Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: fix error code handling in ParsePrivateKey() #42400

Closed
wants to merge 1 commit into from
Closed

crypto: fix error code handling in ParsePrivateKey() #42400

wants to merge 1 commit into from

Conversation

RaisinTen
Copy link
Contributor

This changes the code to select the latest error code instead of the
earliest one from the OpenSSL error stack. It helps in getting rid of
the inconsistency between the empty passphrase related error codes of
OpenSSL 1.1.1 and 3.

Refs: #42319 (comment)
Signed-off-by: Darshan Sen raisinten@gmail.com

@RaisinTen
crypto: fix error code handling in ParsePrivateKey()
a60a849 
This changes the code to select the latest error code instead of the
earliest one from the OpenSSL error stack. It helps in getting rid of
the inconsistency between the empty passphrase related error codes of
OpenSSL 1.1.1 and 3.

Refs: nodejs#42319 (comment)
Signed-off-by: Darshan Sen <raisinten@gmail.com>
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Mar 19, 2022
@RaisinTen RaisinTen mentioned this pull request Mar 19, 2022
Merged
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43128/

@tniessen
Copy link
Member

Is OpenSSL pushing multiple errors during a single API call? Or can we somehow prevent having multiple errors on the stack?

@github-actions github-actions bot mentioned this pull request Mar 20, 2022
Open
36 tasks
@RaisinTen
Copy link
Contributor Author

@tniessen

Is OpenSSL pushing multiple errors during a single API call?

Yes that's right, the errors are coming from this API call -

node/src/crypto/crypto_keys.cc

Lines 224 to 227 in 7fdb9d5

pkey->reset(PEM_read_bio_PrivateKey(bio.get(),
nullptr,
PasswordCallback,
&passphrase));
and this is what the stack contains:

opensslErrorStack: [
  'error:04800068:PEM routines::bad password read',
  'error:07880109:common libcrypto routines::interrupted or cancelled'
]

The first error is raised from

node/deps/openssl/openssl/crypto/pem/pem_lib.c

Line 440 in cc94563

ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
and the second one is from

node/deps/openssl/openssl/crypto/passphrase.c

Line 184 in 7fdb9d5

ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERRUPTED_OR_CANCELLED);
.

Is it normal for OpenSSL to push multiple errors on the stack during a single API call?

Or can we somehow prevent having multiple errors on the stack?

I don't think that would be possible without making some changes to OpenSSL.

This was referenced Mar 21, 2022
Open
Open
Open
Open
Open
Open
Open
This was referenced Mar 28, 2022
Open
Open
Open
@RaisinTen RaisinTen requested a review from tniessen April 5, 2022 14:37
@RaisinTen RaisinTen mentioned this pull request Apr 14, 2022
Closed
@RaisinTen RaisinTen closed this Aug 7, 2022
@RaisinTen RaisinTen deleted the fix-error-code-handling-in-ParsePrivateKey branch August 7, 2022 08:21
@RaisinTen RaisinTen mentioned this pull request Aug 2, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tniessen tniessen Awaiting requested review from tniessen

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@RaisinTen @nodejs-github-bot @tniessen