Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: crash in ECDH.setPrivateKey (backport: 4-0-x) #17297

Merged
merged 1 commit into from Mar 8, 2019
Merged

fix: crash in ECDH.setPrivateKey (backport: 4-0-x) #17297

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions patches/common/boringssl/.patches
View file
Open in desktop
Expand Up @@ -2,3 +2,4 @@ implement_ssl_get_tlsext_status_type.patch
expose_ripemd160.patch
expose_aes-cfb.patch
sync_sorted_ciphers.patch
handle_pub_key_null_in_ec_key_set_public_key.patch
19 changes: 19 additions & 0 deletions patches/common/boringssl/handle_pub_key_null_in_ec_key_set_public_key.patch
View file
Open in desktop
@@ -0,0 +1,19 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <nornagon@nornagon.net>
Date: Mon, 4 Mar 2019 10:59:35 -0800
Subject: handle pub_key == null in EC_KEY_set_public_key


diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c
index 4bc12a073650f66f5ae8ba2beabb9a6fb2b21878..7e86ccb0d76c66f32fc05c7093c870d5da7b9994 100644
--- a/crypto/fipsmodule/ec/ec_key.c
+++ b/crypto/fipsmodule/ec/ec_key.c
@@ -267,7 +267,7 @@ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) {
return 0;
}

- if (EC_GROUP_cmp(key->group, pub_key->group, NULL) != 0) {
+ if (pub_key != NULL && EC_GROUP_cmp(key->group, pub_key->group, NULL) != 0) {
OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH);
return 0;
}
22 changes: 22 additions & 0 deletions spec/node-spec.js
View file
Open in desktop
Expand Up @@ -452,6 +452,28 @@ describe('node feature', () => {
const iv = Buffer.from('fedcba9876543210', 'hex')
require('crypto').createCipheriv('des-ede-cbc', key, iv)
})

it('should not crash when getting an ECDH key', () => {
const ecdh = require('crypto').createECDH('prime256v1')
expect(ecdh.generateKeys()).to.be.an.instanceof(Buffer)
expect(ecdh.getPrivateKey()).to.be.an.instanceof(Buffer)
})

it('should not crash when generating DH keys or fetching DH fields', () => {
const dh = require('crypto').createDiffieHellman('modp15')
expect(dh.generateKeys()).to.be.an.instanceof(Buffer)
expect(dh.getPublicKey()).to.be.an.instanceof(Buffer)
expect(dh.getPrivateKey()).to.be.an.instanceof(Buffer)
expect(dh.getPrime()).to.be.an.instanceof(Buffer)
expect(dh.getGenerator()).to.be.an.instanceof(Buffer)
})

it('should not crash when creating an ECDH cipher', () => {
const crypto = require('crypto')
const dh = crypto.createECDH('prime256v1')
dh.generateKeys()
dh.setPrivateKey(dh.getPrivateKey())
})
})

it('includes the electron version in process.versions', () => {
Expand Down