1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-24 16:19:12 -05:00

fix(node): use cppgc for managing X509Certificate (#21999)

Introduces the first cppgc backed Resource into Deno.

This fixes the memory leak when using `X509Certificate`

**Comparison**:

```js
import { X509Certificate } from 'node:crypto';

const r = Deno.readFileSync('cli/tests/node_compat/test/fixtures/keys/agent1-cert.pem');

setInterval(() => {
  for (let i = 0; i < 10000; i++) {
    const cert = new X509Certificate(r);
  }
}, 1000);
```

Memory usage after 5 secs

`main`: 1692MB
`cppgc`: peaks at 400MB
This commit is contained in:
Divy Srivastava 2024-01-20 21:58:37 +05:30 committed by GitHub
parent 40febd9dd1
commit 28f64171cb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 48 additions and 91 deletions

12
Cargo.lock generated
View file

@ -1150,9 +1150,9 @@ dependencies = [
[[package]]
name = "deno_core"
version = "0.247.0"
version = "0.248.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff6e8ee2e08528c1da4f5a48659c67d12012e831c737f6266534d4f550ccc8c3"
checksum = "974d075b6647aa6cca14ea75c3833f8996b1c3e487adcde490977f21ac14e27e"
dependencies = [
"anyhow",
"bit-set",
@ -1600,9 +1600,9 @@ dependencies = [
[[package]]
name = "deno_ops"
version = "0.123.0"
version = "0.124.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "19f29c5fe78479c3fa437409dca009363feb77036c067d6f3682adff8d06f547"
checksum = "a1bc46bc85a26530e196a5f675dab6e06fb86b9104dc6fdc31cfc9ae1832d911"
dependencies = [
"proc-macro-rules",
"proc-macro2",
@ -5255,9 +5255,9 @@ dependencies = [
[[package]]
name = "serde_v8"
version = "0.156.0"
version = "0.157.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48ad52e56e21faee5d310a898ab77f83abdab737fde1e97fa6a8cd6615d139ef"
checksum = "8853e607c700ade0acb853aafda7e4cc1f752f4ebb35b0e2ecbf42e784e6d0e0"
dependencies = [
"bytes",
"derive_more",

View file

@ -41,7 +41,7 @@ repository = "https://github.com/denoland/deno"
[workspace.dependencies]
deno_ast = { version = "1.0.1", features = ["transpiling"] }
deno_core = { version = "0.247.0" }
deno_core = { version = "0.248.0" }
deno_runtime = { version = "0.140.0", path = "./runtime" }
napi_sym = { version = "0.62.0", path = "./cli/napi/sym" }

View file

@ -3,10 +3,7 @@
use deno_core::error::bad_resource_id;
use deno_core::error::AnyError;
use deno_core::op2;
use deno_core::OpState;
use deno_core::Resource;
use std::borrow::Cow;
use deno_core::v8;
use x509_parser::der_parser::asn1_rs::Any;
use x509_parser::der_parser::asn1_rs::Tag;
@ -48,17 +45,11 @@ impl std::ops::Deref for Certificate {
}
}
impl Resource for Certificate {
fn name(&self) -> Cow<str> {
"x509Certificate".into()
}
}
#[op2(fast)]
pub fn op_node_x509_parse(
state: &mut OpState,
#[op2]
pub fn op_node_x509_parse<'s>(
scope: &'s mut v8::HandleScope,
#[buffer] buf: &[u8],
) -> Result<u32, AnyError> {
) -> Result<v8::Local<'s, v8::Object>, AnyError> {
let pem = match pem::parse_x509_pem(buf) {
Ok((_, pem)) => Some(pem),
Err(_) => None,
@ -76,32 +67,25 @@ pub fn op_node_x509_parse(
cert: unsafe { std::mem::transmute(cert) },
pem,
};
let rid = state.resource_table.add(cert);
Ok(rid)
let obj = deno_core::cppgc::make_cppgc_object(scope, cert);
Ok(obj)
}
#[op2(fast)]
pub fn op_node_x509_ca(
state: &mut OpState,
rid: u32,
) -> Result<bool, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
pub fn op_node_x509_ca(rid: v8::Local<v8::Object>) -> Result<bool, AnyError> {
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
Ok(cert.is_ca())
}
#[op2(fast)]
pub fn op_node_x509_check_email(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
#[string] email: &str,
) -> Result<bool, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
let subject = cert.subject();
if subject
@ -137,65 +121,50 @@ pub fn op_node_x509_check_email(
#[op2]
#[string]
pub fn op_node_x509_fingerprint(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<Option<String>, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
Ok(cert.fingerprint::<sha1::Sha1>())
}
#[op2]
#[string]
pub fn op_node_x509_fingerprint256(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<Option<String>, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
Ok(cert.fingerprint::<sha2::Sha256>())
}
#[op2]
#[string]
pub fn op_node_x509_fingerprint512(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<Option<String>, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
Ok(cert.fingerprint::<sha2::Sha512>())
}
#[op2]
#[string]
pub fn op_node_x509_get_issuer(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<String, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
Ok(x509name_to_string(cert.issuer(), oid_registry())?)
}
#[op2]
#[string]
pub fn op_node_x509_get_subject(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<String, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
Ok(x509name_to_string(cert.subject(), oid_registry())?)
}
@ -262,39 +231,30 @@ fn x509name_to_string(
#[op2]
#[string]
pub fn op_node_x509_get_valid_from(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<String, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
Ok(cert.validity().not_before.to_string())
}
#[op2]
#[string]
pub fn op_node_x509_get_valid_to(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<String, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
Ok(cert.validity().not_after.to_string())
}
#[op2]
#[string]
pub fn op_node_x509_get_serial_number(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<String, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
let mut s = cert.serial.to_str_radix(16);
s.make_ascii_uppercase();
Ok(s)
@ -302,13 +262,10 @@ pub fn op_node_x509_get_serial_number(
#[op2(fast)]
pub fn op_node_x509_key_usage(
state: &mut OpState,
rid: u32,
rid: v8::Local<v8::Object>,
) -> Result<u16, AnyError> {
let cert = state
.resource_table
.get::<Certificate>(rid)
.map_err(|_| bad_resource_id())?;
let cert = deno_core::cppgc::unwrap_cppgc_object::<Certificate>(rid)
.ok_or_else(bad_resource_id)?;
let key_usage = cert
.extensions()