-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: fail early if passphrase is too long #27010
crypto: fail early if passphrase is too long #27010
Conversation
This causes OpenSSL to fail early if the decryption passphrase is too long, and produces a somewhat helpful error message. Refs: nodejs#25208
This was @sam-github's idea in #25208 (comment), thanks Sam! :) |
I think this is technically semver-major? So cc @nodejs/tsc |
Oooo, tricky. Where does this fail without this fix and what does that failure look like? It's not from the |
@rvagg It is indeed tricky! The failure without this patch is unpredictable. Note that this should also be an extremely rare case, supplying such a long passphrase does not make sense since the entropy of the passphrase would far exceed the entropy of the derived decryption key. |
OK, so I'm going to go out on a limb and suggest that those failure modes mean we have bugs in our interface and therefore this should be semver-patch. Anyone else have an opinion? @tniessen what's your position? |
I'm usually leaning towards semver-patch too easily 😅 This does change the error message and code, but on the other hand, it also provides a stable solution instead of the current unpredictable behavior. Personally, I feel that this should land on all release lines where that is possible, simply to get rid of the unpredictability, but I am also fine with a TSC decision to treat this as semver-major.
From that perspective, this certainly is a bugfix, we should not have accepted passphrases that do not fit into the buffer in the first place. |
We've been more lax about semver-major's recently. In this case, someone would have to be relying on passing a passphrase that is too large, and it getting truncated... which is pretty obscure. I'd be OK with semver-patch, mostly because I don't want this to float until the fall for 13.x, continually causing backport conflict. |
I removed the semver-major label, feel free to chime in @nodejs/tsc. |
Re-build of failing node-test-commit-linux (✔️) |
This causes OpenSSL to fail early if the decryption passphrase is too long, and produces a somewhat helpful error message. PR-URL: nodejs#27010 Refs: nodejs#25208 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Landed in 73bca57 🎉 |
This causes OpenSSL to fail early if the decryption passphrase is too long, and produces a somewhat helpful error message. OpenSSL gives us a buffer of limited size (currently 1024 bytes), so there is no way to pass longer passphrases.
Refs: #25208
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes