From ff4ee3ebac404cb067181a4c39e44731ff3123a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Sat, 30 Mar 2019 00:19:39 +0100
Subject: [PATCH 1/2] crypto: fail early if passphrase is too long

This causes OpenSSL to fail early if the decryption passphrase is too
long, and produces a somewhat helpful error message.

Refs: https://github.com/nodejs/node/pull/25208
---
 doc/api/crypto.md                        |  3 +++
 src/node_crypto.cc                       |  3 ++-
 test/parallel/test-crypto-key-objects.js | 11 +++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index 35c15a7748ecc5..2a699ae73b5871 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -1821,6 +1821,9 @@ Creates and returns a new key object containing a private key. If `key` is a
 string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key`
 must be an object with the properties described above.
 
+If the private key is encrypted, a `passphrase` must be specified. The length
+of the passphrase is limited.
+
 ### crypto.createPublicKey(key)
 <!-- YAML
 added: v11.6.0
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 00c439d2f05d4c..13eb34a350ac7a 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -178,7 +178,8 @@ static int PasswordCallback(char* buf, int size, int rwflag, void* u) {
   if (passphrase != nullptr) {
     size_t buflen = static_cast<size_t>(size);
     size_t len = strlen(passphrase);
-    len = len > buflen ? buflen : len;
+    if (buflen <= len)
+      return -1;
     memcpy(buf, passphrase, len);
     return len;
   }
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
index e8f6cc3c963d46..fac51413881fc8 100644
--- a/test/parallel/test-crypto-key-objects.js
+++ b/test/parallel/test-crypto-key-objects.js
@@ -223,6 +223,17 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
     message: 'Passphrase required for encrypted key'
   });
 
+  // Reading an encrypted key with a passphrase that exceeds OpenSSL's buffer
+  // size limit should fail with an appropriate error code.
+  common.expectsError(() => createPrivateKey({
+    key: privateDsa,
+    format: 'pem',
+    passphrase: Buffer.alloc(16 * 1024, 'a')
+  }), {
+    code: 'ERR_OSSL_PEM_BAD_PASSWORD_READ',
+    type: Error
+  });
+
   const publicKey = createPublicKey(publicDsa);
   assert.strictEqual(publicKey.type, 'public');
   assert.strictEqual(publicKey.asymmetricKeyType, 'dsa');

From 2a4e014bb8d8b83fe561e7ac0edf850c97ea623e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Sun, 31 Mar 2019 17:02:58 +0200
Subject: [PATCH 2/2] address Ben's comments

---
 doc/api/crypto.md                        |  2 +-
 src/node_crypto.cc                       |  2 +-
 test/parallel/test-crypto-key-objects.js | 12 +++++++++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index 2a699ae73b5871..8dcb175581cbe3 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -1822,7 +1822,7 @@ string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key`
 must be an object with the properties described above.
 
 If the private key is encrypted, a `passphrase` must be specified. The length
-of the passphrase is limited.
+of the passphrase is limited to 1024 bytes.
 
 ### crypto.createPublicKey(key)
 <!-- YAML
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 13eb34a350ac7a..6503bcfbc9fa0c 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -178,7 +178,7 @@ static int PasswordCallback(char* buf, int size, int rwflag, void* u) {
   if (passphrase != nullptr) {
     size_t buflen = static_cast<size_t>(size);
     size_t len = strlen(passphrase);
-    if (buflen <= len)
+    if (buflen < len)
       return -1;
     memcpy(buf, passphrase, len);
     return len;
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
index fac51413881fc8..dc4934c8673ae1 100644
--- a/test/parallel/test-crypto-key-objects.js
+++ b/test/parallel/test-crypto-key-objects.js
@@ -228,12 +228,22 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
   common.expectsError(() => createPrivateKey({
     key: privateDsa,
     format: 'pem',
-    passphrase: Buffer.alloc(16 * 1024, 'a')
+    passphrase: Buffer.alloc(1025, 'a')
   }), {
     code: 'ERR_OSSL_PEM_BAD_PASSWORD_READ',
     type: Error
   });
 
+  // The buffer has a size of 1024 bytes, so this passphrase should be permitted
+  // (but will fail decryption).
+  common.expectsError(() => createPrivateKey({
+    key: privateDsa,
+    format: 'pem',
+    passphrase: Buffer.alloc(1024, 'a')
+  }), {
+    message: /bad decrypt/
+  });
+
   const publicKey = createPublicKey(publicDsa);
   assert.strictEqual(publicKey.type, 'public');
   assert.strictEqual(publicKey.asymmetricKeyType, 'dsa');