Skip to content

crypto: fix error code handling in ParsePrivateKey()#42400

Closed
RaisinTen wants to merge 1 commit intonodejs:mainfrom
RaisinTen:fix-error-code-handling-in-ParsePrivateKey
Closed

crypto: fix error code handling in ParsePrivateKey()#42400
RaisinTen wants to merge 1 commit intonodejs:mainfrom
RaisinTen:fix-error-code-handling-in-ParsePrivateKey

Conversation

@RaisinTen
Copy link
Member

@RaisinTen RaisinTen commented Mar 19, 2022

This changes the code to select the latest error code instead of the
earliest one from the OpenSSL error stack. It helps in getting rid of
the inconsistency between the empty passphrase related error codes of
OpenSSL 1.1.1 and 3.

Refs: #42319 (comment)
Signed-off-by: Darshan Sen raisinten@gmail.com

@RaisinTen
crypto: fix error code handling in ParsePrivateKey()
a60a849 
This changes the code to select the latest error code instead of the
earliest one from the OpenSSL error stack. It helps in getting rid of
the inconsistency between the empty passphrase related error codes of
OpenSSL 1.1.1 and 3.

Refs: nodejs#42319 (comment)
Signed-off-by: Darshan Sen <raisinten@gmail.com>
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 19, 2022

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Mar 19, 2022
@RaisinTen RaisinTen mentioned this pull request Mar 19, 2022
Merged
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 19, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43128/

@tniessen
Copy link
Member

tniessen commented Mar 19, 2022

Is OpenSSL pushing multiple errors during a single API call? Or can we somehow prevent having multiple errors on the stack?

@github-actions github-actions bot mentioned this pull request Mar 20, 2022
Open
36 tasks
@RaisinTen
Copy link
Member Author

RaisinTen commented Mar 20, 2022

@tniessen

Is OpenSSL pushing multiple errors during a single API call?

Yes that's right, the errors are coming from this API call -

node/src/crypto/crypto_keys.cc

Lines 224 to 227 in 7fdb9d5

pkey->reset(PEM_read_bio_PrivateKey(bio.get(),
nullptr,
PasswordCallback,
&passphrase));
and this is what the stack contains:

opensslErrorStack: [
  'error:04800068:PEM routines::bad password read',
  'error:07880109:common libcrypto routines::interrupted or cancelled'
]

The first error is raised from

node/deps/openssl/openssl/crypto/pem/pem_lib.c

Line 440 in cc94563

ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
and the second one is from

node/deps/openssl/openssl/crypto/passphrase.c

Line 184 in 7fdb9d5

ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERRUPTED_OR_CANCELLED);
.

Is it normal for OpenSSL to push multiple errors on the stack during a single API call?

Or can we somehow prevent having multiple errors on the stack?

I don't think that would be possible without making some changes to OpenSSL.

This was referenced Mar 21, 2022
Open
Open
Open
Open
Open
Open
Open
This was referenced Mar 28, 2022
Open
Open
Open
@RaisinTen RaisinTen requested a review from tniessen April 5, 2022 14:37
@RaisinTen RaisinTen mentioned this pull request Apr 14, 2022
Closed
@RaisinTen RaisinTen closed this Aug 7, 2022
@RaisinTen RaisinTen deleted the fix-error-code-handling-in-ParsePrivateKey branch August 7, 2022 08:21
@RaisinTen RaisinTen mentioned this pull request Aug 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tniessen tniessen Awaiting requested review from tniessen

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RaisinTen @nodejs-github-bot @tniessen