1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: Clear error after DiffieHellman key errors

Browse Source 
Fixes #5499
This commit is contained in:
isaacs 2013-05-17 17:19:12 -07:00
parent d5d5170c35
commit 3a2b5030ae
2 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/node_crypto.cc
View File

@ -67,6 +67,14 @@ namespace crypto {
using namespace v8; using namespace v8;
// Forcibly clear OpenSSL's error stack on return. This stops stale errors
// from popping up later in the lifecycle of crypto operations where they
// would cause spurious failures. It's a rather blunt method, though.
// ERR_clear_error() isn't necessarily cheap either.
struct ClearErrorOnReturn {
~ClearErrorOnReturn() { ERR_clear_error(); }
};
static Persistent<String> errno_symbol; static Persistent<String> errno_symbol;
static Persistent<String> syscall_symbol; static Persistent<String> syscall_symbol;
static Persistent<String> subject_symbol; static Persistent<String> subject_symbol;
@ -908,13 +916,6 @@ int Connection::HandleBIOError(BIO *bio, const char* func, int rv) {
int Connection::HandleSSLError(const char* func, int rv, ZeroStatus zs) { int Connection::HandleSSLError(const char* func, int rv, ZeroStatus zs) {
// Forcibly clear OpenSSL's error stack on return. This stops stale errors
// from popping up later in the lifecycle of the SSL connection where they
// would cause spurious failures. It's a rather blunt method, though.
// ERR_clear_error() isn't necessarily cheap either.
struct ClearErrorOnReturn {
~ClearErrorOnReturn() { ERR_clear_error(); }
};
ClearErrorOnReturn clear_error_on_return; ClearErrorOnReturn clear_error_on_return;
(void) &clear_error_on_return; // Silence unused variable warning. (void) &clear_error_on_return; // Silence unused variable warning.
@ -3603,6 +3604,8 @@ class DiffieHellman : public ObjectWrap {
return ThrowException(Exception::Error(String::New("Not initialized"))); return ThrowException(Exception::Error(String::New("Not initialized")));
} }
ClearErrorOnReturn clear_error_on_return;
(void) &clear_error_on_return; // Silence compiler warning.
BIGNUM* key = 0; BIGNUM* key = 0;
if (args.Length() == 0) { if (args.Length() == 0) {

16
test/simple/test-crypto.js
View File

@ -698,10 +698,21 @@ var secret3 = dh3.computeSecret(key2, 'hex', 'base64');
assert.equal(secret1, secret3); assert.equal(secret1, secret3);
// Run this one twice to make sure that the dh3 clears its error properly
(function() {
var c = crypto.createDecipher('aes-128-ecb', '');
assert.throws(function() { c.final('utf8') }, /wrong final block length/);
})();
assert.throws(function() { assert.throws(function() {
dh3.computeSecret(''); dh3.computeSecret('');
}, /key is too small/i); }, /key is too small/i);
(function() {
var c = crypto.createDecipher('aes-128-ecb', '');
assert.throws(function() { c.final('utf8') }, /wrong final block length/);
})();
// Create a shared using a DH group. // Create a shared using a DH group.
var alice = crypto.createDiffieHellmanGroup('modp5'); var alice = crypto.createDiffieHellmanGroup('modp5');
var bob = crypto.createDiffieHellmanGroup('modp5'); var bob = crypto.createDiffieHellmanGroup('modp5');
@ -858,11 +869,6 @@ assert.equal(-1, crypto.getHashes().indexOf('SHA1'));
assert.equal(-1, crypto.getHashes().indexOf('SHA')); assert.equal(-1, crypto.getHashes().indexOf('SHA'));
assertSorted(crypto.getHashes()); assertSorted(crypto.getHashes());
(function() {
var c = crypto.createDecipher('aes-128-ecb', '');
assert.throws(function() { c.final('utf8') }, /invalid public key/);
})();
// Base64 padding regression test, see #4837. // Base64 padding regression test, see #4837.
(function() { (function() {
var c = crypto.createCipher('aes-256-cbc', 'secret'); var c = crypto.createCipher('aes-256-cbc', 'secret');