crypto.generateKeyPair generates error ERR_OSSL_CRYPTO_MALLOC_FAILURE in node 17.2.0 #41428

Raynos · 2022-01-07T14:47:35Z

Version

17.2.0

Platform

Linux raynos-Precision-5530 5.4.0-91-generic #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Subsystem

crypto

What steps will reproduce the bug?

Run the following script in node 17.2.0 and node 16.

const crypto = require('crypto')
crypto.generateKeyPair('rsa', {
        modulusLength: 4096,
        publicKeyEncoding: {
          type: 'spki',
          format: 'pem'
        },
        privateKeyEncoding: {
          type: 'pkcs8',
          format: 'pem',
          cipher: 'aes-256-cbc',
          passphrase: ''
        }
      }, (err, publicKey, privateKey) => {
        console.log('err', err)

        // cb(null, { publicKey, privateKey })
      })

Node 16 has no error, node 17 has an err

The err is

[Error: error:078C0100:common libcrypto routines::malloc failure] {
  opensslErrorStack: [ 'error:078C0100:common libcrypto routines::malloc failure' ],
  library: 'common libcrypto routines',
  reason: 'malloc failure',
  code: 'ERR_OSSL_CRYPTO_MALLOC_FAILURE'
}

How often does it reproduce? Is there a required condition?

every time on linux and mac.

What is the expected behavior?

I expected node 17 to not have a regression

What do you see instead?

I see an error.

[Error: error:078C0100:common libcrypto routines::malloc failure] {
  opensslErrorStack: [ 'error:078C0100:common libcrypto routines::malloc failure' ],
  library: 'common libcrypto routines',
  reason: 'malloc failure',
  code: 'ERR_OSSL_CRYPTO_MALLOC_FAILURE'
}

Additional information

No response

The text was updated successfully, but these errors were encountered:

panva · 2022-01-07T19:12:48Z

Not sure if it's intended or not, but the error only occurs when the private key encryption passphrase is empty, when one is provided this works as expected, likewise when no encryption is requested it's fine.

cc @nodejs/crypto

Raynos · 2022-01-07T19:56:14Z

I'm using this in my test suite, setting passphrase to a string like 'hello' does indeed allow me to run my test suite on both node 16 and node 17.

RaisinTen · 2022-01-14T11:36:09Z

I think this is a bug in OpenSSL, so I sent a report with my findings: openssl/openssl#17506

RaisinTen · 2022-01-14T11:37:49Z

Also, cc @tniessen since you had worked on #35914

RaisinTen · 2022-01-28T16:09:10Z

My fix landed in the OpenSSL repo: openssl/openssl#17507! Will cherry-pick it to https://github.com/quictls/openssl tomorrow.

mhdawson · 2022-02-28T16:58:39Z

@RaisinTen was this cherry picked over?

RaisinTen · 2022-03-01T14:06:03Z

@mhdawson I had sent the cherry-pick PR to the quictls repo - quictls/openssl#75 but I'm yet to get a review from the maintainers.

mhdawson · 2022-03-01T21:23:25Z

Thanks for the update, was just wondering if it was progressing.,

openssl/openssl@59ccb72: ``` commit 59ccb72cd5cec3b4e312853621e12a68dacdbc7e Author: Darshan Sen <raisinten@gmail.com> Date: Fri Jan 14 16:22:41 2022 +0530 Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey() When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size allocation, which resulted in malloc failures. Fixes: openssl/openssl#17506 Signed-off-by: Darshan Sen <raisinten@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl/openssl#17507) ``` openssl/openssl@1d28ada: ``` commit 1d28ada1c39997c10fe5392f4235bbd2bc44b40f Author: Darshan Sen <raisinten@gmail.com> Date: Sat Jan 22 17:56:05 2022 +0530 Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid() Signed-off-by: Darshan Sen <raisinten@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl/openssl#17507) ``` Refs: openssl/openssl#17507 Fixes: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com>

Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com>

RaisinTen · 2022-03-13T08:37:37Z

Sent a cherry-pick pr to Node.js anyways because my change has already landed in the openssl repo - #42319

Refs: openssl/openssl#17507 Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com>

Refs: openssl/openssl#17507 Refs: #41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

Refs: openssl/openssl#17507 Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: nodejs#42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

Refs: openssl/openssl#17507 Refs: #41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

Refs: openssl/openssl#17507 Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: nodejs#42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

Mesteery added crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency. labels Jan 7, 2022

RaisinTen mentioned this issue Jan 14, 2022

PEM_write_bio_PKCS8PrivateKey() doesn't accept empty passphrase strings anymore openssl/openssl#17506

Closed

RaisinTen added a commit to RaisinTen/node that referenced this issue Mar 13, 2022

test,crypto: add and update empty passphrase regression tests

a670c0c

Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com>

RaisinTen mentioned this issue Mar 13, 2022

test,crypto: add and update empty passphrase regression tests #42319

Merged

RaisinTen added a commit to RaisinTen/node that referenced this issue Mar 17, 2022

test,crypto: add and update empty passphrase regression tests

4fba5aa

Refs: openssl/openssl#17507 Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com>

RaisinTen linked a pull request Mar 17, 2022 that will close this issue

test,crypto: add and update empty passphrase regression tests #42319

Merged

nodejs-github-bot closed this as completed in #42319 Mar 19, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto.generateKeyPair generates error ERR_OSSL_CRYPTO_MALLOC_FAILURE in node 17.2.0 #41428

crypto.generateKeyPair generates error ERR_OSSL_CRYPTO_MALLOC_FAILURE in node 17.2.0 #41428

Raynos commented Jan 7, 2022

panva commented Jan 7, 2022 •

edited

Raynos commented Jan 7, 2022

RaisinTen commented Jan 14, 2022

RaisinTen commented Jan 14, 2022

RaisinTen commented Jan 28, 2022

mhdawson commented Feb 28, 2022

RaisinTen commented Mar 1, 2022

mhdawson commented Mar 1, 2022

RaisinTen commented Mar 13, 2022 •

edited

crypto.generateKeyPair generates error ERR_OSSL_CRYPTO_MALLOC_FAILURE in node 17.2.0 #41428

crypto.generateKeyPair generates error ERR_OSSL_CRYPTO_MALLOC_FAILURE in node 17.2.0 #41428

Comments

Raynos commented Jan 7, 2022

Version

Platform

Subsystem

What steps will reproduce the bug?

How often does it reproduce? Is there a required condition?

What is the expected behavior?

What do you see instead?

Additional information

panva commented Jan 7, 2022 • edited

Raynos commented Jan 7, 2022

RaisinTen commented Jan 14, 2022

RaisinTen commented Jan 14, 2022

RaisinTen commented Jan 28, 2022

mhdawson commented Feb 28, 2022

RaisinTen commented Mar 1, 2022

mhdawson commented Mar 1, 2022

RaisinTen commented Mar 13, 2022 • edited

panva commented Jan 7, 2022 •

edited

RaisinTen commented Mar 13, 2022 •

edited