Skip to content

crypto: verify with callback crashes when private key is used #37794

New issue
New issue
Closed
Closed
crypto: verify with callback crashes when private key is used#37794
Labels
confirmed-bugIssues with confirmed bugs.cryptoIssues and PRs related to the crypto subsystem.
@panva

Description

@panva
panva
opened on Mar 18, 2021

Introduced in #37500 (released with v15.12.0) the function call crashes node when a private key object is passed to verify when using the callback argument.

const crypto = require('crypto');
const assert = require('assert');

const data = Buffer.from('hello');
const { privateKey } = crypto.generateKeyPairSync('ed25519');
const signature = crypto.sign(null, data, privateKey);

assert(crypto.verify(null, data, privateKey, signature)); // OK

crypto.verify(null, data, privateKey, signature, (err, verified) => { // 💥
  assert(!err);
  assert(verified);
});
node[49326]: ../src/crypto/crypto_sig.cc:850:static bool node::crypto::SignTraits::DeriveBits(node::Environment *, const node::crypto::SignConfiguration &, node::crypto::ByteSource *): Assertion `(params.key->GetKeyType()) == (kKeyTypePublic)' failed.

This can never happen in webcrypto where this implementation was first used but it is a valid input for one shot verify.

I'm looking into a fix and expanding the test suite.

cc @jasnell

Metadata

Metadata

Assignees

No one assigned

    Labels

    confirmed-bugIssues with confirmed bugs.cryptoIssues and PRs related to the crypto subsystem.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions