Skip to content

Commit

Permalink
crypto: fix propagation of "memory limit exceeded"
Browse files Browse the repository at this point in the history
When we throw ERR_CRYPTO_INVALID_SCRYPT_PARAMS after a call to
EVP_PBE_scrypt, check if OpenSSL reported an error and if so, append the
OpenSSL error message to the default generic error message. In
particular, this catches cases when `maxmem` is not sufficient, which
otherwise is difficult to identify because our documentation only
provides an approximation of the required `maxmem` value.

Fixes: #53291
PR-URL: #53300
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
  • Loading branch information
tniessen authored and marco-ippolito committed Jul 19, 2024
1 parent 955b98a commit dc2a4af
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 2 deletions.
12 changes: 11 additions & 1 deletion src/crypto/crypto_scrypt.cc
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,17 @@ Maybe<bool> ScryptTraits::AdditionalConfig(
params->maxmem,
nullptr,
0) != 1) {
THROW_ERR_CRYPTO_INVALID_SCRYPT_PARAMS(env);
// Do not use CryptoErrorStore or ThrowCryptoError here in order to maintain
// backward compatibility with ERR_CRYPTO_INVALID_SCRYPT_PARAMS.
uint32_t err = ERR_peek_last_error();
if (err != 0) {
char buf[256];
ERR_error_string_n(err, buf, sizeof(buf));
THROW_ERR_CRYPTO_INVALID_SCRYPT_PARAMS(
env, "Invalid scrypt params: %s", buf);
} else {
THROW_ERR_CRYPTO_INVALID_SCRYPT_PARAMS(env);
}
return Nothing<bool>();
}

Expand Down
3 changes: 2 additions & 1 deletion test/parallel/test-crypto-scrypt.js
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,8 @@ for (const options of bad) {

for (const options of toobig) {
const expected = {
message: /Invalid scrypt param/
message: /Invalid scrypt params:.*memory limit exceeded/,
code: 'ERR_CRYPTO_INVALID_SCRYPT_PARAMS',
};
assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
expected);
Expand Down

0 comments on commit dc2a4af

Please sign in to comment.