diff options
| author | Shelley Vohr <shelley.vohr@gmail.com> | 2019-08-26 12:18:50 -0700 |
|---|---|---|
| committer | Ujjwal Sharma <usharma1998@gmail.com> | 2019-08-29 10:12:58 +0530 |
| commit | 17a697c794f2525c9789fd92c2206a1b634cf473 (patch) | |
| tree | 24edd2d6dc2c1f7eaa8ba8fb8c117cfb8fa1f329 /src | |
| parent | 8675152f0f15002915225216f48e8bdd39612a81 (diff) | |
| download | node-new-17a697c794f2525c9789fd92c2206a1b634cf473.tar.gz | |
crypto: don't expose openssl internals
PR-URL: https://github.com/nodejs/node/pull/29325
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'src')
| -rw-r--r-- | src/node_crypto.cc | 15 | ||||
| -rw-r--r-- | src/node_crypto.h | 2 | ||||
| -rw-r--r-- | src/node_errors.h | 2 |
3 files changed, 13 insertions, 6 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 5634d8b1dc..65683b70d8 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -5203,7 +5203,7 @@ template <PublicKeyCipher::Operation operation, bool PublicKeyCipher::Cipher(Environment* env, const ManagedEVPPKey& pkey, int padding, - const char* oaep_hash, + const EVP_MD* digest, const unsigned char* data, int len, AllocatedBuffer* out) { @@ -5215,9 +5215,8 @@ bool PublicKeyCipher::Cipher(Environment* env, if (EVP_PKEY_CTX_set_rsa_padding(ctx.get(), padding) <= 0) return false; - if (oaep_hash != nullptr) { - if (!EVP_PKEY_CTX_md(ctx.get(), EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_MD, oaep_hash)) + if (digest != nullptr) { + if (!EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), digest)) return false; } @@ -5259,6 +5258,12 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) { const node::Utf8Value oaep_str(env->isolate(), args[offset + 2]); const char* oaep_hash = args[offset + 2]->IsString() ? *oaep_str : nullptr; + const EVP_MD* digest = nullptr; + if (oaep_hash != nullptr) { + digest = EVP_get_digestbyname(oaep_hash); + if (digest == nullptr) + return THROW_ERR_OSSL_EVP_INVALID_DIGEST(env); + } AllocatedBuffer out; @@ -5268,7 +5273,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) { env, pkey, padding, - oaep_hash, + digest, buf.data(), buf.length(), &out); diff --git a/src/node_crypto.h b/src/node_crypto.h index a121c82295..99e6c48117 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -713,7 +713,7 @@ class PublicKeyCipher { static bool Cipher(Environment* env, const ManagedEVPPKey& pkey, int padding, - const char* oaep_hash, + const EVP_MD* digest, const unsigned char* data, int len, AllocatedBuffer* out); diff --git a/src/node_errors.h b/src/node_errors.h index 939f93a489..261c6077bb 100644 --- a/src/node_errors.h +++ b/src/node_errors.h @@ -42,6 +42,7 @@ void PrintErrorString(const char* format, ...); V(ERR_CONSTRUCT_CALL_REQUIRED, TypeError) \ V(ERR_CONSTRUCT_CALL_INVALID, TypeError) \ V(ERR_INVALID_ARG_VALUE, TypeError) \ + V(ERR_OSSL_EVP_INVALID_DIGEST, Error) \ V(ERR_INVALID_ARG_TYPE, TypeError) \ V(ERR_INVALID_MODULE_SPECIFIER, TypeError) \ V(ERR_INVALID_PACKAGE_CONFIG, SyntaxError) \ @@ -89,6 +90,7 @@ void PrintErrorString(const char* format, ...); V(ERR_CONSTRUCT_CALL_REQUIRED, "Cannot call constructor without `new`") \ V(ERR_INVALID_TRANSFER_OBJECT, "Found invalid object in transferList") \ V(ERR_MEMORY_ALLOCATION_FAILED, "Failed to allocate memory") \ + V(ERR_OSSL_EVP_INVALID_DIGEST, "Invalid digest used") \ V(ERR_MISSING_MESSAGE_PORT_IN_TRANSFER_LIST, \ "MessagePort was found in message but not listed in transferList") \ V(ERR_MISSING_PLATFORM_FOR_WORKER, \ |