::New(env->isolate());
-  crypto::EVPKeyPointer key = ssl.getPeerTempKey();
+  EVPKeyPointer key = ssl.getPeerTempKey();
   if (!key) return scope.Escape(info);
 
   Local<Context> context = env->context();
@@ -341,8 +347,8 @@ MaybeLocal<Value> GetPeerCert(
     if (cert) {
       return X509Certificate::toObject(env, cert.view());
     }
-    return X509Certificate::toObject(
-        env, ncrypto::X509View(sk_X509_value(ssl_certs, 0)));
+    return X509Certificate::toObject(env,
+                                     X509View(sk_X509_value(ssl_certs, 0)));
   }
 
   StackOfX509 peer_certs = CloneSSLCerts(std::move(cert), ssl_certs);
@@ -351,7 +357,7 @@ MaybeLocal<Value> GetPeerCert(
 
   // First and main certificate.
   Local<Value> result;
-  ncrypto::X509View first_cert(sk_X509_value(peer_certs.get(), 0));
+  X509View first_cert(sk_X509_value(peer_certs.get(), 0));
   CHECK(first_cert);
   if (!X509Certificate::toObject(env, first_cert).ToLocal(&result)) return {};
   CHECK(result->IsObject());

diff --git a/src/crypto/crypto_common.h b/src/crypto/crypto_common.h
@@ -22,35 +22,35 @@
 namespace node {
 namespace crypto {
 
-SSLSessionPointer GetTLSSession(const unsigned char* buf, size_t length);
+ncrypto::SSLSessionPointer GetTLSSession(const unsigned char* buf,
+                                         size_t length);
 
 long VerifyPeerCertificate(  // NOLINT(runtime/int)
-    const SSLPointer& ssl,
+    const ncrypto::SSLPointer& ssl,
     long def = X509_V_ERR_UNSPECIFIED);  // NOLINT(runtime/int)
 
-bool UseSNIContext(const SSLPointer& ssl, BaseObjectPtr<SecureContext> context);
+bool UseSNIContext(const ncrypto::SSLPointer& ssl,
+                   BaseObjectPtr<SecureContext> context);
 
 bool SetGroups(SecureContext* sc, const char* groups);
 
 v8::MaybeLocal<v8::Value> GetValidationErrorReason(Environment* env, int err);
 
 v8::MaybeLocal<v8::Value> GetValidationErrorCode(Environment* env, int err);
 
-v8::MaybeLocal<v8::Value> GetCert(Environment* env, const SSLPointer& ssl);
+v8::MaybeLocal<v8::Value> GetCert(Environment* env,
+                                  const ncrypto::SSLPointer& ssl);
 
-v8::MaybeLocal<v8::Object> GetCipherInfo(
-    Environment* env,
-    const SSLPointer& ssl);
+v8::MaybeLocal<v8::Object> GetCipherInfo(Environment* env,
+                                         const ncrypto::SSLPointer& ssl);
 
-v8::MaybeLocal<v8::Object> GetEphemeralKey(
-    Environment* env,
-    const SSLPointer& ssl);
+v8::MaybeLocal<v8::Object> GetEphemeralKey(Environment* env,
+                                           const ncrypto::SSLPointer& ssl);
 
-v8::MaybeLocal<v8::Value> GetPeerCert(
-    Environment* env,
-    const SSLPointer& ssl,
-    bool abbreviated = false,
-    bool is_server = false);
+v8::MaybeLocal<v8::Value> GetPeerCert(Environment* env,
+                                      const ncrypto::SSLPointer& ssl,
+                                      bool abbreviated = false,
+                                      bool is_server = false);
 
 v8::MaybeLocal<v8::Object> ECPointToBuffer(
     Environment* env,
@@ -60,9 +60,9 @@ v8::MaybeLocal<v8::Object> ECPointToBuffer(
     const char** error);
 
 v8::MaybeLocal<v8::Value> GetCurrentCipherName(Environment* env,
-                                               const SSLPointer& ssl);
-v8::MaybeLocal<v8::Value> GetCurrentCipherVersion(Environment* env,
-                                                  const SSLPointer& ssl);
+                                               const ncrypto::SSLPointer& ssl);
+v8::MaybeLocal<v8::Value> GetCurrentCipherVersion(
+    Environment* env, const ncrypto::SSLPointer& ssl);
 
 }  // namespace crypto
 }  // namespace node

diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
@@ -21,7 +21,17 @@
 
 namespace node {
 
+using ncrypto::BignumPointer;
+using ncrypto::BIOPointer;
+using ncrypto::ClearErrorOnReturn;
+using ncrypto::CryptoErrorList;
+using ncrypto::DHPointer;
+using ncrypto::EnginePointer;
+using ncrypto::EVPKeyPointer;
+using ncrypto::MarkPopErrorOnReturn;
+using ncrypto::SSLPointer;
 using ncrypto::StackOfX509;
+using ncrypto::X509Pointer;
 using v8::Array;
 using v8::ArrayBufferView;
 using v8::Boolean;
@@ -693,10 +703,10 @@ void SecureContext::SetEngineKey(const FunctionCallbackInfo<Value>& args) {
         "experimental permission model is enabled");
   }
 
-  ncrypto::CryptoErrorList errors;
+  CryptoErrorList errors;
   Utf8Value engine_id(env->isolate(), args[1]);
-  auto engine = ncrypto::EnginePointer::getEngineByName(
-      engine_id.ToStringView(), &errors);
+  auto engine =
+      EnginePointer::getEngineByName(engine_id.ToStringView(), &errors);
   if (!engine) {
     Local<Value> exception;
     if (errors.empty()) {
@@ -1205,10 +1215,10 @@ void SecureContext::SetClientCertEngine(
         "experimental permission model is enabled");
   }
 
-  ncrypto::CryptoErrorList errors;
+  CryptoErrorList errors;
   const Utf8Value engine_id(env->isolate(), args[0]);
-  auto engine = ncrypto::EnginePointer::getEngineByName(
-      engine_id.ToStringView(), &errors);
+  auto engine =
+      EnginePointer::getEngineByName(engine_id.ToStringView(), &errors);
   if (!engine) {
     Local<Value> exception;
     if (errors.empty()) {

diff --git a/src/crypto/crypto_context.h b/src/crypto/crypto_context.h
@@ -23,7 +23,7 @@ X509_STORE* NewRootCertStore();
 
 X509_STORE* GetOrCreateRootCertStore();
 
-BIOPointer LoadBIO(Environment* env, v8::Local<v8::Value> v);
+ncrypto::BIOPointer LoadBIO(Environment* env, v8::Local<v8::Value> v);
 
 class SecureContext final : public BaseObject {
  public:
@@ -41,27 +41,27 @@ class SecureContext final : public BaseObject {
   static void RegisterExternalReferences(ExternalReferenceRegistry* registry);
   static SecureContext* Create(Environment* env);
 
-  const SSLCtxPointer& ctx() const { return ctx_; }
+  const ncrypto::SSLCtxPointer& ctx() const { return ctx_; }
 
   // Non-const ctx() that allows for non-default initialization of
   // the SecureContext.
-  SSLCtxPointer& ctx() { return ctx_; }
+  ncrypto::SSLCtxPointer& ctx() { return ctx_; }
 
-  SSLPointer CreateSSL();
+  ncrypto::SSLPointer CreateSSL();
 
   void SetGetSessionCallback(GetSessionCb cb);
   void SetKeylogCallback(KeylogCb cb);
   void SetNewSessionCallback(NewSessionCb cb);
   void SetSelectSNIContextCallback(SelectSNIContextCb cb);
 
-  inline const X509Pointer& issuer() const { return issuer_; }
-  inline const X509Pointer& cert() const { return cert_; }
+  inline const ncrypto::X509Pointer& issuer() const { return issuer_; }
+  inline const ncrypto::X509Pointer& cert() const { return cert_; }
 
-  v8::Maybe<void> AddCert(Environment* env, BIOPointer&& bio);
-  v8::Maybe<void> SetCRL(Environment* env, const BIOPointer& bio);
+  v8::Maybe<void> AddCert(Environment* env, ncrypto::BIOPointer&& bio);
+  v8::Maybe<void> SetCRL(Environment* env, const ncrypto::BIOPointer& bio);
   v8::Maybe<void> UseKey(Environment* env, const KeyObjectData& key);
 
-  void SetCACert(const BIOPointer& bio);
+  void SetCACert(const ncrypto::BIOPointer& bio);
   void SetRootCerts();
 
   void SetX509StoreFlag(unsigned long flags);  // NOLINT(runtime/int)
@@ -144,9 +144,9 @@ class SecureContext final : public BaseObject {
   void Reset();
 
  private:
-  SSLCtxPointer ctx_;
-  X509Pointer cert_;
-  X509Pointer issuer_;
+  ncrypto::SSLCtxPointer ctx_;
+  ncrypto::X509Pointer cert_;
+  ncrypto::X509Pointer issuer_;
   // Non-owning cache for SSL_CTX_get_cert_store(ctx_.get())
   X509_STORE* own_cert_store_cache_ = nullptr;
 #ifndef OPENSSL_NO_ENGINE
@@ -160,9 +160,9 @@ class SecureContext final : public BaseObject {
 };
 
 int SSL_CTX_use_certificate_chain(SSL_CTX* ctx,
-                                  BIOPointer&& in,
-                                  X509Pointer* cert,
-                                  X509Pointer* issuer);
+                                  ncrypto::BIOPointer&& in,
+                                  ncrypto::X509Pointer* cert,
+                                  ncrypto::X509Pointer* issuer);
 
 }  // namespace crypto
 }  // namespace node