nodejs · joyeecheung · Mar 3, 2022 · Mar 3, 2022 · Mar 3, 2022 · Mar 4, 2022
diff --git a/lib/crypto.js b/lib/crypto.js
@@ -40,8 +40,6 @@ const {
 } = require('internal/errors').codes;
 const constants = internalBinding('constants').crypto;
 const { getOptionValue } = require('internal/options');
-const pendingDeprecation = getOptionValue('--pending-deprecation');
-const fipsForced = getOptionValue('--force-fips');
 const {
   getFipsCrypto,
   setFipsCrypto,
@@ -221,8 +219,8 @@ module.exports = {
   sign: signOneShot,
   setEngine,
   timingSafeEqual,
-  getFips: fipsForced ? getFipsForced : getFipsCrypto,
-  setFips: fipsForced ? setFipsForced : setFipsCrypto,
+  getFips,
+  setFips,
   verify: verifyOneShot,
 
   // Classes
@@ -243,23 +241,87 @@ module.exports = {
   secureHeapUsed,
 };
 
-function setFipsForced(val) {
-  if (val) return;
-  throw new ERR_CRYPTO_FIPS_FORCED();
+function getFips() {
+  return getOptionValue('--force-fips') ? 1 : getFipsCrypto();
 }
 
-function getFipsForced() {
-  return 1;
+function setFips(val) {
+  if (getOptionValue('--force-fips')) {
+    if (val) return;
+    throw new ERR_CRYPTO_FIPS_FORCED();
+  } else {
+    setFipsCrypto(val);
+  }
 }
 
 function getRandomValues(array) {
   return lazyWebCrypto().crypto.getRandomValues(array);
 }
 
 ObjectDefineProperty(constants, 'defaultCipherList', {
-  value: getOptionValue('--tls-cipher-list')
+  get() {
+    const value = getOptionValue('--tls-cipher-list');
+    ObjectDefineProperty(this, 'defaultCipherList', {
+      writable: true,
+      configurable: true,
+      enumerable: true,
+      value
+    });
+    return value;
+  },
+  set(val) {
+    ObjectDefineProperty(this, 'defaultCipherList', {
+      writable: true,
+      configurable: true,
+      enumerable: true,
+      value: val
+    });
+  },
+  configurable: true,
+  enumerable: true,
 });
 
+function getRandomBytesAlias(key) {
+  return {
+    enumerable: false,
+    configurable: true,
+    get() {
+      let value;
+      if (getOptionValue('--pending-deprecation')) {
+        value = deprecate(
+          randomBytes,
+          `crypto.${key} is deprecated.`,
+          'DEP0115');
+      } else {
+        value = randomBytes;
+      }
+      ObjectDefineProperty(
+        this,
+        key,
+        {
+          enumerable: false,
+          configurable: true,
+          writable: true,
+          value: value
+        }
+      );
+      return value;
+    },
+    set(value) {
+      ObjectDefineProperty(
+        this,
+        key,
+        {
+          enumerable: true,
+          configurable: true,
+          writable: true,
+          value
+        }
+      );
+    }
+  };
+}
+
 ObjectDefineProperties(module.exports, {
   createCipher: {
     enumerable: false,
@@ -273,8 +335,8 @@ ObjectDefineProperties(module.exports, {
   },
   // crypto.fips is deprecated. DEP0093. Use crypto.getFips()/crypto.setFips()
   fips: {
-    get: fipsForced ? getFipsForced : getFipsCrypto,
-    set: fipsForced ? setFipsForced : setFipsCrypto
+    get: getFips,
+    set: setFips,
   },
   DEFAULT_ENCODING: {
     enumerable: false,
@@ -313,29 +375,7 @@ ObjectDefineProperties(module.exports, {
 
   // Aliases for randomBytes are deprecated.
   // The ecosystem needs those to exist for backwards compatibility.
-  prng: {
-    enumerable: false,
-    configurable: true,
-    writable: true,
-    value: pendingDeprecation ?
-      deprecate(randomBytes, 'crypto.prng is deprecated.', 'DEP0115') :
-      randomBytes
-  },
-  pseudoRandomBytes: {
-    enumerable: false,
-    configurable: true,
-    writable: true,
-    value: pendingDeprecation ?
-      deprecate(randomBytes,
-                'crypto.pseudoRandomBytes is deprecated.', 'DEP0115') :
-      randomBytes
-  },
-  rng: {
-    enumerable: false,
-    configurable: true,
-    writable: true,
-    value: pendingDeprecation ?
-      deprecate(randomBytes, 'crypto.rng is deprecated.', 'DEP0115') :
-      randomBytes
-  }
+  prng: getRandomBytesAlias('prng'),
+  pseudoRandomBytes: getRandomBytesAlias('pseudoRandomBytes'),
+  rng: getRandomBytesAlias('rng')
 });
diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
@@ -338,6 +338,8 @@ require('fs');
 require('v8');
 require('vm');
 require('url');
+require('internal/options');
+require('crypto');
 
 function setupPrepareStackTrace() {
   const {

diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js
@@ -61,7 +61,6 @@ const {
 const { isArrayBufferView } = require('internal/util/types');
 
 const { getOptionValue } = require('internal/options');
-const pendingDeprecation = getOptionValue('--pending-deprecation');
 
 function wrapKey(key, ctor) {
   if (typeof key === 'string' ||
@@ -199,6 +198,9 @@ function createJob(mode, type, options) {
       const {
         hash, mgf1Hash, hashAlgorithm, mgf1HashAlgorithm, saltLength
       } = options;
+
+      const pendingDeprecation = getOptionValue('--pending-deprecation');
+
       if (saltLength !== undefined && (!isInt32(saltLength) || saltLength < 0))
         throw new ERR_INVALID_ARG_VALUE('options.saltLength', saltLength);
       if (hashAlgorithm !== undefined && typeof hashAlgorithm !== 'string')

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -75,8 +75,6 @@ void Initialize(Local<Object> target,
                 void* priv) {
   Environment* env = Environment::GetCurrent(context);
 
-  // TODO(joyeecheung): this needs to be called again if the instance is
-  // deserialized from a snapshot with the crypto bindings.
   if (!InitCryptoOnce(env->isolate())) {
     return;
   }

diff --git a/src/node_external_reference.h b/src/node_external_reference.h
@@ -67,6 +67,7 @@ class ExternalReferenceRegistry {
   V(heap_utils)                                                                \
   V(messaging)                                                                 \
   V(native_module)                                                             \
+  V(options)                                                                   \
   V(os)                                                                        \
   V(performance)                                                               \
   V(process_methods)                                                           \

diff --git a/src/node_main_instance.cc b/src/node_main_instance.cc
@@ -1,5 +1,8 @@
 #include "node_main_instance.h"
 #include <memory>
+#if HAVE_OPENSSL
+#include "crypto/crypto_util.h"
+#endif  // HAVE_OPENSSL
 #include "debug_utils-inl.h"
 #include "node_external_reference.h"
 #include "node_internals.h"
@@ -205,6 +208,10 @@ NodeMainInstance::CreateMainEnvironment(int* exit_code,
     env->InitializeInspector({});
 #endif
     env->DoneBootstrapping();
+
+#if HAVE_OPENSSL
+    crypto::InitCryptoOnce(isolate_);
+#endif  // HAVE_OPENSSL
   } else {
     context = NewContext(isolate_);
     CHECK(!context.IsEmpty());

diff --git a/src/node_options.cc b/src/node_options.cc
@@ -3,6 +3,7 @@
 
 #include "env-inl.h"
 #include "node_binding.h"
+#include "node_external_reference.h"
 #include "node_internals.h"
 #if HAVE_OPENSSL
 #include "openssl/opensslv.h"
@@ -1133,6 +1134,10 @@ void Initialize(Local<Object> target,
       .Check();
 }
 
+void RegisterExternalReferences(ExternalReferenceRegistry* registry) {
+  registry->Register(GetCLIOptions);
+  registry->Register(GetEmbedderOptions);
+}
 }  // namespace options_parser
 
 void HandleEnvOptions(std::shared_ptr<EnvironmentOptions> env_options) {
@@ -1199,3 +1204,5 @@ std::vector<std::string> ParseNodeOptionsEnvVar(
 }  // namespace node
 
 NODE_MODULE_CONTEXT_AWARE_INTERNAL(options, node::options_parser::Initialize)
+NODE_MODULE_EXTERNAL_REFERENCE(options,
+                               node::options_parser::RegisterExternalReferences)
diff --git a/test/parallel/test-bootstrap-modules.js b/test/parallel/test-bootstrap-modules.js
@@ -16,6 +16,7 @@ const expectedModules = new Set([
   'Internal Binding constants',
   'Internal Binding contextify',
   'Internal Binding credentials',
+  'Internal Binding crypto',
   'Internal Binding errors',
   'Internal Binding fs_dir',
   'Internal Binding fs_event_wrap',
@@ -44,6 +45,22 @@ const expectedModules = new Set([
   'Internal Binding v8',
   'Internal Binding worker',
   'NativeModule buffer',
+  'NativeModule crypto',
+  'NativeModule internal/crypto/certificate',
+  'NativeModule internal/crypto/cipher',
+  'NativeModule internal/crypto/diffiehellman',
+  'NativeModule internal/crypto/hash',
+  'NativeModule internal/crypto/hashnames',
+  'NativeModule internal/crypto/hkdf',
+  'NativeModule internal/crypto/keygen',
+  'NativeModule internal/crypto/keys',
+  'NativeModule internal/crypto/pbkdf2',
+  'NativeModule internal/crypto/random',
+  'NativeModule internal/crypto/scrypt',
+  'NativeModule internal/crypto/sig',
+  'NativeModule internal/crypto/util',
+  'NativeModule internal/crypto/x509',
+  'NativeModule internal/streams/lazy_transform',
   'NativeModule events',
   'NativeModule fs',
   'NativeModule internal/abort_controller',

diff --git a/test/parallel/test-crypto-random.js b/test/parallel/test-crypto-random.js
@@ -338,7 +338,6 @@ assert.throws(
   const desc = Object.getOwnPropertyDescriptor(crypto, f);
   assert.ok(desc);
   assert.strictEqual(desc.configurable, true);
-  assert.strictEqual(desc.writable, true);
   assert.strictEqual(desc.enumerable, false);
 });