tls,crypto: small refactoring for legacy ciphers

misterdjules · Jul 16, 2015 · 9783a82 · 9783a82
1 parent cebce08
commit 9783a82
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 41 deletions.
diff --git a/lib/crypto.js b/lib/crypto.js
@@ -41,7 +41,6 @@ var constants = process.binding('constants');
 
 var stream = require('stream');
 var util = require('util');
-var tls = require('tls');
 
 // This is here because many functions accepted binary strings without
 // any explicit encoding in older versions of node, and we don't want
@@ -136,7 +135,7 @@ exports.createCredentials = function(options, context) {
 
   if (options.ciphers) {
     c.context.setCiphers(options.ciphers);
-  } else if (!(tls.usingV1038Ciphers() && options.ciphers === undefined)) {
+  } else if (!(process._usingV1038Ciphers() && options.ciphers === undefined)) {
     // Set the ciphers to the default ciphers list unless
     // --enable-legacy-cipher-list=v0.10.38 was passed on the command line and
     // no ciphers value was passed explicitly. In that case, we want to

diff --git a/lib/tls.js b/lib/tls.js
@@ -1330,21 +1330,6 @@ function normalizeConnectArgs(listArgs) {
   return (cb) ? [options, cb] : [options];
 }
 
-// Returns true if the --enable-legacy-cipher-list command line
-// switch, or the NODE_LEGACY_CIPHER_LIST environment variable
-// are set to v0.10.38 and the DEFAULT_CIPHERS equal the v0.10.38
-// list.
-function usingV1038Ciphers() {
-  var argv = process.execArgv;
-  if ((argv.indexOf('--enable-legacy-cipher-list=v0.10.38') > -1 ||
-       process.env['NODE_LEGACY_CIPHER_LIST'] === 'v0.10.38') &&
-      DEFAULT_CIPHERS === _crypto.getLegacyCiphers('v0.10.38')) {
-        return true;
-  }
-  return false;
-}
-exports.usingV1038Ciphers = usingV1038Ciphers;
-
 exports.connect = function(/* [port, host], options, cb */) {
   var args = normalizeConnectArgs(arguments);
   var options = args[0];
@@ -1353,7 +1338,7 @@ exports.connect = function(/* [port, host], options, cb */) {
   var defaults = {
     rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED
   };
-  if (!usingV1038Ciphers()) {
+  if (!process._usingV1038Ciphers()) {
     // only set the default ciphers if we are _not_ using the
     // v0.10.38 legacy cipher list. Node v0.10.38 had a bug
     // that failed to set the default ciphers on the default

diff --git a/src/node.cc b/src/node.cc
@@ -2662,7 +2662,7 @@ static void ParseArgs(int argc, char **argv) {
       DEFAULT_CIPHER_LIST = arg + 14;
       argv[i] = const_cast<char*>("");
     } else if (strncmp(arg, "--enable-legacy-cipher-list=", 28) == 0) {
-      const char * legacy_list = legacy_cipher_list(arg+28);
+      const char * legacy_list = crypto::LegacyCipherList(arg+28);
       if (legacy_list != NULL) {
         DEFAULT_CIPHER_LIST = legacy_list;
       } else {
@@ -2957,7 +2957,7 @@ char** Init(int argc, char *argv[]) {
   const char * leg_cipher_id = getenv("NODE_LEGACY_CIPHER_LIST");
   if (leg_cipher_id != NULL) {
     const char * leg_cipher_list =
-      legacy_cipher_list(leg_cipher_id);
+      crypto::LegacyCipherList(leg_cipher_id);
     if (leg_cipher_list != NULL) {
       DEFAULT_CIPHER_LIST = leg_cipher_list;
     } else {

diff --git a/src/node.js b/src/node.js
@@ -46,6 +46,8 @@
     startup.globalTimeouts();
     startup.globalConsole();
 
+    startup.setupLegacyCiphers();
+
     startup.processAssert();
     startup.processConfig();
     startup.processNextTick();
@@ -168,6 +170,25 @@
     process._exiting = false;
   };
 
+  startup.setupLegacyCiphers = function setupLegacyCiphers() {
+    process._usingV1038Ciphers = function _usingV1038Ciphers() {
+      // Returns true if the --enable-legacy-cipher-list command line
+      // switch, or the NODE_LEGACY_CIPHER_LIST environment variable
+      // are set to v0.10.38 and the DEFAULT_CIPHERS equal the v0.10.38
+      // list.
+      var crypto = process.binding('crypto');
+
+      var argv = process.execArgv;
+      if ((argv.indexOf('--enable-legacy-cipher-list=v0.10.38') > -1 ||
+           process.env.NODE_LEGACY_CIPHER_LIST === 'v0.10.38') &&
+          crypto.DEFAULT_CIPHER_LIST === crypto.getLegacyCiphers('v0.10.38')) {
+            return true;
+      }
+
+      return false;
+    };
+  };
+
   startup.globalTimeouts = function() {
     global.setTimeout = function() {
       var t = NativeModule.require('timers');

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -62,6 +62,12 @@ static const int X509_NAME_FLAGS = ASN1_STRFLGS_ESC_CTRL
                                  | XN_FLAG_SEP_MULTILINE
                                  | XN_FLAG_FN_SN;
 
+#define DEFAULT_CIPHER_LIST_V10_38 "ECDHE-RSA-AES128-SHA256:"         \
+                                "AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
+
+#define DEFAULT_CIPHER_LIST_HEAD "ECDHE-RSA-AES128-SHA256:"           \
+                                "AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH"
+
 namespace node {
 
 const char* root_certs[] = {
@@ -4197,16 +4203,30 @@ const char* ToCString(const node::Utf8Value& value) {
   return *value ? *value : "<string conversion failed>";
 }
 
-Handle<Value> DefaultCiphers(const Arguments& args) {
+const char* LegacyCipherList(const char * ver) {
+  if (ver == NULL) {
+    return NULL;
+  }
+  if (strncmp(ver, "v0.10.38", 8) == 0) {
+    return DEFAULT_CIPHER_LIST_V10_38;
+  } else {
+    return NULL;
+  }
+}
+
+Handle<Value> GetLegacyCiphers(const Arguments& args) {
   HandleScope scope;
+
   unsigned int len = args.Length();
   if (len != 1 || !args[0]->IsString()) {
     return ThrowException(
       Exception::TypeError(
         String::New("A single string parameter is required")));
   }
+
   node::Utf8Value key(args[0]);
-  const char * list = legacy_cipher_list(ToCString(key));
+  const char * list = LegacyCipherList(ToCString(key));
+
   if (list != NULL) {
     return scope.Close(v8::String::New(list));
   } else {
@@ -4294,7 +4314,7 @@ void InitCrypto(Handle<Object> target) {
       v8::String::New(DEFAULT_CIPHER_LIST),
       static_cast<v8::PropertyAttribute>(v8::ReadOnly | v8::DontDelete));
 
-  NODE_SET_METHOD(target, "getLegacyCiphers", DefaultCiphers);
+  NODE_SET_METHOD(target, "getLegacyCiphers", GetLegacyCiphers);
 }
 
 }  // namespace crypto

diff --git a/src/node_crypto.h b/src/node_crypto.h
@@ -44,24 +44,6 @@
 
 #define EVP_F_EVP_DECRYPTFINAL 101
 
-#define DEFAULT_CIPHER_LIST_V10_38 "ECDHE-RSA-AES128-SHA256:"         \
-                                "AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
-
-#define DEFAULT_CIPHER_LIST_HEAD "ECDHE-RSA-AES128-SHA256:"           \
-                                "AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH"
-
-static inline const char * legacy_cipher_list(const char * ver) {
-  if (ver == NULL) {
-    return NULL;
-  }
-  if (strncmp(ver, "v0.10.38", 8) == 0) {
-    return DEFAULT_CIPHER_LIST_V10_38;
-  } else {
-    return NULL;
-  }
-}
-
-
 namespace node {
 
 extern bool SSL2_ENABLE;
@@ -314,6 +296,7 @@ class Connection : ObjectWrap {
   friend class SecureContext;
 };
 
+const char* LegacyCipherList(const char * ver);
 bool EntropySource(unsigned char* buffer, size_t length);
 void InitCrypto(v8::Handle<v8::Object> target);