Skip to content

createPublicKey and createPrivateKey lacks robustness with JWK #44471

New issue
New issue
Closed
Closed
createPublicKey and createPrivateKey lacks robustness with JWK#44471
Labels
confirmed-bugIssues with confirmed bugs.cryptoIssues and PRs related to the crypto subsystem.
@rinne

Description

@rinne
rinne
opened on Sep 1, 2022

Version

v18.7.0

Platform

Darwin xxx 21.6.0 Darwin Kernel Version 21.6.0: Wed Aug 10 14:25:27 PDT 2022; root:xnu-8020.141.5~2/RELEASE_X86_64 x86_64

Subsystem

crypto

What steps will reproduce the bug?

// called jwk format but non-object (string) as a parameter

require('crypto').createPrivateKey({ key: "foo", format: 'jwk' });

// core dump follows

require('crypto').createPublicKey({ key: "", format: 'jwk' });

// core dump follows

How often does it reproduce? Is there a required condition?

always

What is the expected behavior?

Exception with an appropriate error object should be thrown.
It should be possible to catch the exception.

What do you see instead?

node[88386]: ../src/crypto/crypto_keys.cc:68:void node::crypto::(anonymous namespace)::GetKeyFormatAndTypeFromJs(node::crypto::AsymmetricKeyEncodingConfig *, const FunctionCallbackInfo<v8::Value> &, unsigned int *, node::crypto::KeyEncodingContext): Assertion `(context == kKeyContextInput && config->format_ == kKeyFormatPEM) || (context == kKeyContextGenerate && config->format_ == kKeyFormatJWK)' failed.
 1: 0x103037252 node::Abort() [/opt/local/bin/node]
 2: 0x103037085 node::AppendExceptionLine(node::Environment*, v8::Local<v8::Value>, v8::Local<v8::Message>, node::ErrorHandlingMode) [/opt/local/bin/node]
 3: 0x103138e07 node::crypto::(anonymous namespace)::GetKeyFormatAndTypeFromJs(node::crypto::AsymmetricKeyEncodingConfig*, v8::FunctionCallbackInfo<v8::Value> const&, unsigned int*, node::crypto::KeyEncodingContext) [/opt/local/bin/node]
 4: 0x103138693 node::crypto::ManagedEVPPKey::GetPrivateKeyEncodingFromJs(v8::FunctionCallbackInfo<v8::Value> const&, unsigned int*, node::crypto::KeyEncodingContext) [/opt/local/bin/node]
 5: 0x103139575 node::crypto::ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(v8::FunctionCallbackInfo<v8::Value> const&, unsigned int*) [/opt/local/bin/node]
 6: 0x10313a3ba node::crypto::KeyObjectHandle::Init(v8::FunctionCallbackInfo<v8::Value> const&) [/opt/local/bin/node]
 7: 0x1031b491b v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) [/opt/local/bin/node]
 8: 0x1031b44ab v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) [/opt/local/bin/node]
 9: 0x1031b3c28 v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) [/opt/local/bin/node]
10: 0x1038710f9 Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit [/opt/local/bin/node]

Additional information

This has been the case with JWK import for all versions so far.

Metadata

Metadata

Assignees

No one assigned

    Labels

    confirmed-bugIssues with confirmed bugs.cryptoIssues and PRs related to the crypto subsystem.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions