-
Notifications
You must be signed in to change notification settings - Fork 29.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
crypto: avoid hang when no algorithm available
Avoid an endless loop if no algorithm is available to seed the cryptographically secure pseudorandom number generator (CSPRNG). Co-authored-by: Anna Henningsen <anna@addaleax.net> PR-URL: #46237 Fixes: #46200 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
- Loading branch information
1 parent
30f1409
commit aac2dcc
Showing
3 changed files
with
64 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
nodejs_conf = nodejs_init | ||
|
||
[nodejs_init] | ||
providers = provider_sect | ||
|
||
# List of providers to load | ||
[provider_sect] | ||
base = base_sect | ||
|
||
[base_sect] | ||
activate = 1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
'use strict'; | ||
|
||
const common = require('../common'); | ||
if (!common.hasCrypto) | ||
common.skip('missing crypto'); | ||
|
||
if (!common.hasOpenSSL3) | ||
common.skip('this test requires OpenSSL 3.x'); | ||
|
||
const assert = require('node:assert/strict'); | ||
const crypto = require('node:crypto'); | ||
|
||
if (common.isMainThread) { | ||
// TODO(richardlau): Decide if `crypto.setFips` should error if the | ||
// provider named "fips" is not available. | ||
crypto.setFips(1); | ||
crypto.randomBytes(20, common.mustCall((err) => { | ||
// crypto.randomBytes should either succeed or fail but not hang. | ||
if (err) { | ||
assert.match(err.message, /digital envelope routines::unsupported/); | ||
const expected = /random number generator::unable to fetch drbg/; | ||
assert(err.opensslErrorStack.some((msg) => expected.test(msg)), | ||
`did not find ${expected} in ${err.opensslErrorStack}`); | ||
} | ||
})); | ||
} | ||
|
||
{ | ||
// Startup test. Should not hang. | ||
const { path } = require('../common/fixtures'); | ||
const { spawnSync } = require('node:child_process'); | ||
const baseConf = path('openssl3-conf', 'base_only.cnf'); | ||
const cp = spawnSync(process.execPath, | ||
[ `--openssl-config=${baseConf}`, '-p', '"hello"' ], | ||
{ encoding: 'utf8' }); | ||
assert(common.nodeProcessAborted(cp.status, cp.signal), | ||
`process did not abort, code:${cp.status} signal:${cp.signal}`); | ||
} |