Skip to content

crypto: changes to async handling #59841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
+126 −81
Closed

crypto: changes to async handling #59841

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c7580e8
crypto: avoid calls to `promise.catch()`
Renegade334 Sep 9, 2025
e8047b4
crypto: use async functions for non-stub Promise-returning functions
Renegade334 Sep 9, 2025
40f03d4
crypto: use `return await` when returning Promises from async functions
Renegade334 Sep 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 13 additions & 11 deletions lib/internal/crypto/aes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ const {
ArrayBufferPrototypeSlice,
ArrayFrom,
ArrayPrototypePush,
PromiseReject,
SafeSet,
TypedArrayPrototypeSlice,
} = primordials;
Expand Down Expand Up @@ -144,7 +143,7 @@ function asyncAesKwCipher(mode, key, data) {
getVariant('AES-KW', key[kAlgorithm].length)));
}

function asyncAesGcmCipher(mode, key, data, algorithm) {
async function asyncAesGcmCipher(mode, key, data, algorithm) {
const { tagLength = 128 } = algorithm;

const tagByteLength = tagLength / 8;
Expand All @@ -160,9 +159,9 @@ function asyncAesGcmCipher(mode, key, data, algorithm) {
// > If *plaintext* has a length less than *tagLength* bits, then `throw`
// > an `OperationError`.
if (tagByteLength > tag.byteLength) {
return PromiseReject(lazyDOMException(
throw lazyDOMException(
'The provided data is too small.',
'OperationError'));
'OperationError');
}

data = slice(data, 0, -tagByteLength);
Expand All @@ -173,7 +172,7 @@ function asyncAesGcmCipher(mode, key, data, algorithm) {
break;
}

return jobPromise(() => new AESCipherJob(
return await jobPromise(() => new AESCipherJob(
kCryptoJobAsync,
mode,
key[kKeyObject][kHandle],
Expand All @@ -184,7 +183,7 @@ function asyncAesGcmCipher(mode, key, data, algorithm) {
algorithm.additionalData));
}

function asyncAesOcbCipher(mode, key, data, algorithm) {
async function asyncAesOcbCipher(mode, key, data, algorithm) {
const { tagLength = 128 } = algorithm;

const tagByteLength = tagLength / 8;
Expand All @@ -197,9 +196,9 @@ function asyncAesOcbCipher(mode, key, data, algorithm) {

// Similar to GCM, OCB requires the tag to be present for decryption
if (tagByteLength > tag.byteLength) {
return PromiseReject(lazyDOMException(
throw lazyDOMException(
'The provided data is too small.',
'OperationError'));
'OperationError');
}

data = slice(data, 0, -tagByteLength);
Expand All @@ -210,7 +209,7 @@ function asyncAesOcbCipher(mode, key, data, algorithm) {
break;
}

return jobPromise(() => new AESCipherJob(
return await jobPromise(() => new AESCipherJob(
kCryptoJobAsync,
mode,
key[kKeyObject][kHandle],
Expand Down Expand Up @@ -245,12 +244,15 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
'SyntaxError');
}

const key = await generateKey('aes', { length }).catch((err) => {
let key;
try {
key = await generateKey('aes', { length });
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason' +
`[${err.message}]`,
{ name: 'OperationError', cause: err });
});
}

return new InternalCryptoKey(
key,
Expand Down
11 changes: 7 additions & 4 deletions lib/internal/crypto/cfrg.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,11 +149,14 @@ async function cfrgGenerateKey(algorithm, extractable, keyUsages) {
break;
}

const keyPair = await generateKeyPair(genKeyType).catch((err) => {
let keyPair;
try {
keyPair = await generateKeyPair(genKeyType);
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
{ name: 'OperationError', cause: err });
});
}

let publicUsages;
let privateUsages;
Expand Down Expand Up @@ -340,14 +343,14 @@ function cfrgImportKey(
extractable);
}

function eddsaSignVerify(key, data, algorithm, signature) {
async function eddsaSignVerify(key, data, algorithm, signature) {
const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
const type = mode === kSignJobModeSign ? 'private' : 'public';

if (key[kKeyType] !== type)
throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');

return jobPromise(() => new SignJob(
return await jobPromise(() => new SignJob(
kCryptoJobAsync,
mode,
key[kKeyObject][kHandle],
Expand Down
16 changes: 9 additions & 7 deletions lib/internal/crypto/chacha20_poly1305.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ const {
ArrayBufferIsView,
ArrayBufferPrototypeSlice,
ArrayFrom,
PromiseReject,
SafeSet,
TypedArrayPrototypeSlice,
} = primordials;
Expand Down Expand Up @@ -47,17 +46,17 @@ function validateKeyLength(length) {
throw lazyDOMException('Invalid key length', 'DataError');
}

function c20pCipher(mode, key, data, algorithm) {
async function c20pCipher(mode, key, data, algorithm) {
let tag;
switch (mode) {
case kWebCryptoCipherDecrypt: {
const slice = ArrayBufferIsView(data) ?
TypedArrayPrototypeSlice : ArrayBufferPrototypeSlice;

if (data.byteLength < 16) {
return PromiseReject(lazyDOMException(
throw lazyDOMException(
'The provided data is too small.',
'OperationError'));
'OperationError');
}

tag = slice(data, -16);
Expand All @@ -69,7 +68,7 @@ function c20pCipher(mode, key, data, algorithm) {
break;
}

return jobPromise(() => new ChaCha20Poly1305CipherJob(
return await jobPromise(() => new ChaCha20Poly1305CipherJob(
kCryptoJobAsync,
mode,
key[kKeyObject][kHandle],
Expand All @@ -91,12 +90,15 @@ async function c20pGenerateKey(algorithm, extractable, keyUsages) {
'SyntaxError');
}

const keyData = await randomBytes(32).catch((err) => {
let keyData;
try {
keyData = await randomBytes(32);
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason' +
`[${err.message}]`,
{ name: 'OperationError', cause: err });
});
}

return new InternalCryptoKey(
createSecretKey(keyData),
Expand Down
15 changes: 9 additions & 6 deletions lib/internal/crypto/ec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,11 +97,14 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) {
// Fall through
}

const keypair = await generateKeyPair('ec', { namedCurve }).catch((err) => {
let keyPair;
try {
keyPair = await generateKeyPair('ec', { namedCurve });
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
{ name: 'OperationError', cause: err });
});
}

let publicUsages;
let privateUsages;
Expand All @@ -120,14 +123,14 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) {

const publicKey =
new InternalCryptoKey(
keypair.publicKey,
keyPair.publicKey,
keyAlgorithm,
publicUsages,
true);

const privateKey =
new InternalCryptoKey(
keypair.privateKey,
keyPair.privateKey,
keyAlgorithm,
privateUsages,
extractable);
Expand Down Expand Up @@ -281,7 +284,7 @@ function ecImportKey(
extractable);
}

function ecdsaSignVerify(key, data, { name, hash }, signature) {
async function ecdsaSignVerify(key, data, { name, hash }, signature) {
const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
const type = mode === kSignJobModeSign ? 'private' : 'public';

Expand All @@ -290,7 +293,7 @@ function ecdsaSignVerify(key, data, { name, hash }, signature) {

const hashname = normalizeHashName(hash.name);

return jobPromise(() => new SignJob(
return await jobPromise(() => new SignJob(
kCryptoJobAsync,
mode,
key[kKeyObject][kHandle],
Expand Down
2 changes: 1 addition & 1 deletion lib/internal/crypto/hash.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ async function asyncDigest(algorithm, data) {
case 'cSHAKE128':
// Fall through
case 'cSHAKE256':
return jobPromise(() => new HashJob(
return await jobPromise(() => new HashJob(
kCryptoJobAsync,
normalizeHashName(algorithm.name),
data,
Expand Down
14 changes: 10 additions & 4 deletions lib/internal/crypto/mac.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,14 @@ async function hmacGenerateKey(algorithm, extractable, keyUsages) {
'SyntaxError');
}

const key = await generateKey('hmac', { length }).catch((err) => {
let key;
try {
key = await generateKey('hmac', { length });
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
{ name: 'OperationError', cause: err });
});
}

return new InternalCryptoKey(
key,
Expand All @@ -94,12 +97,15 @@ async function kmacGenerateKey(algorithm, extractable, keyUsages) {
'SyntaxError');
}

const keyData = await randomBytes(length / 8).catch((err) => {
let keyData;
try {
keyData = await randomBytes(length / 8);
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason' +
`[${err.message}]`,
{ name: 'OperationError', cause: err });
});
}

return new InternalCryptoKey(
createSecretKey(keyData),
Expand Down
11 changes: 7 additions & 4 deletions lib/internal/crypto/ml_dsa.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,11 +88,14 @@ async function mlDsaGenerateKey(algorithm, extractable, keyUsages) {
'SyntaxError');
}

const keyPair = await generateKeyPair(name.toLowerCase()).catch((err) => {
let keyPair;
try {
keyPair = await generateKeyPair(name.toLowerCase());
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
{ name: 'OperationError', cause: err });
});
}

const publicUsages = getUsagesUnion(usageSet, 'verify');
const privateUsages = getUsagesUnion(usageSet, 'sign');
Expand Down Expand Up @@ -284,14 +287,14 @@ function mlDsaImportKey(
extractable);
}

function mlDsaSignVerify(key, data, algorithm, signature) {
async function mlDsaSignVerify(key, data, algorithm, signature) {
const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
const type = mode === kSignJobModeSign ? 'private' : 'public';

if (key[kKeyType] !== type)
throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');

return jobPromise(() => new SignJob(
return await jobPromise(() => new SignJob(
kCryptoJobAsync,
mode,
key[kKeyObject][kHandle],
Expand Down
7 changes: 5 additions & 2 deletions lib/internal/crypto/ml_kem.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,14 @@ async function mlKemGenerateKey(algorithm, extractable, keyUsages) {
'SyntaxError');
}

const keyPair = await generateKeyPair(name.toLowerCase()).catch((err) => {
let keyPair;
try {
keyPair = await generateKeyPair(name.toLowerCase());
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
{ name: 'OperationError', cause: err });
});
}

const publicUsages = getUsagesUnion(usageSet, 'encapsulateBits', 'encapsulateKey');
const privateUsages = getUsagesUnion(usageSet, 'decapsulateBits', 'decapsulateKey');
Expand Down
25 changes: 14 additions & 11 deletions lib/internal/crypto/rsa.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ function validateRsaOaepAlgorithm(algorithm) {
}
}

function rsaOaepCipher(mode, key, data, algorithm) {
async function rsaOaepCipher(mode, key, data, algorithm) {
validateRsaOaepAlgorithm(algorithm);

const type = mode === kWebCryptoCipherEncrypt ? 'public' : 'private';
Expand All @@ -103,7 +103,7 @@ function rsaOaepCipher(mode, key, data, algorithm) {
'InvalidAccessError');
}

return jobPromise(() => new RSACipherJob(
return await jobPromise(() => new RSACipherJob(
kCryptoJobAsync,
mode,
key[kKeyObject][kHandle],
Expand Down Expand Up @@ -150,14 +150,17 @@ async function rsaKeyGenerate(
}
}

const keypair = await generateKeyPair('rsa', {
modulusLength,
publicExponent: publicExponentConverted,
}).catch((err) => {
let keyPair;
try {
keyPair = await generateKeyPair('rsa', {
modulusLength,
publicExponent: publicExponentConverted,
});
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
{ name: 'OperationError', cause: err });
});
}

const keyAlgorithm = {
name,
Expand All @@ -183,14 +186,14 @@ async function rsaKeyGenerate(

const publicKey =
new InternalCryptoKey(
keypair.publicKey,
keyPair.publicKey,
keyAlgorithm,
publicUsages,
true);

const privateKey =
new InternalCryptoKey(
keypair.privateKey,
keyPair.privateKey,
keyAlgorithm,
privateUsages,
extractable);
Expand Down Expand Up @@ -327,14 +330,14 @@ function rsaImportKey(
}, keyUsages, extractable);
}

function rsaSignVerify(key, data, { saltLength }, signature) {
async function rsaSignVerify(key, data, { saltLength }, signature) {
const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
const type = mode === kSignJobModeSign ? 'private' : 'public';

if (key[kKeyType] !== type)
throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');

return jobPromise(() => {
return await jobPromise(() => {
if (key[kAlgorithm].name === 'RSA-PSS') {
validateInt32(
saltLength,
Expand Down
Loading
Loading