Skip to content

v12.11.1 release proposal #29796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
targos merged 33 commits into from
Oct 1, 2019
Merged

v12.11.1 release proposal #29796

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
b5c24df
doc: fix type of atime/mtime
exoego Sep 23, 2019
3f02855
module: move cjs type check behind flag
guybedford Sep 27, 2019
ab060bf
doc: clarify fs.symlink() usage
Granjow Sep 25, 2019
2ea4cc0
doc: clarify pipeline stream cleanup
ronag Sep 27, 2019
8d88010
src: try showing stack traces when process._fatalException is not set
joyeecheung Sep 20, 2019
a86b71f
src: disconnect inspector before exiting out of fatal exception
joyeecheung Sep 19, 2019
c361180
tools: make mailmap processing for author list case-insensitive
addaleax Sep 18, 2019
91e4cc7
doc: update AUTHORS list
addaleax Sep 18, 2019
04df7db
worker: keep allocators for transferred SAB instances alive longer
addaleax Sep 20, 2019
3de1fc6
doc: document that iv may be null when using createCipheriv()
BridgeAR Sep 23, 2019
6579b1a
doc,http: indicate callback is optional for message.setTimeout()
trivikr Sep 22, 2019
588b388
crypto: use byteLength in timingSafeEqual
tniessen Oct 8, 2018
64740d4
src: fix compiler warning in inspector_profiler.cc
danbev Sep 23, 2019
a04fc86
http2: optimize the altsvc Max bytes limit, define and use constants
rickyes Sep 23, 2019
17c3478
src: fix asan build for gcc/clang
devnexen Aug 31, 2019
2b76cb6
doc: remove align from tables
XhmikosR Sep 23, 2019
7a6b05a
doc: fix 404 links
XhmikosR Sep 23, 2019
c2791dc
doc: fix some recent nits
vsemozhetbyt Sep 23, 2019
0fc85ff
doc: specify `display=fallback` for Google Fonts
XhmikosR Sep 24, 2019
d258e02
doc: clarify stream errors while reading and writing
ronag Sep 22, 2019
1303e35
doc: clarify description of `readable.push()` method
ImHype Sep 25, 2019
d86f10c
doc: add KeyObject to type for crypto.createDecipheriv() argument
Sep 24, 2019
038cbb0
doc: fix output in inspector HeapProfile example
fanatid Sep 26, 2019
ef033d0
worker: fix process._fatalException return type
BridgeAR Sep 25, 2019
ae46196
build,win: goto lint only after defining node_exe
joaocgreis Sep 19, 2019
35e1d8c
build: include deps/v8/test/torque in source tarball
richardlau Sep 26, 2019
0041f1c
doc: sync security policy with nodejs.org
sam-github Sep 23, 2019
69f2634
tls: simplify setSecureContext() option parsing
cjihrig Sep 25, 2019
d1f4bef
module: pass full URL to loader for top-level load
guybedford Sep 27, 2019
298d927
deps: enable unit data in small-icu
targos Sep 27, 2019
2a6b7b0
test: fix flaky test-cluster-net-listen-ipv6only-none
Trott Sep 25, 2019
c3a1303
src: rename --loader to --experimental-loader
reasonablytall Sep 28, 2019
8507485
2019-10-01, Version 12.11.1 (Current)
targos Oct 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
crypto: use byteLength in timingSafeEqual 
PR-URL: #29657
Co-authored-by: ZaneHannanAU <[email protected]>
Co-authored-by: Rich Trott <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Minwoo Jung <[email protected]>
  • Loading branch information
@tniessen @ZaneHannanAU
@Trott @targos
3 people authored and targos committed Oct 1, 2019
commit 588b388181b2884a3f7197c462227ce05c4c2358
2 changes: 1 addition & 1 deletion lib/internal/crypto/util.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ function timingSafeEqual(buf1, buf2) {
throw new ERR_INVALID_ARG_TYPE('buf2',
['Buffer', 'TypedArray', 'DataView'], buf2);
}
if (buf1.length !== buf2.length) {
if (buf1.byteLength !== buf2.byteLength) {
throw new ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH();
}
return _timingSafeEqual(buf1, buf2);
Expand Down
2 changes: 1 addition & 1 deletion lib/internal/errors.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -750,7 +750,7 @@ E('ERR_CRYPTO_SCRYPT_NOT_SUPPORTED', 'Scrypt algorithm not supported', Error);
// Switch to TypeError. The current implementation does not seem right.
E('ERR_CRYPTO_SIGN_KEY_REQUIRED', 'No key provided to sign', Error);
E('ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH',
'Input buffers must have the same length', RangeError);
'Input buffers must have the same byte length', RangeError);
E('ERR_DNS_SET_SERVERS_FAILED', 'c-ares failed to set servers: "%s" [%s]',
Error);
E('ERR_DOMAIN_CALLBACK_NOT_AVAILABLE',
Expand Down
16 changes: 15 additions & 1 deletion test/sequential/test-crypto-timing-safe-equal.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,26 @@ assert.strictEqual(
false
);

{
// Test TypedArrays with different lengths but equal byteLengths.
const buf = crypto.randomBytes(16).buffer;
const a1 = new Uint8Array(buf);
const a2 = new Uint16Array(buf);
const a3 = new Uint32Array(buf);

for (const left of [a1, a2, a3]) {
for (const right of [a1, a2, a3]) {
assert.strictEqual(crypto.timingSafeEqual(left, right), true);
}
}
}

common.expectsError(
() => crypto.timingSafeEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 2])),
{
code: 'ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH',
type: RangeError,
message: 'Input buffers must have the same length'
message: 'Input buffers must have the same byte length'
}
);

Expand Down