Skip to content

crypto: fix Hash and Cipher abort on end#38425

Open
Linkgoron wants to merge 1 commit intonodejs:mainfrom
Linkgoron:crypto-cipher-hash-end-abort
Open

crypto: fix Hash and Cipher abort on end#38425
Linkgoron wants to merge 1 commit intonodejs:mainfrom
Linkgoron:crypto-cipher-hash-end-abort

Conversation

@Linkgoron
Copy link
Contributor

@Linkgoron Linkgoron commented Apr 26, 2021
edited
Loading

Fix Hash and Cipher aborting when using end with hex and specific lengths of chunks. The issue was caused because there was missing validation on the written content from the end method. Note that this actually affects quite a few things in Crypto. This affects decipher/cipher (both deprecated) but also decipheriv/cipheriv as well as Hash and Hmac.

I wasn't sure if this should throw in _transform or create an error and provide it to the callback, but according to the stream docs providing an error to the callback is what's expected - so I would love to get some input on my fix, and if it makes sense.

Fixes: #38015

@github-actions github-actions bot added crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Apr 26, 2021
aduh95
aduh95 reviewed Apr 26, 2021
View reviewed changes
@Ayase-252
Copy link
Member

Ayase-252 commented Apr 27, 2021

Does it also fix issue in #38035 (comment)? It contains invalid string (\r) in hex encoding too, however it aborts when using write.

addaleax
addaleax requested changes Apr 27, 2021
View reviewed changes
@addaleax
Copy link
Member

addaleax commented Apr 27, 2021

@Linkgoron I think a better approach overall would be validating this on the C++ side instead, where the abort occurs in the first place.

@Linkgoron
crypto: fix Hash and Cipher abort on end
b89f9ab 
fix Hash and Cipher aborting when using end with
hex and specific lengths of chunks

fixes: nodejs#38015
@Linkgoron Linkgoron force-pushed the crypto-cipher-hash-end-abort branch from 5e277fd to b89f9ab Compare April 27, 2021 07:45
@Linkgoron
Copy link
Contributor Author

Linkgoron commented Apr 27, 2021

Does it also fix issue in #38035 (comment)? It contains invalid string (\r) in hex encoding too, however it aborts when using write.

I checked now, and it fixes the issue in the comment - or at least it causes an error to get emitted instead of an abort.

@Linkgoron I think a better approach overall would be validating this on the C++ side instead, where the abort occurs in the first place.

Currently it appears to me that the validation in both cases (Hash and Cipher) is already done on the JS side in the update method, but maybe missed in _transform as an oversight (I'll try to go back through the PRs and see what the intent was), and I think that moving the validation to the c++ side would probably mean changing update as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aduh95 aduh95 aduh95 left review comments

@addaleax addaleax addaleax requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"crypto.createDecipher().end" results in an abort

4 participants

@Linkgoron @Ayase-252 @addaleax @aduh95