diff options
| author | P.S.V.R <pmq2001@gmail.com> | 2015-08-18 10:32:21 +0800 |
|---|---|---|
| committer | Fedor Indutny <fedor@indutny.com> | 2015-08-17 21:38:12 -0700 |
| commit | 00bffa6c758038dca039fd9114912c0430114c08 (patch) | |
| tree | cb4fe9c885bf7d936c78a6f142cea63d58c68a36 /test | |
| parent | 102939ada5bda712993541ef2a3bedd5b31316d2 (diff) | |
| download | android-node-v8-00bffa6c758038dca039fd9114912c0430114c08.tar.gz android-node-v8-00bffa6c758038dca039fd9114912c0430114c08.tar.bz2 android-node-v8-00bffa6c758038dca039fd9114912c0430114c08.zip | |
crypto: check for OpenSSL errors when signing
Errors might be injected into OpenSSL's error stack
without the return value of `PEM_read_bio_PrivateKey` being set to
`nullptr`. See the test of `test_bad_rsa_privkey.pem` for an
example.
PR-URL: https://github.com/nodejs/node/pull/2342
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/fixtures/test_bad_rsa_privkey.pem | 10 | ||||
| -rw-r--r-- | test/parallel/test-crypto.js | 16 |
2 files changed, 26 insertions, 0 deletions
diff --git a/test/fixtures/test_bad_rsa_privkey.pem b/test/fixtures/test_bad_rsa_privkey.pem new file mode 100644 index 0000000000..cc84a6fc6d --- /dev/null +++ b/test/fixtures/test_bad_rsa_privkey.pem @@ -0,0 +1,10 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEAz0ZHmXyxQSdWk6NF +GRotTax0O94iHv843su0mOynV9QLvlAwMrUk9k4+/SwyLu0eE3iYsYgXstXi3t2u +rDSIMwIDAQABAkAH4ag/Udp7m79TBdZOygwG9BPHYv7xJstGzYAkgHssf7Yd5ZuC +hpKtBvWdPXZaAFbwF8NSisMl98Q/9zgB/q5BAiEA5zXuwMnwt4hE2YqzBDRFB4g9 +I+v+l1soy6x7Wdqo9esCIQDlf15qDb26uRDurBioE3IpZstWIIvLDdKqviZXKMs8 +2QIgWeC5QvA9RtsOCJLGLCg1fUwUmFYwzZ1+Kk6OVMuPSqkCIDIWFSXyL8kzoKVm +O89axxyQCaqXWcsMDkEjVLzK82gpAiB7lzdDHr7MoMWwV2wC/heEFC2p0Rw4wg9j +1V8QbL0Q0A== +-----END RSA PRIVATE KEY----- diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js index 55b57e6515..57191b24ae 100644 --- a/test/parallel/test-crypto.js +++ b/test/parallel/test-crypto.js @@ -124,5 +124,21 @@ assert.throws(function() { crypto.createSign('RSA-SHA256').update('test').sign(priv); }, /RSA_sign:digest too big for rsa key/); +assert.throws(function() { + // The correct header inside `test_bad_rsa_privkey.pem` should have been + // -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- + // instead of + // -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- + // It is generated in this way: + // $ openssl genrsa -out mykey.pem 512; + // $ openssl pkcs8 -topk8 -inform PEM -outform PEM -in mykey.pem \ + // -out private_key.pem -nocrypt; + // Then open private_key.pem and change its header and footer. + var sha1_privateKey = fs.readFileSync(common.fixturesDir + + '/test_bad_rsa_privkey.pem', 'ascii'); + // this would inject errors onto OpenSSL's error stack + crypto.createSign('sha1').sign(sha1_privateKey); +}, /asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag/); + // Make sure memory isn't released before being returned console.log(crypto.randomBytes(16)); |