diff options
author | Tobias Nießen <tniessen@tnie.de> | 2018-09-14 13:02:44 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2018-09-19 18:31:28 +0200 |
commit | 19ad6b8f72a9503d395d907bd9c190e816db3bed (patch) | |
tree | 8eb7cf83bf3f6d310fba3603eb0efb623437b260 /doc | |
parent | 92fd4fcd3d8496524e8ed1368314660b23d070bc (diff) | |
download | android-node-v8-19ad6b8f72a9503d395d907bd9c190e816db3bed.tar.gz android-node-v8-19ad6b8f72a9503d395d907bd9c190e816db3bed.tar.bz2 android-node-v8-19ad6b8f72a9503d395d907bd9c190e816db3bed.zip |
crypto: deprecate digest == null in PBKDF2
I assume that permitting digest === null was unintentional when
digest === undefined was deprecated since their behavior was
equivalent. The sha1 default for digest === null has somehow made it
through refactoring of the PBKDF2 module multiple times, even though
digest === undefined has been EOL for some time now.
This change deprecates setting digest to null so we can fix the
behavior in Node.js 12 or so.
PR-URL: https://github.com/nodejs/node/pull/22861
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api/crypto.md | 8 | ||||
-rw-r--r-- | doc/api/deprecations.md | 17 |
2 files changed, 16 insertions, 9 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 06d9281ba4..b7bf532d2f 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1786,8 +1786,8 @@ otherwise `err` will be `null`. By default, the successfully generated `derivedKey` will be passed to the callback as a [`Buffer`][]. An error will be thrown if any of the input arguments specify invalid values or types. -If `digest` is `null`, `'sha1'` will be used. This behavior will be deprecated -in a future version of Node.js. +If `digest` is `null`, `'sha1'` will be used. This behavior is deprecated, +please specify a `digest` explicitely. The `iterations` argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, @@ -1852,8 +1852,8 @@ applied to derive a key of the requested byte length (`keylen`) from the If an error occurs an `Error` will be thrown, otherwise the derived key will be returned as a [`Buffer`][]. -If `digest` is `null`, `'sha1'` will be used. This behavior will be deprecated -in a future version of Node.js. +If `digest` is `null`, `'sha1'` will be used. This behavior is deprecated, +please specify a `digest` explicitely. The `iterations` argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 4eb094f7ad..b14599f26b 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -227,24 +227,31 @@ to the `constants` property exposed by the relevant module. For instance, ### DEP0009: crypto.pbkdf2 without digest <!-- YAML changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/22861 + description: Runtime deprecation (for `digest === null`). - version: v8.0.0 pr-url: https://github.com/nodejs/node/pull/11305 - description: End-of-Life. + description: End-of-Life (for `digest === undefined`). - version: v6.12.0 pr-url: https://github.com/nodejs/node/pull/10116 description: A deprecation code has been assigned. - version: v6.0.0 pr-url: https://github.com/nodejs/node/pull/4047 - description: Runtime deprecation. + description: Runtime deprecation (for `digest === undefined`). --> -Type: End-of-Life +Type: Runtime Use of the [`crypto.pbkdf2()`][] API without specifying a digest was deprecated in Node.js 6.0 because the method defaulted to using the non-recommended `'SHA1'` digest. Previously, a deprecation warning was printed. Starting in -Node.js 8.0.0, calling `crypto.pbkdf2()` or `crypto.pbkdf2Sync()` with an -undefined `digest` will throw a `TypeError`. +Node.js 8.0.0, calling `crypto.pbkdf2()` or `crypto.pbkdf2Sync()` with +`digest` set to `undefined` will throw a `TypeError`. + +Beginning in Node.js REPLACEME, calling these functions with `digest` set to +`null` will print a deprecation warning to align with the behavior when `digest` +is `undefined`. <a id="DEP0010"></a> ### DEP0010: crypto.createCredentials |