From 1640aeb680b12687b15253c1d1c4818fe7c09adc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 21 Mar 2023 11:47:49 +0100 Subject: [PATCH] crypto: remove obsolete SSL_OP_* constants MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit None of these constants have any effect in recent OpenSSL versions, not even in Node.js release lines that still use OpenSSL 1.1.1. It is likely rare that these options are still used (intentionally), and removing them is unlikely to break any existing applications. These constants can only be passed to the secureOptions option of tls.createSecureContext() and related APIs, and a value of undefined will be ignored. Similarly, if a bitwise combination of multiple options is used, undefined constants will not change the behavior because (a | undefined | b) === (a | b) for (small) integers a and b. Refs: https://github.com/nodejs/node/pull/46954 Refs: https://github.com/nodejs/node/pull/47066 PR-URL: https://github.com/nodejs/node/pull/47073 Reviewed-By: Filip Skokan Reviewed-By: Rafael Gonzaga Reviewed-By: Michaƫl Zasso --- src/node_constants.cc | 64 -------------------------- typings/internalBinding/constants.d.ts | 16 ------- 2 files changed, 80 deletions(-) diff --git a/src/node_constants.cc b/src/node_constants.cc index 6af450c281dd36..68b457fcd42aaa 100644 --- a/src/node_constants.cc +++ b/src/node_constants.cc @@ -844,42 +844,10 @@ void DefineCryptoConstants(Local target) { NODE_DEFINE_CONSTANT(target, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); #endif -#ifdef SSL_OP_EPHEMERAL_RSA - NODE_DEFINE_CONSTANT(target, SSL_OP_EPHEMERAL_RSA); -#endif - #ifdef SSL_OP_LEGACY_SERVER_CONNECT NODE_DEFINE_CONSTANT(target, SSL_OP_LEGACY_SERVER_CONNECT); #endif -#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER - NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); -#endif - -#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_SESS_ID_BUG); -#endif - -#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING - NODE_DEFINE_CONSTANT(target, SSL_OP_MSIE_SSLV2_RSA_PADDING); -#endif - -#ifdef SSL_OP_NETSCAPE_CA_DN_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CA_DN_BUG); -#endif - -#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CHALLENGE_BUG); -#endif - -#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); -#endif - -#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); -#endif - #ifdef SSL_OP_NO_COMPRESSION NODE_DEFINE_CONSTANT(target, SSL_OP_NO_COMPRESSION); #endif @@ -928,42 +896,10 @@ void DefineCryptoConstants(Local target) { NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_3); #endif -#ifdef SSL_OP_PKCS1_CHECK_1 - NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1); -#endif - -#ifdef SSL_OP_PKCS1_CHECK_2 - NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2); -#endif - #ifdef SSL_OP_PRIORITIZE_CHACHA NODE_DEFINE_CONSTANT(target, SSL_OP_PRIORITIZE_CHACHA); #endif -#ifdef SSL_OP_SINGLE_DH_USE - NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE); -#endif - -#ifdef SSL_OP_SINGLE_ECDH_USE - NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_ECDH_USE); -#endif - -#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); -#endif - -#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); -#endif - -#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_BLOCK_PADDING_BUG); -#endif - -#ifdef SSL_OP_TLS_D5_BUG - NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_D5_BUG); -#endif - #ifdef SSL_OP_TLS_ROLLBACK_BUG NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_ROLLBACK_BUG); #endif diff --git a/typings/internalBinding/constants.d.ts b/typings/internalBinding/constants.d.ts index 0b0fc90e264334..68fead278cc64e 100644 --- a/typings/internalBinding/constants.d.ts +++ b/typings/internalBinding/constants.d.ts @@ -197,15 +197,7 @@ declare function InternalBinding(binding: 'constants'): { SSL_OP_COOKIE_EXCHANGE: 8192; SSL_OP_CRYPTOPRO_TLSEXT_BUG: 2147483648; SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: 2048; - SSL_OP_EPHEMERAL_RSA: 0; SSL_OP_LEGACY_SERVER_CONNECT: 4; - SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: 0; - SSL_OP_MICROSOFT_SESS_ID_BUG: 0; - SSL_OP_MSIE_SSLV2_RSA_PADDING: 0; - SSL_OP_NETSCAPE_CA_DN_BUG: 0; - SSL_OP_NETSCAPE_CHALLENGE_BUG: 0; - SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: 0; - SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: 0; SSL_OP_NO_COMPRESSION: 131072; SSL_OP_NO_ENCRYPT_THEN_MAC: 524288; SSL_OP_NO_QUERY_MTU: 4096; @@ -218,15 +210,7 @@ declare function InternalBinding(binding: 'constants'): { SSL_OP_NO_TLSv1_1: 268435456; SSL_OP_NO_TLSv1_2: 134217728; SSL_OP_NO_TLSv1_3: 536870912; - SSL_OP_PKCS1_CHECK_1: 0; - SSL_OP_PKCS1_CHECK_2: 0; SSL_OP_PRIORITIZE_CHACHA: 2097152; - SSL_OP_SINGLE_DH_USE: 0; - SSL_OP_SINGLE_ECDH_USE: 0; - SSL_OP_SSLEAY_080_CLIENT_DH_BUG: 0; - SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: 0; - SSL_OP_TLS_BLOCK_PADDING_BUG: 0; - SSL_OP_TLS_D5_BUG: 0; SSL_OP_TLS_ROLLBACK_BUG: 8388608; ENGINE_METHOD_RSA: 1; ENGINE_METHOD_DSA: 2;