diff --git a/patches/node/.patches b/patches/node/.patches index 7b5ffd1a48caa..76e590dd4e5af 100644 --- a/patches/node/.patches +++ b/patches/node/.patches @@ -22,4 +22,3 @@ fix_account_for_debugger_agent_race_condition.patch add_should_read_node_options_from_env_option_to_disable_node_options.patch repl_fix_crash_when_sharedarraybuffer_disabled.patch fix_readbarrier_undefined_symbol_error_on_woa_arm64.patch -fix_crash_creating_private_key_with_unsupported_algorithm.patch diff --git a/patches/node/fix_crash_creating_private_key_with_unsupported_algorithm.patch b/patches/node/fix_crash_creating_private_key_with_unsupported_algorithm.patch deleted file mode 100644 index 5368822832e3d..0000000000000 --- a/patches/node/fix_crash_creating_private_key_with_unsupported_algorithm.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Shelley Vohr -Date: Thu, 23 Sep 2021 12:29:23 +0200 -Subject: fix: crash creating private key with unsupported algorithm - -This patch fixes an issue where some calls to crypto.createPrivateKey -made with algorithms unsupported by BoringSSL cause a crash when invoking -methods on their return values. This was happening because BoringSSL -shims some algorithms but doesn't implement them and so attempted to -created keys with them will fail (see https://source.chromium.org/chromium/chromium/src/+/main:third_party/boringssl/src/include/openssl/evp.h;l=835-837?q=ed448&ss=chromium) - -Node.js returned false in initEdRaw (see: https://github.com/nodejs/node/blob/20cf47004e7801ede1588d2de8785c0100f6ab38/src/crypto/crypto_keys.cc#L1106) -but then did nothing with the return value, meaning that if no pkey was -created successfully that a key object was still returned but attempts -to use the data_ field would crash the process as data_ was never -assigned. This is fixed by checking the return value of initEdRaw at the -JavaScript level and throwing an error if the function returns false. - -This patch will be upstreamed in some form. - -diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js -index ce053fbb4b800a67adcd5642a6ef09f8f2a21ce6..1b0e4b8791cf422bba331b242cd7df29b18c9da8 100644 ---- a/lib/internal/crypto/keys.js -+++ b/lib/internal/crypto/keys.js -@@ -436,15 +436,19 @@ function getKeyObjectHandleFromJwk(key, ctx) { - - const handle = new KeyObjectHandle(); - if (isPublic) { -- handle.initEDRaw( -+ if (!handle.initEDRaw( - `NODE-${key.crv.toUpperCase()}`, - keyData, -- kKeyTypePublic); -+ kKeyTypePublic)) { -+ throw new Error('Failed to create key - unsupported algorithm'); -+ } - } else { -- handle.initEDRaw( -+ if (!handle.initEDRaw( - `NODE-${key.crv.toUpperCase()}`, - keyData, -- kKeyTypePrivate); -+ kKeyTypePrivate)) { -+ throw new Error('Failed to create key - unsupported algorithm'); -+ } - } - - return handle; diff --git a/spec/node-spec.js b/spec/node-spec.js index 4d06e39d445d4..7437143554a66 100644 --- a/spec/node-spec.js +++ b/spec/node-spec.js @@ -330,7 +330,7 @@ describe('node feature', () => { expect(() => { crypto.createPrivateKey({ key: ed448, format: 'jwk' }); - }).to.throw(/Failed to create key - unsupported algorithm/); + }).to.throw(/Invalid JWK data/); }); });