-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calling crypto.createCipheriv with a key of invalid length can cause errors in other consumers of the OpenSSL error queue #21281
Comments
@nodejs/crypto |
@z0w0 could you please mention all the versions of Node that you found to be affected by these? |
It's almost certainly present in the v8.x LTS, as I discovered this from a production issue at my work which has been using the v8 LTS for some months. I just reproduced on v8.11.2 (ArchLinux) using the above script. The statement I made about it affecting other releases was a generalisation because I checked the master code and it looked like it wasn't clearing out the errors generate by Expected output if the bug is present is something like:
|
I think our cipher implementation has failed to properly clear the error queue for some time now. I have a patch for the "Invalid key length" error, but I'd like to explore which other situations are affected. |
Yep, it's easy enough just to fix this particular bug by adding a |
Yeah, I had been planning to fix it too, but @tniessen is better qualified. Let me try looking deeper into the error queue issue. |
@z0w0 @ryzokuken Sorry, didn't want to take this away from either of you, please, go ahead! Just let me know which part you'd like to work on 😃 |
@tniessen nah, you're better at handling this. I'll try looking into the underlying issue with the error queue. |
@tniessen @ryzokuken I'd be interested in learning more node core things. In my work, I've done quite a bit with node crypto. So if this is something I can contribute to, I'd be interested. (and if you haven't already fixed it) 🤔 |
This handles all errors produced by OpenSSL within the CipherBase class. API functions clear the error queue on return, utility functions such as InitAuthenticated() ensure that they do not add any new errors to the queue. Previously ignored return values are now being CHECK'd. Fixes: nodejs#21281 Refs: nodejs#21287
@jrasanen Sorry, I already went ahead after @ryzokuken's #21281 (comment) and opened #21287 and #21288. The former fixes a bug that would prevent the latter from working. |
No worries! :) |
@jrasanen that said, please feel free to follow crypto issues in this repo and keep diving deeper into the implementations. Crypto is a relatively easy subsystem to crack if you know your OpenSSL calls. |
This handles all errors produced by OpenSSL within the CipherBase class. API functions ensure that they do not add any new errors to the error queue. Also adds a couple of CHECKs and throws under certain conditions. PR-URL: #21288 Fixes: #21281 Refs: #21287 Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
N.B. What follows is a naive speculation about what's going wrong since I'm not all too familiar with Node.js' internals.
When
crypto.createCipheriv
is called, it sets the key length usingEVP_CIPHER_CTX_set_key_length
. For some ciphers this will fail if it doesn't match a certain length. The crypto module throws a JS error if this is the case. If you look at the OpenSSL code forEVP_CIPHER_CTX_set_key_length
, this error also goes into the OpenSSL error queue but is never removed by the Crypto module.Because this error queue seems to be thread-global, you can get into situations where other stuff using OpenSSL (such as HTTPS/TLS) can think that the error was caused by its actions, not by a stale error being on the queue. Like so:
Obviously this is a bad way to use
createCipheriv
, but it seems almost certainly wrong for the error to leak outside of the cipher code. Weirdly enough it seems like something else is pulling out the errors on its own, but if you create enough of them (hence the low mssetInterval
) then it produces the error.The text was updated successfully, but these errors were encountered: