diff options
| author | James M Snell <jasnell@gmail.com> | 2021-01-04 09:06:26 -0800 |
|---|---|---|
| committer | James M Snell <jasnell@gmail.com> | 2021-01-11 10:39:00 -0800 |
| commit | 03c056401f23fe83ab6f16741759182e95a407bd (patch) | |
| tree | 6154d6acc17d824790e7664b0fa9a1564bb77dc4 /src/node_options.h | |
| parent | b4378aa38a7971b4da35210f8ced8961fdf3bf41 (diff) | |
| download | node-new-03c056401f23fe83ab6f16741759182e95a407bd.tar.gz | |
crypto: implement basic secure heap support
Adds two new command line arguments:
* `--secure-heap=n`, which causes node.js to initialize
an openssl secure heap of `n` bytes on openssl initialization.
* `--secure-heap-min=n`, which specifies the minimum allocation
from the secure heap.
* A new method `crypto.secureHeapUsed()` that returns details
about the total and used secure heap allocation.
The secure heap is an openssl feature that allows certain kinds
of potentially sensitive information (such as private key
BigNums) to be allocated from a dedicated memory area that is
protected against pointer over- and underruns.
The secure heap is a fixed size, so it's important that users
pick a large enough size to cover the crypto operations they
intend to utilize.
The secure heap is disabled by default.
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/36779
Refs: https://github.com/nodejs/node/pull/36729
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'src/node_options.h')
| -rw-r--r-- | src/node_options.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/node_options.h b/src/node_options.h index 84ee8e34bc..555adb246a 100644 --- a/src/node_options.h +++ b/src/node_options.h @@ -236,6 +236,8 @@ class PerProcessOptions : public Options { #if HAVE_OPENSSL std::string openssl_config; std::string tls_cipher_list = DEFAULT_CIPHER_LIST_CORE; + int64_t secure_heap = 0; + int64_t secure_heap_min = 2; #ifdef NODE_OPENSSL_CERT_STORE bool ssl_openssl_cert_store = true; #else |