1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: remove ERR_CRYPTO_SCRYPT_INVALID_PARAMETER

Browse Source 
It is confusing to have both ERR_CRYPTO_SCRYPT_INVALID_PARAMETER and
ERR_CRYPTO_INVALID_SCRYPT_PARAMS. The former was the original error
code, added in 371103dae8b97264471e17de1989199ffcd2718e, but parameter
validation gradually changed and now produces
ERR_CRYPTO_INVALID_SCRYPT_PARAMS for all parameter validation errors
coming from OpenSSL, as well as different error codes for validation
errors coming from JavaScript. The only remaining use of
ERR_CRYPTO_SCRYPT_INVALID_PARAMETER is in the validation logic that
ensures that no two synonymous options were passed. We already have an
error code for that particular case, ERR_INCOMPATIBLE_OPTION_PAIR, so
replace these last instances of ERR_CRYPTO_SCRYPT_INVALID_PARAMETER with
that error code and remove ERR_CRYPTO_SCRYPT_INVALID_PARAMETER. If there
ever is need again for such an error code, we can just use
ERR_CRYPTO_INVALID_SCRYPT_PARAMS.

Refs: https://github.com/nodejs/node/pull/35093
Refs: https://github.com/nodejs/node/pull/21525
Refs: https://github.com/nodejs/node/pull/20816
PR-URL: https://github.com/nodejs/node/pull/53305
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
This commit is contained in:
Tobias Nießen 2024-07-10 18:38:00 +02:00 committed by GitHub
parent 059f2f43b8
commit 33a6d1fe3a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 38 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
doc/api/errors.md
View File

@ -1010,7 +1010,8 @@ An invalid message length was provided.
added: v15.0.0 added: v15.0.0
--> -->
Invalid scrypt algorithm parameters were provided. One or more [`crypto.scrypt()`][] or [`crypto.scryptSync()`][] parameters are
outside their legal range.
<a id="ERR_CRYPTO_INVALID_STATE"></a> <a id="ERR_CRYPTO_INVALID_STATE"></a>
@ -1070,13 +1071,6 @@ A crypto operation failed for an otherwise unspecified reason.
The PBKDF2 algorithm failed for unspecified reasons. OpenSSL does not provide The PBKDF2 algorithm failed for unspecified reasons. OpenSSL does not provide
more details and therefore neither does Node.js. more details and therefore neither does Node.js.
<a id="ERR_CRYPTO_SCRYPT_INVALID_PARAMETER"></a>
### `ERR_CRYPTO_SCRYPT_INVALID_PARAMETER`
One or more [`crypto.scrypt()`][] or [`crypto.scryptSync()`][] parameters are
outside their legal range.
<a id="ERR_CRYPTO_SCRYPT_NOT_SUPPORTED"></a> <a id="ERR_CRYPTO_SCRYPT_NOT_SUPPORTED"></a>
### `ERR_CRYPTO_SCRYPT_NOT_SUPPORTED` ### `ERR_CRYPTO_SCRYPT_NOT_SUPPORTED`
@ -3271,6 +3265,18 @@ The UTF-16 encoding was used with [`hash.digest()`][]. While the
causing the method to return a string rather than a `Buffer`, the UTF-16 causing the method to return a string rather than a `Buffer`, the UTF-16
encoding (e.g. `ucs` or `utf16le`) is not supported. encoding (e.g. `ucs` or `utf16le`) is not supported.
<a id="ERR_CRYPTO_SCRYPT_INVALID_PARAMETER"></a>
### `ERR_CRYPTO_SCRYPT_INVALID_PARAMETER`
<!-- YAML
removed: REPLACEME
-->
An incompatible combination of options was passed to [`crypto.scrypt()`][] or
[`crypto.scryptSync()`][]. New versions of Node.js use the error code
[`ERR_INCOMPATIBLE_OPTION_PAIR`][] instead, which is consistent with other APIs.
<a id="ERR_FS_INVALID_SYMLINK_TYPE"></a> <a id="ERR_FS_INVALID_SYMLINK_TYPE"></a>
### `ERR_FS_INVALID_SYMLINK_TYPE` ### `ERR_FS_INVALID_SYMLINK_TYPE`
@ -4046,6 +4052,7 @@ An error occurred trying to allocate memory. This should never happen.
[`--no-addons`]: cli.md#--no-addons [`--no-addons`]: cli.md#--no-addons
[`--unhandled-rejections`]: cli.md#--unhandled-rejectionsmode [`--unhandled-rejections`]: cli.md#--unhandled-rejectionsmode
[`Class: assert.AssertionError`]: assert.md#class-assertassertionerror [`Class: assert.AssertionError`]: assert.md#class-assertassertionerror
[`ERR_INCOMPATIBLE_OPTION_PAIR`]: #err_incompatible_option_pair
[`ERR_INVALID_ARG_TYPE`]: #err_invalid_arg_type [`ERR_INVALID_ARG_TYPE`]: #err_invalid_arg_type
[`ERR_MISSING_MESSAGE_PORT_IN_TRANSFER_LIST`]: #err_missing_message_port_in_transfer_list [`ERR_MISSING_MESSAGE_PORT_IN_TRANSFER_LIST`]: #err_missing_message_port_in_transfer_list
[`ERR_MISSING_TRANSFERABLE_IN_TRANSFER_LIST`]: #err_missing_transferable_in_transfer_list [`ERR_MISSING_TRANSFERABLE_IN_TRANSFER_LIST`]: #err_missing_transferable_in_transfer_list

8
lib/internal/crypto/scrypt.js
View File

@ -21,8 +21,8 @@ const {
const { const {
codes: { codes: {
ERR_CRYPTO_SCRYPT_INVALID_PARAMETER,
ERR_CRYPTO_SCRYPT_NOT_SUPPORTED, ERR_CRYPTO_SCRYPT_NOT_SUPPORTED,
ERR_INCOMPATIBLE_OPTION_PAIR,
}, },
} = require('internal/errors'); } = require('internal/errors');
@ -92,7 +92,7 @@ function check(password, salt, keylen, options) {
validateUint32(N, 'N'); validateUint32(N, 'N');
} }
if (options.cost !== undefined) { if (options.cost !== undefined) {
if (has_N) throw new ERR_CRYPTO_SCRYPT_INVALID_PARAMETER(); if (has_N) throw new ERR_INCOMPATIBLE_OPTION_PAIR('N', 'cost');
N = options.cost; N = options.cost;
validateUint32(N, 'cost'); validateUint32(N, 'cost');
} }
@ -102,7 +102,7 @@ function check(password, salt, keylen, options) {
validateUint32(r, 'r'); validateUint32(r, 'r');
} }
if (options.blockSize !== undefined) { if (options.blockSize !== undefined) {
if (has_r) throw new ERR_CRYPTO_SCRYPT_INVALID_PARAMETER(); if (has_r) throw new ERR_INCOMPATIBLE_OPTION_PAIR('r', 'blockSize');
r = options.blockSize; r = options.blockSize;
validateUint32(r, 'blockSize'); validateUint32(r, 'blockSize');
} }
@ -112,7 +112,7 @@ function check(password, salt, keylen, options) {
validateUint32(p, 'p'); validateUint32(p, 'p');
} }
if (options.parallelization !== undefined) { if (options.parallelization !== undefined) {
if (has_p) throw new ERR_CRYPTO_SCRYPT_INVALID_PARAMETER(); if (has_p) throw new ERR_INCOMPATIBLE_OPTION_PAIR('p', 'parallelization');
p = options.parallelization; p = options.parallelization;
validateUint32(p, 'parallelization'); validateUint32(p, 'parallelization');
} }

1
lib/internal/errors.js
View File

@ -1168,7 +1168,6 @@ E('ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE',
'Invalid key object type %s, expected %s.', TypeError); 'Invalid key object type %s, expected %s.', TypeError);
E('ERR_CRYPTO_INVALID_STATE', 'Invalid state for operation %s', Error); E('ERR_CRYPTO_INVALID_STATE', 'Invalid state for operation %s', Error);
E('ERR_CRYPTO_PBKDF2_ERROR', 'PBKDF2 error', Error); E('ERR_CRYPTO_PBKDF2_ERROR', 'PBKDF2 error', Error);
E('ERR_CRYPTO_SCRYPT_INVALID_PARAMETER', 'Invalid scrypt parameter', Error);
E('ERR_CRYPTO_SCRYPT_NOT_SUPPORTED', 'Scrypt algorithm not supported', Error); E('ERR_CRYPTO_SCRYPT_NOT_SUPPORTED', 'Scrypt algorithm not supported', Error);
// Switch to TypeError. The current implementation does not seem right. // Switch to TypeError. The current implementation does not seem right.
E('ERR_CRYPTO_SIGN_KEY_REQUIRED', 'No key provided to sign', Error); E('ERR_CRYPTO_SIGN_KEY_REQUIRED', 'No key provided to sign', Error);

18
test/parallel/test-crypto-scrypt.js
View File

@ -93,10 +93,14 @@ const good = [
}, },
]; ];
// Test vectors that should fail. // Test vectors that contain invalid parameters.
const bad = [ const bad = [
{ N: 1, p: 1, r: 1 }, // N < 2 { N: 1, p: 1, r: 1 }, // N < 2
{ N: 3, p: 1, r: 1 }, // Not power of 2. { N: 3, p: 1, r: 1 }, // Not power of 2.
];
// Test vectors that contain incompatible options.
const incompatibleOptions = [
{ N: 1, cost: 1 }, // Both N and cost { N: 1, cost: 1 }, // Both N and cost
{ p: 1, parallelization: 1 }, // Both p and parallelization { p: 1, parallelization: 1 }, // Both p and parallelization
{ r: 1, blockSize: 1 }, // Both r and blocksize { r: 1, blockSize: 1 }, // Both r and blocksize
@ -176,6 +180,18 @@ for (const options of bad) {
expected); expected);
} }
for (const options of incompatibleOptions) {
const [short, long] = Object.keys(options).sort((a, b) => a.length - b.length);
const expected = {
message: `Option "${short}" cannot be used in combination with option "${long}"`,
code: 'ERR_INCOMPATIBLE_OPTION_PAIR',
};
assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
expected);
assert.throws(() => crypto.scryptSync('pass', 'salt', 1, options),
expected);
}
for (const options of toobig) { for (const options of toobig) {
const expected = { const expected = {
message: /Invalid scrypt params:.*memory limit exceeded/, message: /Invalid scrypt params:.*memory limit exceeded/,