From b2064cb61015a2699f60d8a4a73d7e3642a4ffdd Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 1 Apr 2019 17:00:11 +0200 Subject: [PATCH 1/3] crypto: fix crash of encrypted private key export without cipher --- lib/internal/crypto/keys.js | 20 +++++++++++++------- test/parallel/test-crypto-key-objects.js | 14 ++++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index 1eb4a6f7be7006..3cb7f0a9f06a1f 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -186,14 +186,20 @@ function parseKeyEncoding(enc, keyType, isPublic, objName) { if (isPublic !== true) { ({ cipher, passphrase } = enc); - if (!isInput && cipher != null) { - if (typeof cipher !== 'string') + if (!isInput) { + if (cipher != null) { + if (typeof cipher !== 'string') + throw new ERR_INVALID_OPT_VALUE(option('cipher', objName), cipher); + if (format === kKeyFormatDER && + (type === kKeyEncodingPKCS1 || + type === kKeyEncodingSEC1)) { + throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS( + encodingNames[type], 'does not support encryption'); + } + } + + if (passphrase !== undefined && typeof cipher !== 'string') { throw new ERR_INVALID_OPT_VALUE(option('cipher', objName), cipher); - if (format === kKeyFormatDER && - (type === kKeyEncodingPKCS1 || - type === kKeyEncodingSEC1)) { - throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS( - encodingNames[type], 'does not support encryption'); } } diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js index 66ba19101aa6a8..fb35b9ae924e5a 100644 --- a/test/parallel/test-crypto-key-objects.js +++ b/test/parallel/test-crypto-key-objects.js @@ -244,3 +244,17 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem', assert.strictEqual(privateKey.asymmetricKeyType, 'dsa'); assert.strictEqual(privateKey.symmetricKeySize, undefined); } + +{ + // Exporting an encrypted private key requires a cipher + const privateKey = createPrivateKey(privatePem); + common.expectsError(() => { + privateKey.export({ + format: 'pem', type: 'pkcs8', passphrase: 'super-secret' + }); + }, { + type: TypeError, + code: 'ERR_INVALID_OPT_VALUE', + message: 'The value "undefined" is invalid for option "cipher"' + }); +} From 75f9b0878768aa3539e5e720688cf4f9864e77ab Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 2 Apr 2019 09:04:24 +0200 Subject: [PATCH 2/3] fixup! crypto: fix crash of encrypted private key export without cipher --- lib/internal/crypto/keys.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index 3cb7f0a9f06a1f..49d83ec6da9f0c 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -196,9 +196,7 @@ function parseKeyEncoding(enc, keyType, isPublic, objName) { throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS( encodingNames[type], 'does not support encryption'); } - } - - if (passphrase !== undefined && typeof cipher !== 'string') { + } else if (passphrase !== undefined && typeof cipher !== 'string') { throw new ERR_INVALID_OPT_VALUE(option('cipher', objName), cipher); } } From ff04443c9dbf244f15be49f3bf4f371b2dd1d109 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 2 Apr 2019 09:05:34 +0200 Subject: [PATCH 3/3] fixup! crypto: fix crash of encrypted private key export without cipher --- lib/internal/crypto/keys.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index 49d83ec6da9f0c..93d350e4e74320 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -196,7 +196,7 @@ function parseKeyEncoding(enc, keyType, isPublic, objName) { throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS( encodingNames[type], 'does not support encryption'); } - } else if (passphrase !== undefined && typeof cipher !== 'string') { + } else if (passphrase !== undefined) { throw new ERR_INVALID_OPT_VALUE(option('cipher', objName), cipher); } }