diff options
| author | Filip Skokan <panva.ip@gmail.com> | 2019-04-01 17:00:11 +0200 |
|---|---|---|
| committer | Ruben Bridgewater <ruben@bridgewater.de> | 2019-04-04 15:54:04 +0200 |
| commit | b2bb6c2b80e250e5b9dfd27662797fc7b3d12713 (patch) | |
| tree | 422cbda5e46038943c9fd38d7cbba4e924c7b8b1 | |
| parent | 6fb32ac2552a0a03b8e7d54ef9bda06909823b6b (diff) | |
| download | node-new-b2bb6c2b80e250e5b9dfd27662797fc7b3d12713.tar.gz | |
crypto: fix crash of encrypted private key export without cipher
PR-URL: https://github.com/nodejs/node/pull/27041
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
| -rw-r--r-- | lib/internal/crypto/keys.js | 18 | ||||
| -rw-r--r-- | test/parallel/test-crypto-key-objects.js | 14 |
2 files changed, 25 insertions, 7 deletions
diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index 1eb4a6f7be..93d350e4e7 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -186,14 +186,18 @@ function parseKeyEncoding(enc, keyType, isPublic, objName) { if (isPublic !== true) { ({ cipher, passphrase } = enc); - if (!isInput && cipher != null) { - if (typeof cipher !== 'string') + if (!isInput) { + if (cipher != null) { + if (typeof cipher !== 'string') + throw new ERR_INVALID_OPT_VALUE(option('cipher', objName), cipher); + if (format === kKeyFormatDER && + (type === kKeyEncodingPKCS1 || + type === kKeyEncodingSEC1)) { + throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS( + encodingNames[type], 'does not support encryption'); + } + } else if (passphrase !== undefined) { throw new ERR_INVALID_OPT_VALUE(option('cipher', objName), cipher); - if (format === kKeyFormatDER && - (type === kKeyEncodingPKCS1 || - type === kKeyEncodingSEC1)) { - throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS( - encodingNames[type], 'does not support encryption'); } } diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js index 66ba19101a..fb35b9ae92 100644 --- a/test/parallel/test-crypto-key-objects.js +++ b/test/parallel/test-crypto-key-objects.js @@ -244,3 +244,17 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem', assert.strictEqual(privateKey.asymmetricKeyType, 'dsa'); assert.strictEqual(privateKey.symmetricKeySize, undefined); } + +{ + // Exporting an encrypted private key requires a cipher + const privateKey = createPrivateKey(privatePem); + common.expectsError(() => { + privateKey.export({ + format: 'pem', type: 'pkcs8', passphrase: 'super-secret' + }); + }, { + type: TypeError, + code: 'ERR_INVALID_OPT_VALUE', + message: 'The value "undefined" is invalid for option "cipher"' + }); +} |