Skip to content

Commit

Permalink
crypto: don't expose openssl internals
Browse files Browse the repository at this point in the history
PR-URL: #29325
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
  • Loading branch information
codebytere authored and BridgeAR committed Sep 3, 2019
1 parent c75813a commit d11ee19
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 6 deletions.
15 changes: 10 additions & 5 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -5200,7 +5200,7 @@ template <PublicKeyCipher::Operation operation,
bool PublicKeyCipher::Cipher(Environment* env,
const ManagedEVPPKey& pkey,
int padding,
const char* oaep_hash,
const EVP_MD* digest,
const unsigned char* data,
int len,
AllocatedBuffer* out) {
Expand All @@ -5212,9 +5212,8 @@ bool PublicKeyCipher::Cipher(Environment* env,
if (EVP_PKEY_CTX_set_rsa_padding(ctx.get(), padding) <= 0)
return false;

if (oaep_hash != nullptr) {
if (!EVP_PKEY_CTX_md(ctx.get(), EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_RSA_OAEP_MD, oaep_hash))
if (digest != nullptr) {
if (!EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), digest))
return false;
}

Expand Down Expand Up @@ -5256,6 +5255,12 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {

const node::Utf8Value oaep_str(env->isolate(), args[offset + 2]);
const char* oaep_hash = args[offset + 2]->IsString() ? *oaep_str : nullptr;
const EVP_MD* digest = nullptr;
if (oaep_hash != nullptr) {
digest = EVP_get_digestbyname(oaep_hash);
if (digest == nullptr)
return THROW_ERR_OSSL_EVP_INVALID_DIGEST(env);
}

AllocatedBuffer out;

Expand All @@ -5265,7 +5270,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
env,
pkey,
padding,
oaep_hash,
digest,
buf.data(),
buf.length(),
&out);
Expand Down
2 changes: 1 addition & 1 deletion src/node_crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -713,7 +713,7 @@ class PublicKeyCipher {
static bool Cipher(Environment* env,
const ManagedEVPPKey& pkey,
int padding,
const char* oaep_hash,
const EVP_MD* digest,
const unsigned char* data,
int len,
AllocatedBuffer* out);
Expand Down
2 changes: 2 additions & 0 deletions src/node_errors.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ void PrintErrorString(const char* format, ...);
V(ERR_CONSTRUCT_CALL_REQUIRED, TypeError) \
V(ERR_CONSTRUCT_CALL_INVALID, TypeError) \
V(ERR_INVALID_ARG_VALUE, TypeError) \
V(ERR_OSSL_EVP_INVALID_DIGEST, Error) \
V(ERR_INVALID_ARG_TYPE, TypeError) \
V(ERR_INVALID_MODULE_SPECIFIER, TypeError) \
V(ERR_INVALID_PACKAGE_CONFIG, SyntaxError) \
Expand Down Expand Up @@ -89,6 +90,7 @@ void PrintErrorString(const char* format, ...);
V(ERR_CONSTRUCT_CALL_REQUIRED, "Cannot call constructor without `new`") \
V(ERR_INVALID_TRANSFER_OBJECT, "Found invalid object in transferList") \
V(ERR_MEMORY_ALLOCATION_FAILED, "Failed to allocate memory") \
V(ERR_OSSL_EVP_INVALID_DIGEST, "Invalid digest used") \
V(ERR_MISSING_MESSAGE_PORT_IN_TRANSFER_LIST, \
"MessagePort was found in message but not listed in transferList") \
V(ERR_MISSING_PLATFORM_FOR_WORKER, \
Expand Down

0 comments on commit d11ee19

Please sign in to comment.