Skip to content

Commit

Permalink
crypto: throw errors in SignTraits::DeriveBits
Browse files Browse the repository at this point in the history
Fixes: #40794

PR-URL: #40796
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
tniessen authored and targos committed Nov 21, 2021
1 parent 7d127d2 commit 2979c58
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 5 deletions.
19 changes: 14 additions & 5 deletions src/crypto/crypto_sig.cc
Original file line number Diff line number Diff line change
Expand Up @@ -738,19 +738,25 @@ bool SignTraits::DeriveBits(
size_t len;
unsigned char* data = nullptr;
if (IsOneShot(params.key)) {
EVP_DigestSign(
if (!EVP_DigestSign(
context.get(),
nullptr,
&len,
params.data.data<unsigned char>(),
params.data.size());
params.data.size())) {
crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}
data = MallocOpenSSL<unsigned char>(len);
EVP_DigestSign(
if (!EVP_DigestSign(
context.get(),
data,
&len,
params.data.data<unsigned char>(),
params.data.size());
params.data.size())) {
crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}
ByteSource buf =
ByteSource::Allocated(reinterpret_cast<char*>(data), len);
*out = std::move(buf);
Expand All @@ -760,13 +766,16 @@ bool SignTraits::DeriveBits(
params.data.data<unsigned char>(),
params.data.size()) ||
!EVP_DigestSignFinal(context.get(), nullptr, &len)) {
crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}
data = MallocOpenSSL<unsigned char>(len);
ByteSource buf =
ByteSource::Allocated(reinterpret_cast<char*>(data), len);
if (!EVP_DigestSignFinal(context.get(), data, &len))
if (!EVP_DigestSignFinal(context.get(), data, &len)) {
crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}

if (UseP1363Encoding(params.key, params.dsa_encoding)) {
*out = ConvertSignatureToP1363(env, params.key, buf);
Expand Down
14 changes: 14 additions & 0 deletions test/parallel/test-crypto-sign-verify.js
Original file line number Diff line number Diff line change
Expand Up @@ -742,3 +742,17 @@ assert.throws(
}
}
}

// The sign function should not swallow OpenSSL errors.
// Regression test for https://github.com/nodejs/node/issues/40794.
{
assert.throws(() => {
const { privateKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: 512
});
crypto.sign('sha512', 'message', privateKey);
}, {
code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY',
message: /digest too big for rsa key/
});
}

0 comments on commit 2979c58

Please sign in to comment.