From 933d8eb689bb4bc412e71c0069bf9b7b24de4f9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Thu, 2 Aug 2018 15:23:09 +0200 Subject: [PATCH] crypto: move createCipher to runtime deprecation PR-URL: https://github.com/nodejs/node/pull/22089 Reviewed-By: Tiancheng "Timothy" Gu Reviewed-By: Yihong Wang Reviewed-By: Luigi Pinca Reviewed-By: Ujjwal Sharma Reviewed-By: James M Snell Reviewed-By: Colin Ihrig --- doc/api/deprecations.md | 2 +- lib/crypto.js | 12 ++++++++++-- test/parallel/test-crypto-authenticated.js | 6 ++++-- test/parallel/test-crypto-cipher-decipher.js | 13 +++++++++---- .../test-process-emit-warning-from-native.js | 11 ++++++++--- 5 files changed, 32 insertions(+), 12 deletions(-) diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 88101adb35ad78..97042cbc7f86e7 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -954,7 +954,7 @@ Type: End-of-Life ### DEP0106: crypto.createCipher and crypto.createDecipher -Type: Documentation-only +Type: Runtime Using [`crypto.createCipher()`][] and [`crypto.createDecipher()`][] should be avoided as they use a weak key derivation function (MD5 with no salt) and static diff --git a/lib/crypto.js b/lib/crypto.js index b085f99f85e29b..fa9412bc85289d 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -140,9 +140,7 @@ function createVerify(algorithm, options) { module.exports = exports = { // Methods _toBuf: toBuf, - createCipher, createCipheriv, - createDecipher, createDecipheriv, createDiffieHellman, createDiffieHellmanGroup, @@ -209,6 +207,16 @@ function getFipsForced() { } Object.defineProperties(exports, { + createCipher: { + enumerable: false, + value: deprecate(createCipher, + 'crypto.createCipher is deprecated.', 'DEP0106') + }, + createDecipher: { + enumerable: false, + value: deprecate(createDecipher, + 'crypto.createDecipher is deprecated.', 'DEP0106') + }, // crypto.fips is deprecated. DEP0093. Use crypto.getFips()/crypto.setFips() fips: { get: !fipsMode ? getFipsDisabled : diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js index f559327229c1bc..c7e89d6244d2d7 100644 --- a/test/parallel/test-crypto-authenticated.js +++ b/test/parallel/test-crypto-authenticated.js @@ -71,8 +71,10 @@ const expectedWarnings = common.hasFipsCrypto ? ['Use Cipheriv for counter mode of aes-256-ccm', common.noWarnCode] ]; -const expectedDeprecationWarnings = ['crypto.DEFAULT_ENCODING is deprecated.', - 'DEP0091']; +const expectedDeprecationWarnings = [ + ['crypto.DEFAULT_ENCODING is deprecated.', 'DEP0091'], + ['crypto.createCipher is deprecated.', 'DEP0106'] +]; common.expectWarning({ Warning: expectedWarnings, diff --git a/test/parallel/test-crypto-cipher-decipher.js b/test/parallel/test-crypto-cipher-decipher.js index 89d070aaa8255a..81c5f32d492839 100644 --- a/test/parallel/test-crypto-cipher-decipher.js +++ b/test/parallel/test-crypto-cipher-decipher.js @@ -10,6 +10,15 @@ if (common.hasFipsCrypto) const crypto = require('crypto'); const assert = require('assert'); +common.expectWarning({ + Warning: [ + ['Use Cipheriv for counter mode of aes-256-gcm', common.noWarnCode] + ], + DeprecationWarning: [ + ['crypto.createCipher is deprecated.', 'DEP0106'] + ] +}); + function testCipher1(key) { // Test encryption and decryption const plaintext = 'Keep this a secret? No! Tell everyone about node.js!'; @@ -235,10 +244,6 @@ testCipher2(Buffer.from('0123456789abcdef')); const aadbuf = Buffer.from('aadbuf'); const data = Buffer.from('test-crypto-cipher-decipher'); - common.expectWarning('Warning', - 'Use Cipheriv for counter mode of aes-256-gcm', - common.noWarnCode); - const cipher = crypto.createCipher('aes-256-gcm', key); cipher.setAAD(aadbuf); cipher.setAutoPadding(); diff --git a/test/parallel/test-process-emit-warning-from-native.js b/test/parallel/test-process-emit-warning-from-native.js index d3e2454ada3f09..530b7a24047b92 100644 --- a/test/parallel/test-process-emit-warning-from-native.js +++ b/test/parallel/test-process-emit-warning-from-native.js @@ -11,9 +11,14 @@ const crypto = require('crypto'); const key = '0123456789'; { - common.expectWarning('Warning', - 'Use Cipheriv for counter mode of aes-256-gcm', - common.noWarnCode); + common.expectWarning({ + DeprecationWarning: [ + ['crypto.createCipher is deprecated.', 'DEP0106'] + ], + Warning: [ + ['Use Cipheriv for counter mode of aes-256-gcm', common.noWarnCode] + ] + }); // Emits regular warning expected by expectWarning() crypto.createCipher('aes-256-gcm', key);