crypto: better docs for cases where peer's public key is invalid

changes in c++ are in the computeSecret function, but the thrown
exception that was moved to JS land was in BufferToPoint
function, here i let the allocation error be thrown so the only value
returned is the nullptr that i use later to catch the error in
computeSecret, to then construct the exception in JS land.

an ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error was added to errors.js
and with that, subsequent changes to docs and tests were made.

PR-URL: https://github.com/nodejs/node/pull/16849
Refs: https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf
Fixes: https://github.com/nodejs/node/issues/16625
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

2 files changed, 4 insertions, 0 deletions

diff --git a/lib/internal/crypto/diffiehellman.js b/lib/internal/crypto/diffiehellman.js
index 95b689df94..687bae83fd 100644
--- a/lib/internal/crypto/diffiehellman.js
+++ b/lib/internal/crypto/diffiehellman.js
@@ -96,6 +96,8 @@ function dhComputeSecret(key, inEnc, outEnc) {
   inEnc = inEnc || encoding;
   outEnc = outEnc || encoding;
   var ret = this._handle.computeSecret(toBuf(key, inEnc));
+  if (typeof ret === 'string')
+    throw new errors.Error('ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY');
   if (outEnc && outEnc !== 'buffer')
     ret = ret.toString(outEnc);
   return ret;
diff --git a/lib/internal/errors.js b/lib/internal/errors.js
index 7fa567739e..dadba400b5 100644
--- a/lib/internal/errors.js
+++ b/lib/internal/errors.js
@@ -281,6 +281,8 @@ E('ERR_CPU_USAGE', 'Unable to obtain cpu usage %s');
 E('ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED',
   'Custom engines not supported by this OpenSSL');
 E('ERR_CRYPTO_ECDH_INVALID_FORMAT', 'Invalid ECDH format: %s');
+E('ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY',
+  'Public key is not valid for specified curve');
 E('ERR_CRYPTO_ENGINE_UNKNOWN', 'Engine "%s" was not found');
 E('ERR_CRYPTO_FIPS_FORCED',
   'Cannot set FIPS mode, it was forced with --force-fips at startup.');