-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto, string_bytes: treat buffer
str as utf8
#5522
crypto, string_bytes: treat buffer
str as utf8
#5522
Conversation
Do not treat crypto inputs as `binary` strings, convert them to Buffers using `new Buffer(..., 'utf8')`, or using newly updated StringBytes APIs.
See #5504 |
cc @nodejs/collaborators @nodejs/ctc |
Is this semver-major? |
It is. |
Can you remove |
Oh wait, the intent is to change the default, not remove it altogether? LGTM in that case. |
Thank you, @bnoordhuis . How should we handle this major breakage @nodejs/ctc ? There is hardly a way to deprecate it, because it is a change of default value. Should we just land it and write some blog posts on this change? |
Yeah, I think that's likely best. Not sure there's a better way. |
LGTM |
Landed in b010c87, thank you! |
Do not treat crypto inputs as `binary` strings, convert them to Buffers using `new Buffer(..., 'utf8')`, or using newly updated StringBytes APIs. PR-URL: #5522 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
@indutny Please don't land major changes so fast? |
Yeah... for stuff like this perhaps give it a day or two to give more people a chance to review. I wouldn't anticipate any issues with this one but still... |
Oh, sorry... What's our process on this? |
For a major I think it's something like at least 48 hours. |
@@ -811,7 +811,7 @@ or [buffers][`Buffer`]. The default value is `'buffer'`, which makes methods | |||
default to [`Buffer`][] objects. | |||
|
|||
The `crypto.DEFAULT_ENCODING` mechanism is provided for backwards compatibility | |||
with legacy programs that expect `'binary'` to be the default encoding. | |||
with legacy programs that expect `'utf8'` to be the default encoding. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sentence doesn't make much sense anymore since legacy programs were not assuming utf8
, but binary
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gosh, this is true.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May I ask you to submit follow-up PR to fix this?
For reference (so there can be broad agreement or else we can talk about updating it to be more accurate) from the current version of the Collaborator Guide:
It does not appear to be in the Collaborator Guide, but the doc for onboarding, or at least the one I bookmarked at my onboarding, says:
If that's still correct, it's probably worth mentioning in the Collaborator Guide. (We may also want to get at least a tiny bit more specific than "in some form".) |
For anything but trivial or otherwise urgent changes we should be leaving at least 48 hours. This is kind of major and deserves the chance for more discussion to flush out any possible objections. |
The default encoding was switched to utf8 in nodejs/node#5522
The default encoding was switched to utf8 in nodejs/node#5522
The default encoding was switched to utf8 in nodejs/node#5522
Just saw websockets/ws#716. Did someone write a blog post / example in docs on what Node users need to change (for example, with |
This PR made sweeping backwards-incompatible changes to the crypto API, but did not include documentation. cf. #10265 |
@sam-github clearly this PR changes all occurrences of |
So, that basically boils down to "existing behaviour was undocumented, so there were no docs to change", which is one way to look at it. I'm not necessarily saying that this PR shouldn't have landed without you being forced to document the crypto APIs, but I am saying that users of APIs like Which is why I commented here, so that future readers of this PR can know that the changes it made weren't documented. |
I agree we could do better on this. However, careful reader of docs would notice: https://github.com/nodejs/node/pull/5522/files#diff-efc9444c79e30e68a167275387a55aa6R813 Which says that default encoding is |
So I can't say that it was completely undocumented, just wasn't in |
PullRequest nodejs#5522 and nodejs#5500 described the change of the default encoding into UTF8 in crypto functions. This however was only changed for the non-streaming API. The streaming API still used binary as the default encoding. This commit will change the default streaming API encoding to UTF8 to make both APIs behave the same. It will also add tests to validate the behavior.
PullRequest #5522 and #5500 described the change of the default encoding into UTF8 in crypto functions. This however was only changed for the non-streaming API. The streaming API still used binary as the default encoding. This commit will change the default streaming API encoding to UTF8 to make both APIs behave the same. It will also add tests to validate the behavior. Refs: #5522 Refs: #5500 PR-URL: #8611 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
PullRequest nodejs#5522 and nodejs#5500 described the change of the default encoding into UTF8 in crypto functions. This however was only changed for the non-streaming API. The streaming API still used binary as the default encoding. This commit will change the default streaming API encoding to UTF8 to make both APIs behave the same. It will also add tests to validate the behavior. Refs: nodejs#5522 Refs: nodejs#5500 PR-URL: nodejs#8611 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Pull Request check-list
Please make sure to review and check all of these items:
make -j8 test
(UNIX) orvcbuild test nosign
(Windows) pass withthis change (including linting)?
test (or a benchmark) included?
existing APIs, or introduces new ones)?
NOTE: these things are not required to open a PR and can be done
afterwards / while the PR is open.
Affected core subsystem(s)
Please provide affected core subsystem(s) (like buffer, cluster, crypto, etc)
Description of change
Do not treat crypto inputs as
binary
strings, convert them to Buffersusing
new Buffer(..., 'utf8')
, or using newly updated StringBytesAPIs.