crypto: fix crash of encrypted private key export without cipher

PR-URL: https://github.com/nodejs/node/pull/27041
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This commit is contained in:
Filip Skokan 2019-04-01 17:00:11 +02:00 committed by Ruben Bridgewater
parent 6fb32ac255
commit b2bb6c2b80
No known key found for this signature in database
GPG Key ID: F07496B3EB3C1762
2 changed files with 25 additions and 7 deletions

View File

@ -186,14 +186,18 @@ function parseKeyEncoding(enc, keyType, isPublic, objName) {
if (isPublic !== true) {
({ cipher, passphrase } = enc);
if (!isInput && cipher != null) {
if (typeof cipher !== 'string')
if (!isInput) {
if (cipher != null) {
if (typeof cipher !== 'string')
throw new ERR_INVALID_OPT_VALUE(option('cipher', objName), cipher);
if (format === kKeyFormatDER &&
(type === kKeyEncodingPKCS1 ||
type === kKeyEncodingSEC1)) {
throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(
encodingNames[type], 'does not support encryption');
}
} else if (passphrase !== undefined) {
throw new ERR_INVALID_OPT_VALUE(option('cipher', objName), cipher);
if (format === kKeyFormatDER &&
(type === kKeyEncodingPKCS1 ||
type === kKeyEncodingSEC1)) {
throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(
encodingNames[type], 'does not support encryption');
}
}

View File

@ -244,3 +244,17 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
assert.strictEqual(privateKey.asymmetricKeyType, 'dsa');
assert.strictEqual(privateKey.symmetricKeySize, undefined);
}
{
// Exporting an encrypted private key requires a cipher
const privateKey = createPrivateKey(privatePem);
common.expectsError(() => {
privateKey.export({
format: 'pem', type: 'pkcs8', passphrase: 'super-secret'
});
}, {
type: TypeError,
code: 'ERR_INVALID_OPT_VALUE',
message: 'The value "undefined" is invalid for option "cipher"'
});
}