crypto: fix crash when calling digest after piping

When piping data into an SHA3 hash, EVP_DigestFinal_ex is called in
hash._flush, bypassing safeguards in the JavaScript layer. Calling
hash.digest causes EVP_DigestFinal_ex to be called again, resulting
in a segmentation fault in the SHA3 implementation of OpenSSL.

A relatively easy solution is to cache the result of calling
EVP_DigestFinal_ex until the Hash object is garbage collected.

PR-URL: https://github.com/nodejs/node/pull/28251
Fixes: https://github.com/nodejs/node/issues/28245
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

1 files changed, 8 insertions, 1 deletions

diff --git a/src/node_crypto.h b/src/node_crypto.h
index aa29585533..3e337eaddb 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -595,12 +595,19 @@ class Hash : public BaseObject {
 
   Hash(Environment* env, v8::Local<v8::Object> wrap)
       : BaseObject(env, wrap),
-        mdctx_(nullptr) {
+        mdctx_(nullptr),
+        md_len_(0) {
     MakeWeak();
   }
 
+  ~Hash() override {
+    OPENSSL_cleanse(md_value_, md_len_);
+  }
+
  private:
   EVPMDPointer mdctx_;
+  unsigned char md_value_[EVP_MAX_MD_SIZE];
+  unsigned int md_len_;
 };
 
 class SignBase : public BaseObject {