src: include crypto in the bootstrap snapshot

To lazy load the run time options, the following properties are updated from value properties to accessor properties whose getter would turn them back to a value properties upon the initial access. - crypto.constants.defaultCipherList - crypto.pseudoRandomBytes - crypto.prng - crypto.rng PR-URL: nodejs#42203 Refs: nodejs#37476 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Bradley Farias <bradley.meck@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
xtx1130 · Apr 25, 2022 · 916b26e · 916b26e
1 parent ed5a2df
commit 916b26e
Show file tree

Hide file tree

Showing 7 changed files with 110 additions and 41 deletions.
diff --git a/lib/crypto.js b/lib/crypto.js
@@ -40,8 +40,6 @@ const {
 } = require('internal/errors').codes;
 const constants = internalBinding('constants').crypto;
 const { getOptionValue } = require('internal/options');
-const pendingDeprecation = getOptionValue('--pending-deprecation');
-const fipsForced = getOptionValue('--force-fips');
 const {
   getFipsCrypto,
   setFipsCrypto,
@@ -221,8 +219,8 @@ module.exports = {
   sign: signOneShot,
   setEngine,
   timingSafeEqual,
-  getFips: fipsForced ? getFipsForced : getFipsCrypto,
-  setFips: fipsForced ? setFipsForced : setFipsCrypto,
+  getFips,
+  setFips,
   verify: verifyOneShot,
 
   // Classes
@@ -243,23 +241,87 @@ module.exports = {
   secureHeapUsed,
 };
 
-function setFipsForced(val) {
-  if (val) return;
-  throw new ERR_CRYPTO_FIPS_FORCED();
+function getFips() {
+  return getOptionValue('--force-fips') ? 1 : getFipsCrypto();
 }
 
-function getFipsForced() {
-  return 1;
+function setFips(val) {
+  if (getOptionValue('--force-fips')) {
+    if (val) return;
+    throw new ERR_CRYPTO_FIPS_FORCED();
+  } else {
+    setFipsCrypto(val);
+  }
 }
 
 function getRandomValues(array) {
   return lazyWebCrypto().crypto.getRandomValues(array);
 }
 
 ObjectDefineProperty(constants, 'defaultCipherList', {
-  value: getOptionValue('--tls-cipher-list')
+  get() {
+    const value = getOptionValue('--tls-cipher-list');
+    ObjectDefineProperty(this, 'defaultCipherList', {
+      writable: true,
+      configurable: true,
+      enumerable: true,
+      value
+    });
+    return value;
+  },
+  set(val) {
+    ObjectDefineProperty(this, 'defaultCipherList', {
+      writable: true,
+      configurable: true,
+      enumerable: true,
+      value: val
+    });
+  },
+  configurable: true,
+  enumerable: true,
 });
 
+function getRandomBytesAlias(key) {
+  return {
+    enumerable: false,
+    configurable: true,
+    get() {
+      let value;
+      if (getOptionValue('--pending-deprecation')) {
+        value = deprecate(
+          randomBytes,
+          `crypto.${key} is deprecated.`,
+          'DEP0115');
+      } else {
+        value = randomBytes;
+      }
+      ObjectDefineProperty(
+        this,
+        key,
+        {
+          enumerable: false,
+          configurable: true,
+          writable: true,
+          value: value
+        }
+      );
+      return value;
+    },
+    set(value) {
+      ObjectDefineProperty(
+        this,
+        key,
+        {
+          enumerable: true,
+          configurable: true,
+          writable: true,
+          value
+        }
+      );
+    }
+  };
+}
+
 ObjectDefineProperties(module.exports, {
   createCipher: {
     enumerable: false,
@@ -273,8 +335,8 @@ ObjectDefineProperties(module.exports, {
   },
   // crypto.fips is deprecated. DEP0093. Use crypto.getFips()/crypto.setFips()
   fips: {
-    get: fipsForced ? getFipsForced : getFipsCrypto,
-    set: fipsForced ? setFipsForced : setFipsCrypto
+    get: getFips,
+    set: setFips,
   },
   DEFAULT_ENCODING: {
     enumerable: false,
@@ -313,29 +375,7 @@ ObjectDefineProperties(module.exports, {
 
   // Aliases for randomBytes are deprecated.
   // The ecosystem needs those to exist for backwards compatibility.
-  prng: {
-    enumerable: false,
-    configurable: true,
-    writable: true,
-    value: pendingDeprecation ?
-      deprecate(randomBytes, 'crypto.prng is deprecated.', 'DEP0115') :
-      randomBytes
-  },
-  pseudoRandomBytes: {
-    enumerable: false,
-    configurable: true,
-    writable: true,
-    value: pendingDeprecation ?
-      deprecate(randomBytes,
-                'crypto.pseudoRandomBytes is deprecated.', 'DEP0115') :
-      randomBytes
-  },
-  rng: {
-    enumerable: false,
-    configurable: true,
-    writable: true,
-    value: pendingDeprecation ?
-      deprecate(randomBytes, 'crypto.rng is deprecated.', 'DEP0115') :
-      randomBytes
-  }
+  prng: getRandomBytesAlias('prng'),
+  pseudoRandomBytes: getRandomBytesAlias('pseudoRandomBytes'),
+  rng: getRandomBytesAlias('rng')
 });
diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
@@ -339,6 +339,9 @@ require('v8');
 require('vm');
 require('url');
 require('internal/options');
+if (config.hasOpenSSL) {
+  require('crypto');
+}
 
 function setupPrepareStackTrace() {
   const {

diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js
@@ -61,7 +61,6 @@ const {
 const { isArrayBufferView } = require('internal/util/types');
 
 const { getOptionValue } = require('internal/options');
-const pendingDeprecation = getOptionValue('--pending-deprecation');
 
 function wrapKey(key, ctor) {
   if (typeof key === 'string' ||
@@ -199,6 +198,9 @@ function createJob(mode, type, options) {
       const {
         hash, mgf1Hash, hashAlgorithm, mgf1HashAlgorithm, saltLength
       } = options;
+
+      const pendingDeprecation = getOptionValue('--pending-deprecation');
+
       if (saltLength !== undefined && (!isInt32(saltLength) || saltLength < 0))
         throw new ERR_INVALID_ARG_VALUE('options.saltLength', saltLength);
       if (hashAlgorithm !== undefined && typeof hashAlgorithm !== 'string')

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -75,8 +75,6 @@ void Initialize(Local<Object> target,
                 void* priv) {
   Environment* env = Environment::GetCurrent(context);
 
-  // TODO(joyeecheung): this needs to be called again if the instance is
-  // deserialized from a snapshot with the crypto bindings.
   if (!InitCryptoOnce(env->isolate())) {
     return;
   }

diff --git a/src/node_main_instance.cc b/src/node_main_instance.cc
@@ -1,5 +1,8 @@
 #include "node_main_instance.h"
 #include <memory>
+#if HAVE_OPENSSL
+#include "crypto/crypto_util.h"
+#endif  // HAVE_OPENSSL
 #include "debug_utils-inl.h"
 #include "node_external_reference.h"
 #include "node_internals.h"
@@ -205,6 +208,10 @@ NodeMainInstance::CreateMainEnvironment(int* exit_code,
     env->InitializeInspector({});
 #endif
     env->DoneBootstrapping();
+
+#if HAVE_OPENSSL
+    crypto::InitCryptoOnce(isolate_);
+#endif  // HAVE_OPENSSL
   } else {
     context = NewContext(isolate_);
     CHECK(!context.IsEmpty());

diff --git a/test/parallel/test-bootstrap-modules.js b/test/parallel/test-bootstrap-modules.js
@@ -206,6 +206,26 @@ if (process.env.NODE_V8_COVERAGE) {
   expectedModules.add('Internal Binding profiler');
 }
 
+if (common.hasCrypto) {
+  expectedModules.add('Internal Binding crypto');
+  expectedModules.add('NativeModule crypto');
+  expectedModules.add('NativeModule internal/crypto/certificate');
+  expectedModules.add('NativeModule internal/crypto/cipher');
+  expectedModules.add('NativeModule internal/crypto/diffiehellman');
+  expectedModules.add('NativeModule internal/crypto/hash');
+  expectedModules.add('NativeModule internal/crypto/hashnames');
+  expectedModules.add('NativeModule internal/crypto/hkdf');
+  expectedModules.add('NativeModule internal/crypto/keygen');
+  expectedModules.add('NativeModule internal/crypto/keys');
+  expectedModules.add('NativeModule internal/crypto/pbkdf2');
+  expectedModules.add('NativeModule internal/crypto/random');
+  expectedModules.add('NativeModule internal/crypto/scrypt');
+  expectedModules.add('NativeModule internal/crypto/sig');
+  expectedModules.add('NativeModule internal/crypto/util');
+  expectedModules.add('NativeModule internal/crypto/x509');
+  expectedModules.add('NativeModule internal/streams/lazy_transform');
+}
+
 const { internalBinding } = require('internal/test/binding');
 if (internalBinding('config').hasDtrace) {
   expectedModules.add('Internal Binding dtrace');

diff --git a/test/parallel/test-crypto-random.js b/test/parallel/test-crypto-random.js
@@ -338,7 +338,6 @@ assert.throws(
   const desc = Object.getOwnPropertyDescriptor(crypto, f);
   assert.ok(desc);
   assert.strictEqual(desc.configurable, true);
-  assert.strictEqual(desc.writable, true);
   assert.strictEqual(desc.enumerable, false);
 });