1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: fail early if passphrase is too long

Browse Source 
This causes OpenSSL to fail early if the decryption passphrase is too
long, and produces a somewhat helpful error message.

PR-URL: https://github.com/nodejs/node/pull/27010
Refs: https://github.com/nodejs/node/pull/25208
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
This commit is contained in:
Tobias Nießen 2019-03-30 00:19:39 +01:00 committed by Ruben Bridgewater
parent 608878c956
commit 73bca57988
No known key found for this signature in database
GPG Key ID: F07496B3EB3C1762
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/api/crypto.md
View File

@ -1826,6 +1826,9 @@ Creates and returns a new key object containing a private key. If `key` is a
string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key` string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key`
must be an object with the properties described above. must be an object with the properties described above.
If the private key is encrypted, a `passphrase` must be specified. The length
of the passphrase is limited to 1024 bytes.
### crypto.createPublicKey(key) ### crypto.createPublicKey(key)
<!-- YAML <!-- YAML
added: v11.6.0 added: v11.6.0

3
src/node_crypto.cc
View File

@ -189,7 +189,8 @@ static int PasswordCallback(char* buf, int size, int rwflag, void* u) {
if (passphrase != nullptr) { if (passphrase != nullptr) {
size_t buflen = static_cast<size_t>(size); size_t buflen = static_cast<size_t>(size);
size_t len = strlen(passphrase); size_t len = strlen(passphrase);
len = len > buflen ? buflen : len; if (buflen < len)
return -1;
memcpy(buf, passphrase, len); memcpy(buf, passphrase, len);
return len; return len;
} }

21
test/parallel/test-crypto-key-objects.js
View File

@ -230,6 +230,27 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
message: 'Passphrase required for encrypted key' message: 'Passphrase required for encrypted key'
}); });
// Reading an encrypted key with a passphrase that exceeds OpenSSL's buffer
// size limit should fail with an appropriate error code.
common.expectsError(() => createPrivateKey({
key: privateDsa,
format: 'pem',
passphrase: Buffer.alloc(1025, 'a')
}), {
code: 'ERR_OSSL_PEM_BAD_PASSWORD_READ',
type: Error
});
// The buffer has a size of 1024 bytes, so this passphrase should be permitted
// (but will fail decryption).
common.expectsError(() => createPrivateKey({
key: privateDsa,
format: 'pem',
passphrase: Buffer.alloc(1024, 'a')
}), {
message: /bad decrypt/
});
const publicKey = createPublicKey(publicDsa); const publicKey = createPublicKey(publicDsa);
assert.strictEqual(publicKey.type, 'public'); assert.strictEqual(publicKey.type, 'public');
assert.strictEqual(publicKey.asymmetricKeyType, 'dsa'); assert.strictEqual(publicKey.asymmetricKeyType, 'dsa');