Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: fix error code handling in ParsePrivateKey() #42400

Conversation

RaisinTen
Copy link
Contributor

This changes the code to select the latest error code instead of the
earliest one from the OpenSSL error stack. It helps in getting rid of
the inconsistency between the empty passphrase related error codes of
OpenSSL 1.1.1 and 3.

Refs: #42319 (comment)
Signed-off-by: Darshan Sen raisinten@gmail.com

This changes the code to select the latest error code instead of the
earliest one from the OpenSSL error stack. It helps in getting rid of
the inconsistency between the empty passphrase related error codes of
OpenSSL 1.1.1 and 3.

Refs: nodejs#42319 (comment)
Signed-off-by: Darshan Sen <raisinten@gmail.com>
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Mar 19, 2022
@nodejs-github-bot
Copy link
Collaborator

@tniessen
Copy link
Member

Is OpenSSL pushing multiple errors during a single API call? Or can we somehow prevent having multiple errors on the stack?

@RaisinTen
Copy link
Contributor Author

@tniessen

Is OpenSSL pushing multiple errors during a single API call?

Yes that's right, the errors are coming from this API call -

pkey->reset(PEM_read_bio_PrivateKey(bio.get(),
nullptr,
PasswordCallback,
&passphrase));
and this is what the stack contains:

opensslErrorStack: [
  'error:04800068:PEM routines::bad password read',
  'error:07880109:common libcrypto routines::interrupted or cancelled'
]

The first error is raised from

ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
and the second one is from
ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERRUPTED_OR_CANCELLED);
.

Is it normal for OpenSSL to push multiple errors on the stack during a single API call?

Or can we somehow prevent having multiple errors on the stack?

I don't think that would be possible without making some changes to OpenSSL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants