createPublicKey and createPrivateKey lacks robustness with JWK

[rinne]

Version

v18.7.0

Platform

Darwin xxx 21.6.0 Darwin Kernel Version 21.6.0: Wed Aug 10 14:25:27 PDT 2022; root:xnu-8020.141.5~2/RELEASE_X86_64 x86_64

Subsystem

crypto

What steps will reproduce the bug?

// called jwk format but non-object (string) as a parameter

require('crypto').createPrivateKey({ key: "foo", format: 'jwk' });

// core dump follows

require('crypto').createPublicKey({ key: "", format: 'jwk' });

// core dump follows

How often does it reproduce? Is there a required condition?

always

What is the expected behavior?

Exception with an appropriate error object should be thrown.
It should be possible to catch the exception.

What do you see instead?

node[88386]: ../src/crypto/crypto_keys.cc:68:void node::crypto::(anonymous namespace)::GetKeyFormatAndTypeFromJs(node::crypto::AsymmetricKeyEncodingConfig *, const FunctionCallbackInfo<v8::Value> &, unsigned int *, node::crypto::KeyEncodingContext): Assertion `(context == kKeyContextInput && config->format_ == kKeyFormatPEM) || (context == kKeyContextGenerate && config->format_ == kKeyFormatJWK)' failed.
 1: 0x103037252 node::Abort() [/opt/local/bin/node]
 2: 0x103037085 node::AppendExceptionLine(node::Environment*, v8::Local<v8::Value>, v8::Local<v8::Message>, node::ErrorHandlingMode) [/opt/local/bin/node]
 3: 0x103138e07 node::crypto::(anonymous namespace)::GetKeyFormatAndTypeFromJs(node::crypto::AsymmetricKeyEncodingConfig*, v8::FunctionCallbackInfo<v8::Value> const&, unsigned int*, node::crypto::KeyEncodingContext) [/opt/local/bin/node]
 4: 0x103138693 node::crypto::ManagedEVPPKey::GetPrivateKeyEncodingFromJs(v8::FunctionCallbackInfo<v8::Value> const&, unsigned int*, node::crypto::KeyEncodingContext) [/opt/local/bin/node]
 5: 0x103139575 node::crypto::ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(v8::FunctionCallbackInfo<v8::Value> const&, unsigned int*) [/opt/local/bin/node]
 6: 0x10313a3ba node::crypto::KeyObjectHandle::Init(v8::FunctionCallbackInfo<v8::Value> const&) [/opt/local/bin/node]
 7: 0x1031b491b v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) [/opt/local/bin/node]
 8: 0x1031b44ab v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) [/opt/local/bin/node]
 9: 0x1031b3c28 v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) [/opt/local/bin/node]
10: 0x1038710f9 Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit [/opt/local/bin/node]

Additional information

This has been the case with JWK import for all versions so far.

[panva]

@rinne thank you for the report. I'm looking into a fix.

[panva]

#44475