diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc index 220e0f253715fe..9f2aa51ff6f428 100644 --- a/deps/ncrypto/ncrypto.cc +++ b/deps/ncrypto/ncrypto.cc @@ -1164,7 +1164,7 @@ X509View X509View::From(const SSLCtxPointer& ctx) { } std::optional X509View::getFingerprint( - const EVP_MD* method) const { + const Digest& method) const { unsigned int md_size; unsigned char md[EVP_MAX_MD_SIZE]; static constexpr char hex[] = "0123456789ABCDEF"; @@ -1776,7 +1776,7 @@ DataPointer scrypt(const Buffer& pass, return {}; } -DataPointer pbkdf2(const EVP_MD* md, +DataPointer pbkdf2(const Digest& md, const Buffer& pass, const Buffer& salt, uint32_t iterations, @@ -2728,6 +2728,17 @@ bool SSLCtxPointer::setGroups(const char* groups) { return SSL_CTX_set1_groups_list(get(), groups) == 1; } +bool SSLCtxPointer::setCipherSuites(std::string_view ciphers) { +#ifndef OPENSSL_IS_BORINGSSL + if (!ctx_) return false; + return SSL_CTX_set_ciphersuites(ctx_.get(), ciphers.data()); +#else + // BoringSSL does not allow API config of TLS 1.3 cipher suites. + // We treat this as a non-op. + return true; +#endif +} + // ============================================================================ const Cipher Cipher::FromName(std::string_view name) { @@ -3335,13 +3346,13 @@ bool EVPKeyCtxPointer::setEcParameters(int curve, int encoding) { EVP_PKEY_CTX_set_ec_param_enc(ctx_.get(), encoding) == 1; } -bool EVPKeyCtxPointer::setRsaOaepMd(const EVP_MD* md) { - if (md == nullptr || !ctx_) return false; +bool EVPKeyCtxPointer::setRsaOaepMd(const Digest& md) { + if (!md || !ctx_) return false; return EVP_PKEY_CTX_set_rsa_oaep_md(ctx_.get(), md) > 0; } -bool EVPKeyCtxPointer::setRsaMgf1Md(const EVP_MD* md) { - if (md == nullptr || !ctx_) return false; +bool EVPKeyCtxPointer::setRsaMgf1Md(const Digest& md) { + if (!md || !ctx_) return false; return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_.get(), md) > 0; } @@ -3377,13 +3388,13 @@ bool EVPKeyCtxPointer::setRsaKeygenPubExp(BignumPointer&& e) { return false; } -bool EVPKeyCtxPointer::setRsaPssKeygenMd(const EVP_MD* md) { - if (md == nullptr || !ctx_) return false; +bool EVPKeyCtxPointer::setRsaPssKeygenMd(const Digest& md) { + if (!md || !ctx_) return false; return EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx_.get(), md) > 0; } -bool EVPKeyCtxPointer::setRsaPssKeygenMgf1Md(const EVP_MD* md) { - if (md == nullptr || !ctx_) return false; +bool EVPKeyCtxPointer::setRsaPssKeygenMgf1Md(const Digest& md) { + if (!md || !ctx_) return false; return EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx_.get(), md) > 0; } @@ -3858,7 +3869,7 @@ EVP_MD_CTX* EVPMDCtxPointer::release() { return ctx_.release(); } -bool EVPMDCtxPointer::digestInit(const EVP_MD* digest) { +bool EVPMDCtxPointer::digestInit(const Digest& digest) { if (!ctx_) return false; return EVP_DigestInit_ex(ctx_.get(), digest, nullptr) > 0; } @@ -3924,7 +3935,7 @@ bool EVPMDCtxPointer::copyTo(const EVPMDCtxPointer& other) const { } std::optional EVPMDCtxPointer::signInit(const EVPKeyPointer& key, - const EVP_MD* digest) { + const Digest& digest) { EVP_PKEY_CTX* ctx = nullptr; if (!EVP_DigestSignInit(ctx_.get(), &ctx, digest, nullptr, key.get())) { return std::nullopt; @@ -3933,7 +3944,7 @@ std::optional EVPMDCtxPointer::signInit(const EVPKeyPointer& key, } std::optional EVPMDCtxPointer::verifyInit( - const EVPKeyPointer& key, const EVP_MD* digest) { + const EVPKeyPointer& key, const Digest& digest) { EVP_PKEY_CTX* ctx = nullptr; if (!EVP_DigestVerifyInit(ctx_.get(), &ctx, digest, nullptr, key.get())) { return std::nullopt; @@ -4030,7 +4041,7 @@ HMAC_CTX* HMACCtxPointer::release() { return ctx_.release(); } -bool HMACCtxPointer::init(const Buffer& buf, const EVP_MD* md) { +bool HMACCtxPointer::init(const Buffer& buf, const Digest& md) { if (!ctx_) return false; return HMAC_Init_ex(ctx_.get(), buf.data, buf.len, md, nullptr) == 1; } diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h index ad86ea58e028df..9fdf0e1d22e819 100644 --- a/deps/ncrypto/ncrypto.h +++ b/deps/ncrypto/ncrypto.h @@ -249,6 +249,7 @@ struct Buffer { class Digest final { public: + static constexpr size_t MAX_SIZE = EVP_MAX_MD_SIZE; Digest() = default; Digest(const EVP_MD* md) : md_(md) {} Digest(const Digest&) = default; @@ -353,7 +354,7 @@ class Cipher final { struct CipherParams { int padding; - const EVP_MD* digest; + Digest digest; const Buffer label; }; @@ -723,13 +724,13 @@ class EVPKeyCtxPointer final { bool setDsaParameters(uint32_t bits, std::optional q_bits); bool setEcParameters(int curve, int encoding); - bool setRsaOaepMd(const EVP_MD* md); - bool setRsaMgf1Md(const EVP_MD* md); + bool setRsaOaepMd(const Digest& md); + bool setRsaMgf1Md(const Digest& md); bool setRsaPadding(int padding); bool setRsaKeygenPubExp(BignumPointer&& e); bool setRsaKeygenBits(int bits); - bool setRsaPssKeygenMd(const EVP_MD* md); - bool setRsaPssKeygenMgf1Md(const EVP_MD* md); + bool setRsaPssKeygenMd(const Digest& md); + bool setRsaPssKeygenMgf1Md(const Digest& md); bool setRsaPssSaltlen(int salt_len); bool setRsaImplicitRejection(); bool setRsaOaepLabel(DataPointer&& data); @@ -1003,6 +1004,8 @@ class SSLCtxPointer final { SSL_CTX_set_tlsext_status_arg(get(), nullptr); } + bool setCipherSuites(std::string_view ciphers); + static SSLCtxPointer NewServer(); static SSLCtxPointer NewClient(); static SSLCtxPointer New(const SSL_METHOD* method = TLS_method()); @@ -1131,7 +1134,7 @@ class X509View final { bool checkPrivateKey(const EVPKeyPointer& pkey) const; bool checkPublicKey(const EVPKeyPointer& pkey) const; - std::optional getFingerprint(const EVP_MD* method) const; + std::optional getFingerprint(const Digest& method) const; X509Pointer clone() const; @@ -1327,16 +1330,16 @@ class EVPMDCtxPointer final { void reset(EVP_MD_CTX* ctx = nullptr); EVP_MD_CTX* release(); - bool digestInit(const EVP_MD* digest); + bool digestInit(const Digest& digest); bool digestUpdate(const Buffer& in); DataPointer digestFinal(size_t length); bool digestFinalInto(Buffer* buf); size_t getExpectedSize(); std::optional signInit(const EVPKeyPointer& key, - const EVP_MD* digest); + const Digest& digest); std::optional verifyInit(const EVPKeyPointer& key, - const EVP_MD* digest); + const Digest& digest); DataPointer signOneShot(const Buffer& buf) const; DataPointer sign(const Buffer& buf) const; @@ -1371,7 +1374,7 @@ class HMACCtxPointer final { void reset(HMAC_CTX* ctx = nullptr); HMAC_CTX* release(); - bool init(const Buffer& buf, const EVP_MD* md); + bool init(const Buffer& buf, const Digest& md); bool update(const Buffer& buf); DataPointer digest(); bool digestInto(Buffer* buf); @@ -1486,7 +1489,7 @@ DataPointer scrypt(const Buffer& pass, uint64_t maxmem, size_t length); -DataPointer pbkdf2(const EVP_MD* md, +DataPointer pbkdf2(const Digest& md, const Buffer& pass, const Buffer& salt, uint32_t iterations, diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc index 3e4b517fa462ef..bb549475b4997b 100644 --- a/src/crypto/crypto_context.cc +++ b/src/crypto/crypto_context.cc @@ -31,9 +31,11 @@ namespace node { using ncrypto::BignumPointer; using ncrypto::BIOPointer; +using ncrypto::Cipher; using ncrypto::ClearErrorOnReturn; using ncrypto::CryptoErrorList; using ncrypto::DHPointer; +using ncrypto::Digest; #ifndef OPENSSL_NO_ENGINE using ncrypto::EnginePointer; #endif // !OPENSSL_NO_ENGINE @@ -1440,8 +1442,6 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo& args) { } void SecureContext::SetCipherSuites(const FunctionCallbackInfo& args) { - // BoringSSL doesn't allow API config of TLS1.3 cipher suites. -#ifndef OPENSSL_IS_BORINGSSL SecureContext* sc; ASSIGN_OR_RETURN_UNWRAP(&sc, args.This()); Environment* env = sc->env(); @@ -1451,9 +1451,9 @@ void SecureContext::SetCipherSuites(const FunctionCallbackInfo& args) { CHECK(args[0]->IsString()); const Utf8Value ciphers(env->isolate(), args[0]); - if (!SSL_CTX_set_ciphersuites(sc->ctx_.get(), *ciphers)) + if (!sc->ctx_.setCipherSuites(ciphers.ToStringView())) { return ThrowCryptoError(env, ERR_get_error(), "Failed to set ciphers"); -#endif + } } void SecureContext::SetCiphers(const FunctionCallbackInfo& args) { @@ -1932,25 +1932,14 @@ int SecureContext::TicketKeyCallback(SSL* ssl, } ArrayBufferViewContents hmac_buf(hmac); - HMAC_Init_ex(hctx, - hmac_buf.data(), - hmac_buf.length(), - EVP_sha256(), - nullptr); + HMAC_Init_ex( + hctx, hmac_buf.data(), hmac_buf.length(), Digest::SHA256, nullptr); ArrayBufferViewContents aes_key(aes.As()); if (enc) { - EVP_EncryptInit_ex(ectx, - EVP_aes_128_cbc(), - nullptr, - aes_key.data(), - iv); + EVP_EncryptInit_ex(ectx, Cipher::AES_128_CBC, nullptr, aes_key.data(), iv); } else { - EVP_DecryptInit_ex(ectx, - EVP_aes_128_cbc(), - nullptr, - aes_key.data(), - iv); + EVP_DecryptInit_ex(ectx, Cipher::AES_128_CBC, nullptr, aes_key.data(), iv); } return r; @@ -1969,11 +1958,11 @@ int SecureContext::TicketCompatibilityCallback(SSL* ssl, memcpy(name, sc->ticket_key_name_, sizeof(sc->ticket_key_name_)); if (!ncrypto::CSPRNG(iv, 16) || EVP_EncryptInit_ex( - ectx, EVP_aes_128_cbc(), nullptr, sc->ticket_key_aes_, iv) <= 0 || + ectx, Cipher::AES_128_CBC, nullptr, sc->ticket_key_aes_, iv) <= 0 || HMAC_Init_ex(hctx, sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_), - EVP_sha256(), + Digest::SHA256, nullptr) <= 0) { return -1; } @@ -1985,10 +1974,13 @@ int SecureContext::TicketCompatibilityCallback(SSL* ssl, return 0; } - if (EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), nullptr, sc->ticket_key_aes_, - iv) <= 0 || - HMAC_Init_ex(hctx, sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_), - EVP_sha256(), nullptr) <= 0) { + if (EVP_DecryptInit_ex( + ectx, Cipher::AES_128_CBC, nullptr, sc->ticket_key_aes_, iv) <= 0 || + HMAC_Init_ex(hctx, + sc->ticket_key_hmac_, + sizeof(sc->ticket_key_hmac_), + Digest::SHA256, + nullptr) <= 0) { return -1; } return 1; diff --git a/src/crypto/crypto_hmac.cc b/src/crypto/crypto_hmac.cc index 56a09e1a2d9b0f..d08c54ef36ba6f 100644 --- a/src/crypto/crypto_hmac.cc +++ b/src/crypto/crypto_hmac.cc @@ -13,6 +13,7 @@ namespace node { +using ncrypto::Digest; using ncrypto::HMACCtxPointer; using v8::Boolean; using v8::FunctionCallbackInfo; @@ -70,8 +71,8 @@ void Hmac::New(const FunctionCallbackInfo& args) { void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) { HandleScope scope(env()->isolate()); - const EVP_MD* md = ncrypto::getDigestByName(hash_type); - if (md == nullptr) [[unlikely]] { + Digest md = Digest::FromName(hash_type); + if (!md) [[unlikely]] { return THROW_ERR_CRYPTO_INVALID_DIGEST( env(), "Invalid digest: %s", hash_type); } @@ -130,7 +131,7 @@ void Hmac::HmacDigest(const FunctionCallbackInfo& args) { encoding = ParseEncoding(env->isolate(), args[0], BUFFER); } - unsigned char md_value[EVP_MAX_MD_SIZE]; + unsigned char md_value[Digest::MAX_SIZE]; ncrypto::Buffer buf{ .data = md_value, .len = sizeof(md_value), @@ -199,8 +200,8 @@ Maybe HmacTraits::AdditionalConfig( CHECK(args[offset + 2]->IsObject()); // Key Utf8Value digest(env->isolate(), args[offset + 1]); - params->digest = ncrypto::getDigestByName(digest.ToStringView()); - if (params->digest == nullptr) [[unlikely]] { + params->digest = Digest::FromName(digest.ToStringView()); + if (!params->digest) [[unlikely]] { THROW_ERR_CRYPTO_INVALID_DIGEST(env, "Invalid digest: %s", *digest); return Nothing(); } diff --git a/src/crypto/crypto_hmac.h b/src/crypto/crypto_hmac.h index e29ec231a1b7d4..728b315ec4e214 100644 --- a/src/crypto/crypto_hmac.h +++ b/src/crypto/crypto_hmac.h @@ -45,7 +45,7 @@ struct HmacConfig final : public MemoryRetainer { KeyObjectData key; ByteSource data; ByteSource signature; - const EVP_MD* digest; + ncrypto::Digest digest; HmacConfig() = default; diff --git a/src/crypto/crypto_pbkdf2.cc b/src/crypto/crypto_pbkdf2.cc index 1a0dff8238d938..0838944c52fd5d 100644 --- a/src/crypto/crypto_pbkdf2.cc +++ b/src/crypto/crypto_pbkdf2.cc @@ -9,6 +9,7 @@ namespace node { +using ncrypto::Digest; using v8::FunctionCallbackInfo; using v8::Int32; using v8::JustVoid; @@ -100,8 +101,8 @@ Maybe PBKDF2Traits::AdditionalConfig( } Utf8Value name(args.GetIsolate(), args[offset + 4]); - params->digest = ncrypto::getDigestByName(name.ToStringView()); - if (params->digest == nullptr) [[unlikely]] { + params->digest = Digest::FromName(name.ToStringView()); + if (!params->digest) [[unlikely]] { THROW_ERR_CRYPTO_INVALID_DIGEST(env, "Invalid digest: %s", *name); return Nothing(); } diff --git a/src/crypto/crypto_pbkdf2.h b/src/crypto/crypto_pbkdf2.h index 604736f308b7d6..c56544b5b1068b 100644 --- a/src/crypto/crypto_pbkdf2.h +++ b/src/crypto/crypto_pbkdf2.h @@ -30,7 +30,7 @@ struct PBKDF2Config final : public MemoryRetainer { ByteSource salt; int32_t iterations; int32_t length; - const EVP_MD* digest = nullptr; + ncrypto::Digest digest; PBKDF2Config() = default; diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc index 7742cf204df6d8..c01482b2931c73 100644 --- a/src/crypto/crypto_rsa.cc +++ b/src/crypto/crypto_rsa.cc @@ -16,6 +16,7 @@ namespace node { using ncrypto::BignumPointer; using ncrypto::DataPointer; +using ncrypto::Digest; using ncrypto::EVPKeyCtxPointer; using ncrypto::EVPKeyPointer; using ncrypto::RSAPointer; @@ -55,8 +56,7 @@ EVPKeyCtxPointer RsaKeyGenTraits::Setup(RsaKeyPairGenConfig* params) { } if (params->params.variant == kKeyVariantRSA_PSS) { - if (params->params.md != nullptr && - !ctx.setRsaPssKeygenMd(params->params.md)) { + if (params->params.md && !ctx.setRsaPssKeygenMd(params->params.md)) { return {}; } @@ -64,18 +64,18 @@ EVPKeyCtxPointer RsaKeyGenTraits::Setup(RsaKeyPairGenConfig* params) { // OpenSSL 1.1.1 behaves as recommended by RFC 8017 and defaults the MGF1 // hash algorithm to the RSA-PSS hashAlgorithm. Remove this code if the // behavior of OpenSSL 3 changes. - const EVP_MD* mgf1_md = params->params.mgf1_md; - if (mgf1_md == nullptr && params->params.md != nullptr) { + auto& mgf1_md = params->params.mgf1_md; + if (!mgf1_md && params->params.md) { mgf1_md = params->params.md; } - if (mgf1_md != nullptr && !ctx.setRsaPssKeygenMgf1Md(mgf1_md)) { + if (mgf1_md && !ctx.setRsaPssKeygenMgf1Md(mgf1_md)) { return {}; } int saltlen = params->params.saltlen; - if (saltlen < 0 && params->params.md != nullptr) { - saltlen = EVP_MD_size(params->params.md); + if (saltlen < 0 && params->params.md) { + saltlen = params->params.md.size(); } if (saltlen >= 0 && !ctx.setRsaPssSaltlen(saltlen)) { @@ -141,8 +141,8 @@ Maybe RsaKeyGenTraits::AdditionalConfig( if (!args[*offset]->IsUndefined()) { CHECK(args[*offset]->IsString()); Utf8Value digest(env->isolate(), args[*offset]); - params->params.md = ncrypto::getDigestByName(digest.ToStringView()); - if (params->params.md == nullptr) { + params->params.md = Digest::FromName(digest.ToStringView()); + if (!params->params.md) { THROW_ERR_CRYPTO_INVALID_DIGEST(env, "Invalid digest: %s", *digest); return Nothing(); } @@ -151,8 +151,8 @@ Maybe RsaKeyGenTraits::AdditionalConfig( if (!args[*offset + 1]->IsUndefined()) { CHECK(args[*offset + 1]->IsString()); Utf8Value digest(env->isolate(), args[*offset + 1]); - params->params.mgf1_md = ncrypto::getDigestByName(digest.ToStringView()); - if (params->params.mgf1_md == nullptr) { + params->params.mgf1_md = Digest::FromName(digest.ToStringView()); + if (!params->params.mgf1_md) { THROW_ERR_CRYPTO_INVALID_DIGEST( env, "Invalid MGF1 digest: %s", *digest); return Nothing(); @@ -276,9 +276,8 @@ Maybe RSACipherTraits::AdditionalConfig( case kKeyVariantRSA_OAEP: { CHECK(args[offset + 1]->IsString()); // digest Utf8Value digest(env->isolate(), args[offset + 1]); - - params->digest = ncrypto::getDigestByName(digest.ToStringView()); - if (params->digest == nullptr) { + params->digest = Digest::FromName(digest.ToStringView()); + if (!params->digest) { THROW_ERR_CRYPTO_INVALID_DIGEST(env, "Invalid digest: %s", *digest); return Nothing(); } diff --git a/src/crypto/crypto_rsa.h b/src/crypto/crypto_rsa.h index db5ba492faa398..a9912d6f43674b 100644 --- a/src/crypto/crypto_rsa.h +++ b/src/crypto/crypto_rsa.h @@ -26,8 +26,8 @@ struct RsaKeyPairParams final : public MemoryRetainer { // The following options are used for RSA-PSS. If any of them are set, a // RSASSA-PSS-params sequence will be added to the key. - const EVP_MD* md = nullptr; - const EVP_MD* mgf1_md = nullptr; + ncrypto::Digest md = nullptr; + ncrypto::Digest mgf1_md = nullptr; int saltlen = -1; SET_NO_MEMORY_INFO() @@ -80,7 +80,7 @@ struct RSACipherConfig final : public MemoryRetainer { CryptoJobMode mode = kCryptoJobAsync; ByteSource label; int padding = 0; - const EVP_MD* digest = nullptr; + ncrypto::Digest digest; RSACipherConfig() = default; diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc index a28f12237d0883..3b9a638f1773f5 100644 --- a/src/crypto/crypto_sig.cc +++ b/src/crypto/crypto_sig.cc @@ -15,6 +15,7 @@ namespace node { using ncrypto::BignumPointer; using ncrypto::ClearErrorOnReturn; using ncrypto::DataPointer; +using ncrypto::Digest; using ncrypto::ECDSASigPointer; using ncrypto::EVPKeyCtxPointer; using ncrypto::EVPKeyPointer; @@ -233,8 +234,8 @@ bool UseP1363Encoding(const EVPKeyPointer& key, const DSASigEnc dsa_encoding) { SignBase::Error SignBase::Init(std::string_view digest) { CHECK_NULL(mdctx_); - auto md = ncrypto::getDigestByName(digest); - if (md == nullptr) [[unlikely]] + auto md = Digest::FromName(digest); + if (!md) [[unlikely]] return Error::UnknownDigest; mdctx_ = EVPMDCtxPointer::New(); @@ -587,8 +588,8 @@ Maybe SignTraits::AdditionalConfig( if (args[offset + 6]->IsString()) { Utf8Value digest(env->isolate(), args[offset + 6]); - params->digest = ncrypto::getDigestByName(digest.ToStringView()); - if (params->digest == nullptr) [[unlikely]] { + params->digest = Digest::FromName(digest.ToStringView()); + if (!params->digest) [[unlikely]] { THROW_ERR_CRYPTO_INVALID_DIGEST(env, "Invalid digest: %s", *digest); return Nothing(); } diff --git a/src/crypto/crypto_sig.h b/src/crypto/crypto_sig.h index 36c51b07bb5692..eee61759a3840a 100644 --- a/src/crypto/crypto_sig.h +++ b/src/crypto/crypto_sig.h @@ -107,7 +107,7 @@ struct SignConfiguration final : public MemoryRetainer { KeyObjectData key; ByteSource data; ByteSource signature; - const EVP_MD* digest = nullptr; + ncrypto::Digest digest; int flags = SignConfiguration::kHasNone; int padding = 0; int salt_length = 0; diff --git a/src/crypto/crypto_x509.cc b/src/crypto/crypto_x509.cc index b974667a4cacb9..dec0940e8d75d7 100644 --- a/src/crypto/crypto_x509.cc +++ b/src/crypto/crypto_x509.cc @@ -19,6 +19,7 @@ using ncrypto::BignumPointer; using ncrypto::BIOPointer; using ncrypto::ClearErrorOnReturn; using ncrypto::DataPointer; +using ncrypto::Digest; using ncrypto::ECKeyPointer; using ncrypto::SSLPointer; using ncrypto::X509Name; @@ -70,7 +71,7 @@ void ManagedX509::MemoryInfo(MemoryTracker* tracker) const { namespace { MaybeLocal GetFingerprintDigest(Environment* env, - const EVP_MD* method, + const Digest& method, const X509View& cert) { auto fingerprint = cert.getFingerprint(method); // Returning an empty string indicates that the digest failed for @@ -82,13 +83,13 @@ MaybeLocal GetFingerprintDigest(Environment* env, return OneByteString(env->isolate(), fp.data(), fp.length()); } -template +template void Fingerprint(const FunctionCallbackInfo& args) { Environment* env = Environment::GetCurrent(args); X509Certificate* cert; ASSIGN_OR_RETURN_UNWRAP(&cert, args.This()); Local ret; - if (GetFingerprintDigest(env, algo(), cert->view()).ToLocal(&ret)) { + if (GetFingerprintDigest(env, algo, cert->view()).ToLocal(&ret)) { args.GetReturnValue().Set(ret); } } @@ -764,15 +765,15 @@ MaybeLocal X509ToObject(Environment* env, const X509View& cert) { !Set(env, info, env->fingerprint_string(), - GetFingerprintDigest(env, EVP_sha1(), cert)) || + GetFingerprintDigest(env, Digest::SHA1, cert)) || !Set(env, info, env->fingerprint256_string(), - GetFingerprintDigest(env, EVP_sha256(), cert)) || + GetFingerprintDigest(env, Digest::SHA256, cert)) || !Set(env, info, env->fingerprint512_string(), - GetFingerprintDigest(env, EVP_sha512(), cert)) || + GetFingerprintDigest(env, Digest::SHA512, cert)) || !Set( env, info, env->ext_key_usage_string(), GetKeyUsage(env, cert)) || !Set( @@ -805,11 +806,11 @@ Local X509Certificate::GetConstructorTemplate( SetProtoMethodNoSideEffect(isolate, tmpl, "validToDate", ValidToDate); SetProtoMethodNoSideEffect(isolate, tmpl, "validFromDate", ValidFromDate); SetProtoMethodNoSideEffect( - isolate, tmpl, "fingerprint", Fingerprint); + isolate, tmpl, "fingerprint", Fingerprint); SetProtoMethodNoSideEffect( - isolate, tmpl, "fingerprint256", Fingerprint); + isolate, tmpl, "fingerprint256", Fingerprint); SetProtoMethodNoSideEffect( - isolate, tmpl, "fingerprint512", Fingerprint); + isolate, tmpl, "fingerprint512", Fingerprint); SetProtoMethodNoSideEffect(isolate, tmpl, "keyUsage", KeyUsage); SetProtoMethodNoSideEffect(isolate, tmpl, "serialNumber", SerialNumber); SetProtoMethodNoSideEffect(isolate, tmpl, "pem", Pem); @@ -975,9 +976,9 @@ void X509Certificate::RegisterExternalReferences( registry->Register(ValidFrom); registry->Register(ValidToDate); registry->Register(ValidFromDate); - registry->Register(Fingerprint); - registry->Register(Fingerprint); - registry->Register(Fingerprint); + registry->Register(Fingerprint); + registry->Register(Fingerprint); + registry->Register(Fingerprint); registry->Register(KeyUsage); registry->Register(SerialNumber); registry->Register(Pem);