src: start using ncrypto for CSPRNG calls

PR-URL: #53984 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Ethan Arrowood <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

Author: jasnell

src/crypto/crypto_context.cc

@@ -547,9 +547,9 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args){
 // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was
 // exposed in the public API. To retain compatibility, install a callback
 // which restores the old algorithm.
-if (CSPRNG(sc->ticket_key_name_, sizeof(sc->ticket_key_name_)).is_err() ||
-CSPRNG(sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_)).is_err() ||
-CSPRNG(sc->ticket_key_aes_, sizeof(sc->ticket_key_aes_)).is_err()){
+if (!ncrypto::CSPRNG(sc->ticket_key_name_, sizeof(sc->ticket_key_name_)) ||
+!ncrypto::CSPRNG(sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_)) ||
+!ncrypto::CSPRNG(sc->ticket_key_aes_, sizeof(sc->ticket_key_aes_))){
 returnTHROW_ERR_CRYPTO_OPERATION_FAILED(
  env, "Error generating ticket keys");
  }
@@ -1324,7 +1324,7 @@ int SecureContext::TicketCompatibilityCallback(SSL* ssl,
 
 if (enc){
 memcpy(name, sc->ticket_key_name_, sizeof(sc->ticket_key_name_));
-if (CSPRNG(iv, 16).is_err() ||
+if (!ncrypto::CSPRNG(iv, 16) ||
 EVP_EncryptInit_ex(
  ectx, EVP_aes_128_cbc(), nullptr, sc->ticket_key_aes_, iv) <= 0 ||
 HMAC_Init_ex(hctx,

src/crypto/crypto_keygen.cc

@@ -4,6 +4,7 @@
 #include"debug_utils-inl.h"
 #include"env-inl.h"
 #include"memory_tracker-inl.h"
+#include"ncrypto.h"
 #include"threadpoolwork-inl.h"
 #include"v8.h"
 
@@ -71,7 +72,7 @@ Maybe<bool> SecretKeyGenTraits::AdditionalConfig(
 KeyGenJobStatus SecretKeyGenTraits::DoKeyGen(Environment* env,
  SecretKeyGenConfig* params){
  ByteSource::Builder bytes(params->length);
-if (CSPRNG(bytes.data<unsignedchar>(), params->length).is_err())
+if (!ncrypto::CSPRNG(bytes.data<unsignedchar>(), params->length))
 return KeyGenJobStatus::FAILED;
  params->out = std::move(bytes).release();
 return KeyGenJobStatus::OK;

src/crypto/crypto_random.cc

@@ -3,6 +3,7 @@
 #include"crypto/crypto_util.h"
 #include"env-inl.h"
 #include"memory_tracker-inl.h"
+#include"ncrypto.h"
 #include"threadpoolwork-inl.h"
 #include"v8.h"
 
@@ -60,7 +61,7 @@ bool RandomBytesTraits::DeriveBits(
  Environment* env,
 const RandomBytesConfig& params,
  ByteSource* unused){
-returnCSPRNG(params.buffer, params.size).is_ok();
+returnncrypto::CSPRNG(params.buffer, params.size);
 }
 
 voidRandomPrimeConfig::MemoryInfo(MemoryTracker* tracker) const{
@@ -154,7 +155,7 @@ bool RandomPrimeTraits::DeriveBits(Environment* env,
  ByteSource* unused){
 // BN_generate_prime_ex() calls RAND_bytes_ex() internally.
 // Make sure the CSPRNG is properly seeded.
-CHECK(CSPRNG(nullptr, 0).is_ok());
+CHECK(ncrypto::CSPRNG(nullptr, 0));
 
 if (BN_generate_prime_ex(
  params.prime.get(),

src/crypto/crypto_util.cc

@@ -49,40 +49,6 @@ using v8::Value;
 
 namespacecrypto{
 
-MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length){
-unsignedchar* buf = static_cast<unsignedchar*>(buffer);
-do{
-if (1 == RAND_status()){
-#if OPENSSL_VERSION_MAJOR >= 3
-if (1 == RAND_bytes_ex(nullptr, buf, length, 0)) return{true};
-#else
-while (length > INT_MAX && 1 == RAND_bytes(buf, INT_MAX)){
- buf += INT_MAX;
- length -= INT_MAX;
- }
-if (length <= INT_MAX && 1 == RAND_bytes(buf, static_cast<int>(length)))
-return{true};
-#endif
- }
-#if OPENSSL_VERSION_MAJOR >= 3
-constauto code = ERR_peek_last_error();
-// A misconfigured OpenSSL 3 installation may report 1 from RAND_poll()
-// and RAND_status() but fail in RAND_bytes() if it cannot look up
-// a matching algorithm for the CSPRNG.
-if (ERR_GET_LIB(code) == ERR_LIB_RAND){
-constauto reason = ERR_GET_REASON(code);
-if (reason == RAND_R_ERROR_INSTANTIATING_DRBG ||
- reason == RAND_R_UNABLE_TO_FETCH_DRBG ||
- reason == RAND_R_UNABLE_TO_CREATE_DRBG){
-return{false};
- }
- }
-#endif
- } while (1 == RAND_poll());
-
-return{false};
-}
-
 intPasswordCallback(char* buf, int size, int rwflag, void* u){
 const ByteSource* passphrase = *static_cast<const ByteSource**>(u);
 if (passphrase != nullptr){

src/crypto/crypto_util.h

@@ -91,19 +91,6 @@ void InitCrypto(v8::Local<v8::Object> target);
 
 externvoidUseExtraCaCerts(const std::string& file);
 
-structCSPRNGResult{
-constbool ok;
- MUST_USE_RESULT boolis_ok() const{return ok}
- MUST_USE_RESULT boolis_err() const{return !ok}
-};
-
-// Either succeeds with exactly |length| bytes of cryptographically
-// strong pseudo-random data, or fails. This function may block.
-// Don't assume anything about the contents of |buffer| on error.
-// As a special case, |length == 0| can be used to check if the CSPRNG
-// is properly seeded without consuming entropy.
-MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length);
-
 intPasswordCallback(char* buf, int size, int rwflag, void* u);
 
 intNoPasswordCallback(char* buf, int size, int rwflag, void* u);

src/inspector_io.cc

@@ -1,16 +1,17 @@
 #include"inspector_io.h"
 
-#include"inspector_socket_server.h"
-#include"inspector/main_thread_interface.h"
-#include"inspector/node_string.h"
-#include"crypto/crypto_util.h"
 #include"base_object-inl.h"
+#include"crypto/crypto_util.h"
 #include"debug_utils-inl.h"
+#include"inspector/main_thread_interface.h"
+#include"inspector/node_string.h"
+#include"inspector_socket_server.h"
+#include"ncrypto.h"
 #include"node.h"
 #include"node_internals.h"
 #include"node_mutex.h"
-#include"v8-inspector.h"
 #include"util-inl.h"
+#include"v8-inspector.h"
 #include"zlib.h"
 
 #include<deque>
@@ -46,7 +47,7 @@ std::string ScriptPath(uv_loop_t* loop, const std::string& script_name){
 // Used ver 4 - with numbers
 std::string GenerateID(){
 uint16_t buffer[8];
-CHECK(crypto::CSPRNG(buffer, sizeof(buffer)).is_ok());
+CHECK(ncrypto::CSPRNG(buffer, sizeof(buffer)));
 
 char uuid[256];
 snprintf(uuid, sizeof(uuid), "%04x%04x-%04x-%04x-%04x-%04x%04x%04x",

src/node.cc

@@ -47,6 +47,7 @@
 #include"node_version.h"
 
 #if HAVE_OPENSSL
+#include"ncrypto.h"
 #include"node_crypto.h"
 #endif
 
@@ -1191,14 +1192,14 @@ InitializeOncePerProcessInternal(const std::vector<std::string>& args,
  }
 
 // Ensure CSPRNG is properly seeded.
-CHECK(crypto::CSPRNG(nullptr, 0).is_ok());
+CHECK(ncrypto::CSPRNG(nullptr, 0));
 
 V8::SetEntropySource([](unsignedchar* buffer, size_t length){
 // V8 falls back to very weak entropy when this function fails
 // and /dev/urandom isn't available. That wouldn't be so bad if
 // the entropy was only used for Math.random() but it's also used for
 // hash table and address space layout randomization. Better to abort.
-CHECK(crypto::CSPRNG(buffer, length).is_ok());
+CHECK(ncrypto::CSPRNG(buffer, length));
 returntrue;
  });
 #endif// !defined(OPENSSL_IS_BORINGSSL)

src/quic/cid.cc

@@ -5,6 +5,7 @@
 #include<node_mutex.h>
 #include<string_bytes.h>
 #include"nbytes.h"
+#include"ncrypto.h"
 #include"quic/defs.h"
 
 namespacenode{
@@ -132,7 +133,7 @@ class RandomCIDFactory : public CID::Factory{
 // a CID of the requested size, we regenerate the pool
 // and reset it to zero.
 if (pos_ + length_hint > kPoolSize){
-CHECK(crypto::CSPRNG(pool_, kPoolSize).is_ok());
+CHECK(ncrypto::CSPRNG(pool_, kPoolSize));
  pos_ = 0;
  }
  }

src/quic/endpoint.cc

@@ -19,6 +19,7 @@
 #include"application.h"
 #include"bindingdata.h"
 #include"defs.h"
+#include"ncrypto.h"
 
 namespacenode{
 
@@ -87,7 +88,7 @@ namespace{
 boolis_diagnostic_packet_loss(double probability){
 if (LIKELY(probability == 0.0)) returnfalse;
 unsignedchar c = 255;
-CHECK(crypto::CSPRNG(&c, 1).is_ok());
+CHECK(ncrypto::CSPRNG(&c, 1));
 return (static_cast<double>(c) / 255) < probability;
 }
 #endif// DEBUG

src/quic/packet.cc

@@ -14,6 +14,7 @@
 #include"bindingdata.h"
 #include"cid.h"
 #include"defs.h"
+#include"ncrypto.h"
 #include"tokens.h"
 
 namespacenode{
@@ -331,7 +332,7 @@ Packet* Packet::CreateStatelessResetPacket(
 
  StatelessResetToken token(token_secret, path_descriptor.dcid);
 uint8_t random[kRandlen];
-CHECK(crypto::CSPRNG(random, kRandlen).is_ok());
+CHECK(ncrypto::CSPRNG(random, kRandlen));
 
 auto packet = Create(env,
  listener,