src: cleanup more of crypto/ncrypto

Author: jasnell

deps/ncrypto/ncrypto.cc

@@ -2402,6 +2402,15 @@ EVPKeyPointer::operator Rsa() const {
   return Rsa(rsa);
 }
 
+EVPKeyPointer::operator Dsa() const {
+  int type = id();
+  if (type != EVP_PKEY_DSA) return {};
+
+  OSSL3_CONST DSA* dsa = EVP_PKEY_get0_DSA(get());
+  if (dsa == nullptr) return {};
+  return Dsa(dsa);
+}
+
 bool EVPKeyPointer::validateDsaParameters() const {
   if (!pkey_) return false;
     /* Validate DSA2 parameters from FIPS 186-4 */
@@ -2660,8 +2669,8 @@ bool SSLCtxPointer::setGroups(const char* groups) {
 
 // ============================================================================
 
-const Cipher Cipher::FromName(const char* name) {
-  return Cipher(EVP_get_cipherbyname(name));
+const Cipher Cipher::FromName(std::string_view name) {
+  return Cipher(EVP_get_cipherbyname(name.data()));
 }
 
 const Cipher Cipher::FromNid(int nid) {
@@ -2748,6 +2757,10 @@ bool Cipher::isSupportedAuthenticatedMode() const {
   }
 }
 
+bool Cipher::IsValidGCMTagLength(unsigned int tag_len) {
+  return tag_len == 4 || tag_len == 8 || (tag_len >= 12 && tag_len <= 16);
+}
+
 // ============================================================================
 
 CipherCtxPointer CipherCtxPointer::New() {
@@ -3902,4 +3915,34 @@ std::pair<std::string, std::string> X509Name::Iterator::operator*() const {
       std::string(reinterpret_cast<const char*>(value_str), value_str_size)};
 }
 
+// ============================================================================
+
+Dsa::Dsa() : dsa_(nullptr) {}
+
+Dsa::Dsa(OSSL3_CONST DSA* dsa) : dsa_(dsa) {}
+
+const BIGNUM* Dsa::getP() const {
+  if (dsa_ == nullptr) return nullptr;
+  const BIGNUM* p;
+  DSA_get0_pqg(dsa_, &p, nullptr, nullptr);
+  return p;
+}
+
+const BIGNUM* Dsa::getQ() const {
+  if (dsa_ == nullptr) return nullptr;
+  const BIGNUM* q;
+  DSA_get0_pqg(dsa_, nullptr, &q, nullptr);
+  return q;
+}
+
+size_t Dsa::getModulusLength() const {
+  if (dsa_ == nullptr) return 0;
+  return BignumPointer::GetBitCount(getP());
+}
+
+size_t Dsa::getDivisorLength() const {
+  if (dsa_ == nullptr) return 0;
+  return BignumPointer::GetBitCount(getQ());
+}
+
 }  // namespace ncrypto

deps/ncrypto/ncrypto.h

@@ -221,6 +221,7 @@ class ECDSASigPointer;
 class ECGroupPointer;
 class ECPointPointer;
 class ECKeyPointer;
+class Dsa;
 class Rsa;
 class Ec;
 
@@ -267,7 +268,7 @@ class Cipher final {
 
   bool isSupportedAuthenticatedMode() const;
 
-  static const Cipher FromName(const char* name);
+  static const Cipher FromName(std::string_view name);
   static const Cipher FromNid(int nid);
   static const Cipher FromCtx(const CipherCtxPointer& ctx);
 
@@ -292,10 +293,33 @@ class Cipher final {
                              const CipherParams& params,
                              const Buffer<const void> in);
 
+  static bool IsValidGCMTagLength(unsigned int tag_len);
+
  private:
   const EVP_CIPHER* cipher_ = nullptr;
 };
 
+// ============================================================================
+// DSA
+
+class Dsa final {
+ public:
+  Dsa();
+  Dsa(OSSL3_CONST DSA* dsa);
+  NCRYPTO_DISALLOW_COPY_AND_MOVE(Dsa)
+
+  inline operator bool() const { return dsa_ != nullptr; }
+  inline operator OSSL3_CONST DSA*() const { return dsa_; }
+
+  const BIGNUM* getP() const;
+  const BIGNUM* getQ() const;
+  size_t getModulusLength() const;
+  size_t getDivisorLength() const;
+
+ private:
+  OSSL3_CONST DSA* dsa_;
+};
+
 // ============================================================================
 // RSA
 
@@ -767,6 +791,7 @@ class EVPKeyPointer final {
   std::optional<uint32_t> getBytesOfRS() const;
   int getDefaultSignPadding() const;
   operator Rsa() const;
+  operator Dsa() const;
 
   bool isRsaVariant() const;
   bool isOneShotVariant() const;

src/crypto/crypto_cipher.cc

@@ -35,10 +35,6 @@ using v8::Value;
 
 namespace crypto {
 namespace {
-bool IsValidGCMTagLength(unsigned int tag_len) {
-  return tag_len == 4 || tag_len == 8 || (tag_len >= 12 && tag_len <= 16);
-}
-
 // Collects and returns information on the given cipher
 void GetCipherInfo(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
@@ -50,7 +46,7 @@ void GetCipherInfo(const FunctionCallbackInfo<Value>& args) {
   const auto cipher = ([&] {
     if (args[1]->IsString()) {
       Utf8Value name(env->isolate(), args[1]);
-      return Cipher::FromName(*name);
+      return Cipher::FromName(name.ToStringView());
     } else {
       int nid = args[1].As<Int32>()->Value();
       return Cipher::FromNid(nid);
@@ -166,16 +162,19 @@ void GetCipherInfo(const FunctionCallbackInfo<Value>& args) {
 }  // namespace
 
 void CipherBase::GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
+  MarkPopErrorOnReturn mark_pop_error_on_return;
   Environment* env = Environment::GetCurrent(args);
 
   auto ctx = SSLCtxPointer::New();
   if (!ctx) {
-    return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new");
+    return ThrowCryptoError(
+        env, mark_pop_error_on_return.peekError(), "SSL_CTX_new");
   }
 
   auto ssl = SSLPointer::New(ctx);
   if (!ssl) {
-    return ThrowCryptoError(env, ERR_get_error(), "SSL_new");
+    return ThrowCryptoError(
+        env, mark_pop_error_on_return.peekError(), "SSL_new");
   }
 
   LocalVector<Value> arr(env->isolate());
@@ -309,6 +308,7 @@ void CipherBase::CommonInit(const char* cipher_type,
                             const unsigned char* iv,
                             int iv_len,
                             unsigned int auth_tag_len) {
+  MarkPopErrorOnReturn mark_pop_error_on_return;
   CHECK(!ctx_);
   ctx_ = CipherCtxPointer::New();
   CHECK(ctx_);
@@ -319,14 +319,16 @@ void CipherBase::CommonInit(const char* cipher_type,
 
   const bool encrypt = (kind_ == kCipher);
   if (!ctx_.init(cipher, encrypt)) {
-    return ThrowCryptoError(env(), ERR_get_error(),
+    return ThrowCryptoError(env(),
+                            mark_pop_error_on_return.peekError(),
                             "Failed to initialize cipher");
   }
 
   if (cipher.isSupportedAuthenticatedMode()) {
     CHECK_GE(iv_len, 0);
-    if (!InitAuthenticated(cipher_type, iv_len, auth_tag_len))
+    if (!InitAuthenticated(cipher_type, iv_len, auth_tag_len)) {
       return;
+    }
   }
 
   if (!ctx_.setKeyLength(key_len)) {
@@ -335,7 +337,8 @@ void CipherBase::CommonInit(const char* cipher_type,
   }
 
   if (!ctx_.init(Cipher(), encrypt, key, iv)) {
-    return ThrowCryptoError(env(), ERR_get_error(),
+    return ThrowCryptoError(env(),
+                            mark_pop_error_on_return.peekError(),
                             "Failed to initialize cipher");
   }
 }
@@ -422,8 +425,9 @@ void CipherBase::InitIv(const char* cipher_type,
   const bool has_iv = iv_buf.size() > 0;
 
   // Throw if no IV was passed and the cipher requires an IV
-  if (!has_iv && expected_iv_len != 0)
+  if (!has_iv && expected_iv_len != 0) {
     return THROW_ERR_CRYPTO_INVALID_IV(env());
+  }
 
   // Throw if an IV was passed which does not match the cipher's fixed IV length
   // static_cast<int> for the iv_buf.size() is safe because we've verified
@@ -438,8 +442,9 @@ void CipherBase::InitIv(const char* cipher_type,
     // Check for invalid IV lengths, since OpenSSL does not under some
     // conditions:
     //   https://www.openssl.org/news/secadv/20190306.txt.
-    if (iv_buf.size() > 12)
+    if (iv_buf.size() > 12) {
       return THROW_ERR_CRYPTO_INVALID_IV(env());
+    }
   }
 
   CommonInit(
@@ -504,7 +509,7 @@ bool CipherBase::InitAuthenticated(
   const int mode = ctx_.getMode();
   if (mode == EVP_CIPH_GCM_MODE) {
     if (auth_tag_len != kNoAuthTagLength) {
-      if (!IsValidGCMTagLength(auth_tag_len)) {
+      if (!Cipher::IsValidGCMTagLength(auth_tag_len)) {
         THROW_ERR_CRYPTO_INVALID_AUTH_TAG(
           env(),
           "Invalid authentication tag length: %u",
@@ -595,9 +600,11 @@ void CipherBase::GetAuthTag(const FunctionCallbackInfo<Value>& args) {
     return;
   }
 
-  args.GetReturnValue().Set(
-      Buffer::Copy(env, cipher->auth_tag_, cipher->auth_tag_len_)
-          .FromMaybe(Local<Value>()));
+  Local<Value> ret;
+  if (Buffer::Copy(env, cipher->auth_tag_, cipher->auth_tag_len_)
+          .ToLocal(&ret)) {
+    args.GetReturnValue().Set(ret);
+  }
 }
 
 void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
@@ -624,7 +631,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
     // Restrict GCM tag lengths according to NIST 800-38d, page 9.
     is_valid = (cipher->auth_tag_len_ == kNoAuthTagLength ||
                 cipher->auth_tag_len_ == tag_len) &&
-               IsValidGCMTagLength(tag_len);
+               Cipher::IsValidGCMTagLength(tag_len);
   } else {
     // At this point, the tag length is already known and must match the
     // length of the given authentication tag.
@@ -693,12 +700,12 @@ bool CipherBase::SetAAD(
       return false;
     }
 
-    if (!CheckCCMMessageLength(plaintext_len))
+    if (!CheckCCMMessageLength(plaintext_len)) {
       return false;
+    }
 
-    if (kind_ == kDecipher) {
-      if (!MaybePassAuthTagToOpenSSL())
-        return false;
+    if (kind_ == kDecipher && !MaybePassAuthTagToOpenSSL()) {
+      return false;
     }
 
     ncrypto::Buffer<const unsigned char> buffer{
@@ -738,19 +745,20 @@ CipherBase::UpdateResult CipherBase::Update(
     const char* data,
     size_t len,
     std::unique_ptr<BackingStore>* out) {
-  if (!ctx_ || len > INT_MAX)
-    return kErrorState;
+  if (!ctx_ || len > INT_MAX) return kErrorState;
   MarkPopErrorOnReturn mark_pop_error_on_return;
 
   const int mode = ctx_.getMode();
 
-  if (mode == EVP_CIPH_CCM_MODE && !CheckCCMMessageLength(len))
+  if (mode == EVP_CIPH_CCM_MODE && !CheckCCMMessageLength(len)) {
     return kErrorMessageSize;
+  }
 
   // Pass the authentication tag to OpenSSL if possible. This will only happen
   // once, usually on the first update.
-  if (kind_ == kDecipher && IsAuthenticatedMode())
+  if (kind_ == kDecipher && IsAuthenticatedMode()) {
     CHECK(MaybePassAuthTagToOpenSSL());
+  }
 
   const int block_size = ctx_.getBlockSize();
   CHECK_GT(block_size, 0);
@@ -800,34 +808,38 @@ CipherBase::UpdateResult CipherBase::Update(
 }
 
 void CipherBase::Update(const FunctionCallbackInfo<Value>& args) {
-  Decode<CipherBase>(args, [](CipherBase* cipher,
-                              const FunctionCallbackInfo<Value>& args,
-                              const char* data, size_t size) {
-    std::unique_ptr<BackingStore> out;
-    Environment* env = Environment::GetCurrent(args);
-
-    if (size > INT_MAX) [[unlikely]] {
-      return THROW_ERR_OUT_OF_RANGE(env, "data is too long");
-    }
-    UpdateResult r = cipher->Update(data, size, &out);
-
-    if (r != kSuccess) {
-      if (r == kErrorState) {
-        ThrowCryptoError(env, ERR_get_error(),
-                         "Trying to add data in unsupported state");
-      }
-      return;
-    }
+  Decode<CipherBase>(
+      args,
+      [](CipherBase* cipher,
+         const FunctionCallbackInfo<Value>& args,
+         const char* data,
+         size_t size) {
+        MarkPopErrorOnReturn mark_pop_error_on_return;
+        std::unique_ptr<BackingStore> out;
+        Environment* env = Environment::GetCurrent(args);
+
+        if (size > INT_MAX) [[unlikely]] {
+          return THROW_ERR_OUT_OF_RANGE(env, "data is too long");
+        }
+        UpdateResult r = cipher->Update(data, size, &out);
+
+        if (r != kSuccess) {
+          if (r == kErrorState) {
+            ThrowCryptoError(env,
+                             mark_pop_error_on_return.peekError(),
+                             "Trying to add data in unsupported state");
+          }
+          return;
+        }
 
-    Local<ArrayBuffer> ab = ArrayBuffer::New(env->isolate(), std::move(out));
-    args.GetReturnValue().Set(
-        Buffer::New(env, ab, 0, ab->ByteLength()).FromMaybe(Local<Value>()));
-  });
+        auto ab = ArrayBuffer::New(env->isolate(), std::move(out));
+        args.GetReturnValue().Set(Buffer::New(env, ab, 0, ab->ByteLength())
+                                      .FromMaybe(Local<Value>()));
+      });
 }
 
 bool CipherBase::SetAutoPadding(bool auto_padding) {
-  if (!ctx_)
-    return false;
+  if (!ctx_) return false;
   MarkPopErrorOnReturn mark_pop_error_on_return;
   return ctx_.setPadding(auto_padding);
 }
@@ -841,8 +853,7 @@ void CipherBase::SetAutoPadding(const FunctionCallbackInfo<Value>& args) {
 }
 
 bool CipherBase::Final(std::unique_ptr<BackingStore>* out) {
-  if (!ctx_)
-    return false;
+  if (!ctx_) return false;
 
   const int mode = ctx_.getMode();
 
@@ -906,11 +917,13 @@ bool CipherBase::Final(std::unique_ptr<BackingStore>* out) {
 
 void CipherBase::Final(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
+  MarkPopErrorOnReturn mark_pop_error_on_return;
 
   CipherBase* cipher;
   ASSIGN_OR_RETURN_UNWRAP(&cipher, args.This());
-  if (cipher->ctx_ == nullptr)
+  if (cipher->ctx_ == nullptr) {
     return THROW_ERR_CRYPTO_INVALID_STATE(env);
+  }
 
   std::unique_ptr<BackingStore> out;
 
@@ -923,10 +936,10 @@ void CipherBase::Final(const FunctionCallbackInfo<Value>& args) {
                           ? "Unsupported state or unable to authenticate data"
                           : "Unsupported state";
 
-    return ThrowCryptoError(env, ERR_get_error(), msg);
+    return ThrowCryptoError(env, mark_pop_error_on_return.peekError(), msg);
   }
 
-  Local<ArrayBuffer> ab = ArrayBuffer::New(env->isolate(), std::move(out));
+  auto ab = ArrayBuffer::New(env->isolate(), std::move(out));
   args.GetReturnValue().Set(
       Buffer::New(env, ab, 0, ab->ByteLength()).FromMaybe(Local<Value>()));
 }
@@ -974,8 +987,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
   auto data = KeyObjectData::GetPublicOrPrivateKeyFromJs(args, &offset);
   if (!data) return;
   const auto& pkey = data.GetAsymmetricKey();
-  if (!pkey)
-    return;
+  if (!pkey) return;
 
   ArrayBufferOrViewContents<unsigned char> buf(args[offset]);
   if (!buf.CheckSizeInt32()) [[unlikely]] {

src/crypto/crypto_dh.cc

@@ -524,11 +524,11 @@ bool DHBitsTraits::DeriveBits(
   return true;
 }
 
-Maybe<void> GetDhKeyDetail(Environment* env,
-                           const KeyObjectData& key,
-                           Local<Object> target) {
+bool GetDhKeyDetail(Environment* env,
+                    const KeyObjectData& key,
+                    Local<Object> target) {
   CHECK_EQ(key.GetAsymmetricKey().id(), EVP_PKEY_DH);
-  return JustVoid();
+  return true;
 }
 
 void DiffieHellman::Initialize(Environment* env, Local<Object> target) {

src/crypto/crypto_dh.h

@@ -115,9 +115,9 @@ struct DHBitsTraits final {
 
 using DHBitsJob = DeriveBitsJob<DHBitsTraits>;
 
-v8::Maybe<void> GetDhKeyDetail(Environment* env,
-                               const KeyObjectData& key,
-                               v8::Local<v8::Object> target);
+bool GetDhKeyDetail(Environment* env,
+                    const KeyObjectData& key,
+                    v8::Local<v8::Object> target);
 
 }  // namespace crypto
 }  // namespace node

src/crypto/crypto_dsa.cc

@@ -14,14 +14,13 @@
 
 namespace node {
 
-using ncrypto::BignumPointer;
+using ncrypto::Dsa;
 using ncrypto::EVPKeyCtxPointer;
 using v8::FunctionCallbackInfo;
 using v8::Int32;
 using v8::JustVoid;
 using v8::Local;
 using v8::Maybe;
-using v8::Nothing;
 using v8::Number;
 using v8::Object;
 using v8::Uint32;
@@ -106,41 +105,28 @@ WebCryptoKeyExportStatus DSAKeyExportTraits::DoExport(
   }
 }
 
-Maybe<void> GetDsaKeyDetail(Environment* env,
-                            const KeyObjectData& key,
-                            Local<Object> target) {
-  const BIGNUM* p;  // Modulus length
-  const BIGNUM* q;  // Divisor length
-
-  Mutex::ScopedLock lock(key.mutex());
-  const auto& m_pkey = key.GetAsymmetricKey();
-  int type = m_pkey.id();
-  CHECK(type == EVP_PKEY_DSA);
-
-  const DSA* dsa = EVP_PKEY_get0_DSA(m_pkey.get());
-  CHECK_NOT_NULL(dsa);
-
-  DSA_get0_pqg(dsa, &p, &q, nullptr);
-
-  size_t modulus_length = BignumPointer::GetBitCount(p);
-  size_t divisor_length = BignumPointer::GetBitCount(q);
-
-  if (target
-          ->Set(
-              env->context(),
-              env->modulus_length_string(),
-              Number::New(env->isolate(), static_cast<double>(modulus_length)))
-          .IsNothing() ||
-      target
-          ->Set(
-              env->context(),
-              env->divisor_length_string(),
-              Number::New(env->isolate(), static_cast<double>(divisor_length)))
-          .IsNothing()) {
-    return Nothing<void>();
-  }
-
-  return JustVoid();
+bool GetDsaKeyDetail(Environment* env,
+                     const KeyObjectData& key,
+                     Local<Object> target) {
+  if (!key) return false;
+  Dsa dsa = key.GetAsymmetricKey();
+  if (!dsa) return false;
+
+  size_t modulus_length = dsa.getModulusLength();
+  size_t divisor_length = dsa.getDivisorLength();
+
+  return target
+             ->Set(env->context(),
+                   env->modulus_length_string(),
+                   Number::New(env->isolate(),
+                               static_cast<double>(modulus_length)))
+             .IsJust() &&
+         target
+             ->Set(env->context(),
+                   env->divisor_length_string(),
+                   Number::New(env->isolate(),
+                               static_cast<double>(divisor_length)))
+             .IsJust();
 }
 
 namespace DSAAlg {

src/crypto/crypto_dsa.h

@@ -10,8 +10,7 @@
 #include "memory_tracker.h"
 #include "v8.h"
 
-namespace node {
-namespace crypto {
+namespace node::crypto {
 struct DsaKeyPairParams final : public MemoryRetainer {
   unsigned int modulus_bits;
   int divisor_bits;
@@ -60,16 +59,15 @@ struct DSAKeyExportTraits final {
 
 using DSAKeyExportJob = KeyExportJob<DSAKeyExportTraits>;
 
-v8::Maybe<void> GetDsaKeyDetail(Environment* env,
-                                const KeyObjectData& key,
-                                v8::Local<v8::Object> target);
+bool GetDsaKeyDetail(Environment* env,
+                     const KeyObjectData& key,
+                     v8::Local<v8::Object> target);
 
 namespace DSAAlg {
 void Initialize(Environment* env, v8::Local<v8::Object> target);
 void RegisterExternalReferences(ExternalReferenceRegistry* registry);
 }  // namespace DSAAlg
-}  // namespace crypto
-}  // namespace node
+}  // namespace node::crypto
 
 #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 #endif  // SRC_CRYPTO_CRYPTO_DSA_H_

src/crypto/crypto_ec.cc

@@ -697,9 +697,9 @@ WebCryptoKeyExportStatus ECKeyExportTraits::DoExport(
   }
 }
 
-Maybe<void> ExportJWKEcKey(Environment* env,
-                           const KeyObjectData& key,
-                           Local<Object> target) {
+bool ExportJWKEcKey(Environment* env,
+                    const KeyObjectData& key,
+                    Local<Object> target) {
   Mutex::ScopedLock lock(key.mutex());
   const auto& m_pkey = key.GetAsymmetricKey();
   CHECK_EQ(m_pkey.id(), EVP_PKEY_EC);
@@ -720,14 +720,14 @@ Maybe<void> ExportJWKEcKey(Environment* env,
   if (!EC_POINT_get_affine_coordinates(group, pub, x.get(), y.get(), nullptr)) {
     ThrowCryptoError(env, ERR_get_error(),
                      "Failed to get elliptic-curve point coordinates");
-    return Nothing<void>();
+    return false;
   }
 
   if (target->Set(
           env->context(),
           env->jwk_kty_string(),
           env->jwk_ec_string()).IsNothing()) {
-    return Nothing<void>();
+    return false;
   }
 
   if (SetEncodedValue(
@@ -742,7 +742,7 @@ Maybe<void> ExportJWKEcKey(Environment* env,
           env->jwk_y_string(),
           y.get(),
           degree_bytes).IsNothing()) {
-    return Nothing<void>();
+    return false;
   }
 
   Local<String> crv_name;
@@ -763,27 +763,28 @@ Maybe<void> ExportJWKEcKey(Environment* env,
     default: {
       THROW_ERR_CRYPTO_JWK_UNSUPPORTED_CURVE(
           env, "Unsupported JWK EC curve: %s.", OBJ_nid2sn(nid));
-      return Nothing<void>();
+      return false;
     }
   }
   if (target->Set(
       env->context(),
       env->jwk_crv_string(),
       crv_name).IsNothing()) {
-    return Nothing<void>();
+    return false;
   }
 
   if (key.GetKeyType() == kKeyTypePrivate) {
     auto pvt = ECKeyPointer::GetPrivateKey(ec);
-    return SetEncodedValue(env, target, env->jwk_d_string(), pvt, degree_bytes);
+    return SetEncodedValue(env, target, env->jwk_d_string(), pvt, degree_bytes)
+        .IsJust();
   }
 
-  return JustVoid();
+  return true;
 }
 
-Maybe<void> ExportJWKEdKey(Environment* env,
-                           const KeyObjectData& key,
-                           Local<Object> target) {
+bool ExportJWKEdKey(Environment* env,
+                    const KeyObjectData& key,
+                    Local<Object> target) {
   Mutex::ScopedLock lock(key.mutex());
   const auto& pkey = key.GetAsymmetricKey();
 
@@ -820,7 +821,8 @@ Maybe<void> ExportJWKEdKey(Environment* env,
     return true;
   };
 
-  if (target
+  return !(
+      target
           ->Set(env->context(),
                 env->jwk_crv_string(),
                 OneByteString(env->isolate(), curve))
@@ -829,11 +831,7 @@ Maybe<void> ExportJWKEdKey(Environment* env,
        !trySetKey(env, pkey.rawPrivateKey(), target, env->jwk_d_string())) ||
       !trySetKey(env, pkey.rawPublicKey(), target, env->jwk_x_string()) ||
       target->Set(env->context(), env->jwk_kty_string(), env->jwk_okp_string())
-          .IsNothing()) {
-    return Nothing<void>();
-  }
-
-  return JustVoid();
+          .IsNothing());
 }
 
 KeyObjectData ImportJWKEcKey(Environment* env,
@@ -897,9 +895,9 @@ KeyObjectData ImportJWKEcKey(Environment* env,
   return KeyObjectData::CreateAsymmetric(type, std::move(pkey));
 }
 
-Maybe<void> GetEcKeyDetail(Environment* env,
-                           const KeyObjectData& key,
-                           Local<Object> target) {
+bool GetEcKeyDetail(Environment* env,
+                    const KeyObjectData& key,
+                    Local<Object> target) {
   Mutex::ScopedLock lock(key.mutex());
   const auto& m_pkey = key.GetAsymmetricKey();
   CHECK_EQ(m_pkey.id(), EVP_PKEY_EC);
@@ -910,14 +908,11 @@ Maybe<void> GetEcKeyDetail(Environment* env,
   const auto group = ECKeyPointer::GetGroup(ec);
   int nid = EC_GROUP_get_curve_name(group);
 
-  if (target
-          ->Set(env->context(),
-                env->named_curve_string(),
-                OneByteString(env->isolate(), OBJ_nid2sn(nid)))
-          .IsNothing()) {
-    return Nothing<void>();
-  }
-  return JustVoid();
+  return target
+      ->Set(env->context(),
+            env->named_curve_string(),
+            OneByteString(env->isolate(), OBJ_nid2sn(nid)))
+      .IsJust();
 }
 
 // WebCrypto requires a different format for ECDSA signatures than

src/crypto/crypto_ec.h

@@ -141,22 +141,22 @@ struct ECKeyExportTraits final {
 
 using ECKeyExportJob = KeyExportJob<ECKeyExportTraits>;
 
-v8::Maybe<void> ExportJWKEcKey(Environment* env,
-                               const KeyObjectData& key,
-                               v8::Local<v8::Object> target);
+bool ExportJWKEcKey(Environment* env,
+                    const KeyObjectData& key,
+                    v8::Local<v8::Object> target);
 
-v8::Maybe<void> ExportJWKEdKey(Environment* env,
-                               const KeyObjectData& key,
-                               v8::Local<v8::Object> target);
+bool ExportJWKEdKey(Environment* env,
+                    const KeyObjectData& key,
+                    v8::Local<v8::Object> target);
 
 KeyObjectData ImportJWKEcKey(Environment* env,
                              v8::Local<v8::Object> jwk,
                              const v8::FunctionCallbackInfo<v8::Value>& args,
                              unsigned int offset);
 
-v8::Maybe<void> GetEcKeyDetail(Environment* env,
-                               const KeyObjectData& key,
-                               v8::Local<v8::Object> target);
+bool GetEcKeyDetail(Environment* env,
+                    const KeyObjectData& key,
+                    v8::Local<v8::Object> target);
 }  // namespace crypto
 }  // namespace node
 

src/crypto/crypto_keygen.cc

@@ -73,20 +73,17 @@ KeyGenJobStatus SecretKeyGenTraits::DoKeyGen(Environment* env,
                                              SecretKeyGenConfig* params) {
   auto bytes = DataPointer::Alloc(params->length);
   if (!ncrypto::CSPRNG(static_cast<unsigned char*>(bytes.get()),
-                       params->length))
+                       params->length)) {
     return KeyGenJobStatus::FAILED;
+  }
   params->out = ByteSource::Allocated(bytes.release());
   return KeyGenJobStatus::OK;
 }
 
 MaybeLocal<Value> SecretKeyGenTraits::EncodeKey(Environment* env,
                                                 SecretKeyGenConfig* params) {
   auto data = KeyObjectData::CreateSecret(std::move(params->out));
-  Local<Value> ret;
-  if (!KeyObjectHandle::Create(env, data).ToLocal(&ret)) {
-    return MaybeLocal<Value>();
-  }
-  return ret;
+  return KeyObjectHandle::Create(env, data).FromMaybe(Local<Value>());
 }
 
 namespace Keygen {
@@ -99,7 +96,6 @@ void RegisterExternalReferences(ExternalReferenceRegistry* registry) {
   NidKeyPairGenJob::RegisterExternalReferences(registry);
   SecretKeyGenJob::RegisterExternalReferences(registry);
 }
-
 }  // namespace Keygen
 }  // namespace crypto
 }  // namespace node

src/crypto/crypto_keygen.h

@@ -11,8 +11,7 @@
 #include "memory_tracker.h"
 #include "v8.h"
 
-namespace node {
-namespace crypto {
+namespace node::crypto {
 namespace Keygen {
 void Initialize(Environment* env, v8::Local<v8::Object> target);
 void RegisterExternalReferences(ExternalReferenceRegistry* registry);
@@ -184,13 +183,11 @@ struct KeyPairGenTraits final {
   static v8::MaybeLocal<v8::Value> EncodeKey(Environment* env,
                                              AdditionalParameters* params) {
     v8::Local<v8::Value> keys[2];
-    if (params->key
-            .ToEncodedPublicKey(env, params->public_key_encoding, &keys[0])
-            .IsNothing() ||
-        params->key
-            .ToEncodedPrivateKey(env, params->private_key_encoding, &keys[1])
-            .IsNothing()) {
-      return v8::MaybeLocal<v8::Value>();
+    if (!params->key.ToEncodedPublicKey(
+            env, params->public_key_encoding, &keys[0]) ||
+        !params->key.ToEncodedPrivateKey(
+            env, params->private_key_encoding, &keys[1])) {
+      return {};
     }
     return v8::Array::New(env->isolate(), keys, arraysize(keys));
   }
@@ -233,11 +230,6 @@ struct KeyPairGenConfig final : public MemoryRetainer {
   AlgorithmParams params;
 
   KeyPairGenConfig() = default;
-  ~KeyPairGenConfig() {
-    if (key) {
-      Mutex::ScopedLock priv_lock(key.mutex());
-    }
-  }
 
   explicit KeyPairGenConfig(KeyPairGenConfig&& other) noexcept
       : public_key_encoding(other.public_key_encoding),
@@ -291,8 +283,7 @@ struct NidKeyPairGenTraits final {
 
 using NidKeyPairGenJob = KeyGenJob<KeyPairGenTraits<NidKeyPairGenTraits>>;
 using SecretKeyGenJob = KeyGenJob<SecretKeyGenTraits>;
-}  // namespace crypto
-}  // namespace node
+}  // namespace node::crypto
 
 #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 #endif  // SRC_CRYPTO_CRYPTO_KEYGEN_H_

src/crypto/crypto_keys.cc

@@ -16,9 +16,7 @@
 #include <memory>
 #include <string>
 
-namespace node {
-namespace crypto {
-
+namespace node::crypto {
 enum KeyType {
   kKeyTypeSecret,
   kKeyTypePublic,
@@ -85,12 +83,12 @@ class KeyObjectData final : public MemoryRetainer {
                               unsigned int* offset,
                               KeyEncodingContext context);
 
-  v8::Maybe<void> ToEncodedPublicKey(
+  bool ToEncodedPublicKey(
       Environment* env,
       const ncrypto::EVPKeyPointer::PublicKeyEncodingConfig& config,
       v8::Local<v8::Value>* out);
 
-  v8::Maybe<void> ToEncodedPrivateKey(
+  bool ToEncodedPrivateKey(
       Environment* env,
       const ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig& config,
       v8::Local<v8::Value>* out);
@@ -378,15 +376,11 @@ WebCryptoKeyExportStatus PKEY_SPKI_Export(const KeyObjectData& key_data,
 WebCryptoKeyExportStatus PKEY_PKCS8_Export(const KeyObjectData& key_data,
                                            ByteSource* out);
 
-int GetOKPCurveFromName(const char* name);
-
 namespace Keys {
 void Initialize(Environment* env, v8::Local<v8::Object> target);
 void RegisterExternalReferences(ExternalReferenceRegistry* registry);
 }  // namespace Keys
-
-}  // namespace crypto
-}  // namespace node
+}  // namespace node::crypto
 
 #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 #endif  // SRC_CRYPTO_CRYPTO_KEYS_H_

src/crypto/crypto_keys.h

@@ -318,17 +318,17 @@ WebCryptoCipherStatus RSACipherTraits::DoCipher(Environment* env,
   return WebCryptoCipherStatus::FAILED;
 }
 
-Maybe<void> ExportJWKRsaKey(Environment* env,
-                            const KeyObjectData& key,
-                            Local<Object> target) {
+bool ExportJWKRsaKey(Environment* env,
+                     const KeyObjectData& key,
+                     Local<Object> target) {
   Mutex::ScopedLock lock(key.mutex());
   const auto& m_pkey = key.GetAsymmetricKey();
 
   const ncrypto::Rsa rsa = m_pkey;
   if (!rsa ||
       target->Set(env->context(), env->jwk_kty_string(), env->jwk_rsa_string())
           .IsNothing()) {
-    return Nothing<void>();
+    return false;
   }
 
   auto pub_key = rsa.getPublicKey();
@@ -337,7 +337,7 @@ Maybe<void> ExportJWKRsaKey(Environment* env,
           .IsNothing() ||
       SetEncodedValue(env, target, env->jwk_e_string(), pub_key.e)
           .IsNothing()) {
-    return Nothing<void>();
+    return false;
   }
 
   if (key.GetKeyType() == kKeyTypePrivate) {
@@ -354,11 +354,11 @@ Maybe<void> ExportJWKRsaKey(Environment* env,
             .IsNothing() ||
         SetEncodedValue(env, target, env->jwk_qi_string(), pvt_key.qi)
             .IsNothing()) {
-      return Nothing<void>();
+      return false;
     }
   }
 
-  return JustVoid();
+  return true;
 }
 
 KeyObjectData ImportJWKRsaKey(Environment* env,
@@ -441,16 +441,16 @@ KeyObjectData ImportJWKRsaKey(Environment* env,
   return KeyObjectData::CreateAsymmetric(type, std::move(pkey));
 }
 
-Maybe<void> GetRsaKeyDetail(Environment* env,
-                            const KeyObjectData& key,
-                            Local<Object> target) {
+bool GetRsaKeyDetail(Environment* env,
+                     const KeyObjectData& key,
+                     Local<Object> target) {
   Mutex::ScopedLock lock(key.mutex());
   const auto& m_pkey = key.GetAsymmetricKey();
 
   // TODO(tniessen): Remove the "else" branch once we drop support for OpenSSL
   // versions older than 1.1.1e via FIPS / dynamic linking.
   const ncrypto::Rsa rsa = m_pkey;
-  if (!rsa) return Nothing<void>();
+  if (!rsa) return false;
 
   auto pub_key = rsa.getPublicKey();
 
@@ -461,7 +461,7 @@ Maybe<void> GetRsaKeyDetail(Environment* env,
                     env->isolate(),
                     static_cast<double>(BignumPointer::GetBitCount(pub_key.n))))
           .IsNothing()) {
-    return Nothing<void>();
+    return false;
   }
 
   auto public_exponent = ArrayBuffer::NewBackingStore(
@@ -479,7 +479,7 @@ Maybe<void> GetRsaKeyDetail(Environment* env,
                 env->public_exponent_string(),
                 ArrayBuffer::New(env->isolate(), std::move(public_exponent)))
           .IsNothing()) {
-    return Nothing<void>();
+    return false;
   }
 
   if (m_pkey.id() == EVP_PKEY_RSA_PSS) {
@@ -500,7 +500,7 @@ Maybe<void> GetRsaKeyDetail(Environment* env,
                     env->hash_algorithm_string(),
                     OneByteString(env->isolate(), params.digest))
               .IsNothing()) {
-        return Nothing<void>();
+        return false;
       }
 
       // If, for some reason, the MGF is not MGF1, then the MGF1 hash function
@@ -512,7 +512,7 @@ Maybe<void> GetRsaKeyDetail(Environment* env,
                       env->mgf1_hash_algorithm_string(),
                       OneByteString(env->isolate(), digest))
                 .IsNothing()) {
-          return Nothing<void>();
+          return false;
         }
       }
 
@@ -521,12 +521,12 @@ Maybe<void> GetRsaKeyDetail(Environment* env,
                     env->salt_length_string(),
                     Integer::New(env->isolate(), params.salt_length))
               .IsNothing()) {
-        return Nothing<void>();
+        return false;
       }
     }
   }
 
-  return JustVoid();
+  return true;
 }
 
 namespace RSAAlg {

src/crypto/crypto_rsa.cc

@@ -112,18 +112,18 @@ struct RSACipherTraits final {
 
 using RSACipherJob = CipherJob<RSACipherTraits>;
 
-v8::Maybe<void> ExportJWKRsaKey(Environment* env,
-                                const KeyObjectData& key,
-                                v8::Local<v8::Object> target);
+bool ExportJWKRsaKey(Environment* env,
+                     const KeyObjectData& key,
+                     v8::Local<v8::Object> target);
 
 KeyObjectData ImportJWKRsaKey(Environment* env,
                               v8::Local<v8::Object> jwk,
                               const v8::FunctionCallbackInfo<v8::Value>& args,
                               unsigned int offset);
 
-v8::Maybe<void> GetRsaKeyDetail(Environment* env,
-                                const KeyObjectData& key,
-                                v8::Local<v8::Object> target);
+bool GetRsaKeyDetail(Environment* env,
+                     const KeyObjectData& key,
+                     v8::Local<v8::Object> target);
 
 namespace RSAAlg {
 void Initialize(Environment* env, v8::Local<v8::Object> target);