Skip to content

Commit

Permalink
crypto: reject public keys properly
Browse files Browse the repository at this point in the history
Fixes: #29904

PR-URL: #29913
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
  • Loading branch information
tniessen authored and Trott committed Oct 12, 2019
1 parent 88e8156 commit c64ed10
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 1 deletion.
5 changes: 4 additions & 1 deletion lib/internal/crypto/keys.js
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,10 @@ function prepareAsymmetricKey(key, ctx) {
...(ctx !== kCreatePrivate ? ['KeyObject'] : [])],
key);
}
return { data, ...parseKeyEncoding(key, undefined) };

const isPublic =
(ctx === kConsumePrivate || ctx === kCreatePrivate) ? false : undefined;
return { data, ...parseKeyEncoding(key, undefined, isPublic) };
} else {
throw new ERR_INVALID_ARG_TYPE(
'key',
Expand Down
21 changes: 21 additions & 0 deletions test/parallel/test-crypto-key-objects.js
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,27 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
library: 'BIO routines',
function: 'BIO_new_mem_buf',
});

// This should not abort either: https://github.com/nodejs/node/issues/29904
assert.throws(() => {
createPrivateKey({ key: Buffer.alloc(0), format: 'der', type: 'spki' });
}, {
code: 'ERR_INVALID_OPT_VALUE',
message: 'The value "spki" is invalid for option "type"'
});

// Unlike SPKI, PKCS#1 is a valid encoding for private keys (and public keys),
// so it should be accepted by createPrivateKey, but OpenSSL won't parse it.
assert.throws(() => {
const key = createPublicKey(publicPem).export({
format: 'der',
type: 'pkcs1'
});
createPrivateKey({ key, format: 'der', type: 'pkcs1' });
}, {
message: /asn1 encoding/,
library: 'asn1 encoding routines'
});
}

[
Expand Down

0 comments on commit c64ed10

Please sign in to comment.