Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keyobject.asymmetricKeyType crashes on C++ assertion #26775

Closed
panva opened this issue Mar 19, 2019 · 8 comments
Closed

keyobject.asymmetricKeyType crashes on C++ assertion #26775

panva opened this issue Mar 19, 2019 · 8 comments

Comments

@panva
Copy link
Member

panva commented Mar 19, 2019
edited
Loading

A followup discussion to #26319

We're still crashing here on any unhandled key. e.g:

-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEILD/13Y5R/tmcCjZVSooIcpfGvZxf+qt6dMu5FYaOC1a
-----END PRIVATE KEY-----

This makes the API rather unstable since end-users can force key material that will crash the process. Developers have no way to detect this other than parsing the key material before sending it to create(private|public)Key, kinda killing the KeyObject point.

The sane thing here would be return "unsupported"/"unknown" or to not instantiate the KeyObject at all and throw in JS instead.

Returning unsupported is enough for libraries using KeyObjects to check if they want to accept the key.

/cc @tniessen @sam-github @bnoordhuis what do you think?
@tniessen
Copy link
Member

You are right... Maybe we shouldn't allow such keys to be created in the first place? There are some OIDs we should support and I intend to work on that soon (currently working on .fields), but I don't know whether ECDH keys are useful in this context.

@tniessen
Copy link
Member

Or, as you said, we could allow to construct them as long as OpenSSL supports it and return unsupported... This did not sound like a good idea to me at first, but now that I'm thinking about it, it might just work. Initially, I thought it would be easy to enumerate all key types supported by OpenSSL, but in the end, we might keep running into such problems.

@panva
Copy link
Member Author

panva commented Mar 19, 2019

but I don't know whether ECDH keys are useful in this context

they are, see:

@panva
Copy link
Member Author

panva commented Mar 19, 2019

Not instantiating i don't think i can quite pull off myself, returning unsupported i can open a fix for.

@sam-github
Copy link
Contributor

or throwing an error?

@panva
Copy link
Member Author

panva commented Mar 19, 2019

Throwing an error on a getter of an existing KeyObject instance sounds rather awkward to me.

@sam-github
Copy link
Contributor

I didn't read carefully enough, ignore that.

'unknown' as a default sounds reasonable.

Is there any reason we shouldn't also add all the currently defined values in evp.h to the switch?

@panva panva mentioned this issue Mar 19, 2019
Closed
4 tasks
@tniessen
Copy link
Member

@sam-github That sounds reasonable. (A couple of days ago, I desperately tried to get node to accept an EVP_PKEY_RSA2 key without success...)

BethGriggs pushed a commit that referenced this issue Apr 5, 2019
@panva @BethGriggs
crypto: don't crash on unknown asymmetricKeyType
b551389 
PR-URL: #26786
Fixes: #26775
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sam-github @panva @tniessen