Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: verify with callback crashes when private key is used #37794

Closed
panva opened this issue Mar 18, 2021 · 0 comments
Closed

crypto: verify with callback crashes when private key is used #37794

panva opened this issue Mar 18, 2021 · 0 comments
Labels
confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem.

Comments

@panva
Copy link
Member

panva commented Mar 18, 2021

Introduced in #37500 (released with v15.12.0) the function call crashes node when a private key object is passed to verify when using the callback argument.

const crypto = require('crypto');
const assert = require('assert');

const data = Buffer.from('hello');
const { privateKey } = crypto.generateKeyPairSync('ed25519');
const signature = crypto.sign(null, data, privateKey);

assert(crypto.verify(null, data, privateKey, signature)); // OK

crypto.verify(null, data, privateKey, signature, (err, verified) => { // 💥
  assert(!err);
  assert(verified);
});
node[49326]: ../src/crypto/crypto_sig.cc:850:static bool node::crypto::SignTraits::DeriveBits(node::Environment *, const node::crypto::SignConfiguration &, node::crypto::ByteSource *): Assertion `(params.key->GetKeyType()) == (kKeyTypePublic)' failed.

This can never happen in webcrypto where this implementation was first used but it is a valid input for one shot verify.

I'm looking into a fix and expanding the test suite.

cc @jasnell

@panva panva added confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem. labels Mar 18, 2021
@panva panva closed this as completed in 5e6386e Mar 18, 2021
ruyadorno pushed a commit that referenced this issue Mar 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant