Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 341947e

Browse filesBrowse files
panvaaduh95
panva
authored and
aduh95
committed
crypto: reject unintended raw key format string input
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #62974 Backport-PR-URL: #63173 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
1 parent 28a7874 commit 341947e
Copy full SHA for 341947e

2 files changed

+45-1Lines changed: 45 additions & 1 deletion

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎lib/internal/crypto/keys.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/keys.js
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -765,7 +765,7 @@ function getKeyObjectHandleFromJwk(key, ctx) {
765765

766766

767767
function getKeyObjectHandleFromRaw(options, data, format) {
768-
if (!isStringOrBuffer(data)) {
768+
if (!isArrayBufferView(data) && !isAnyArrayBuffer(data)) {
769769
throw new ERR_INVALID_ARG_TYPE(
770770
'key.key',
771771
['ArrayBuffer', 'Buffer', 'TypedArray', 'DataView'],
Collapse file

‎test/parallel/test-crypto-key-objects-raw.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-crypto-key-objects-raw.js
+44Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,50 @@ const { hasOpenSSL } = require('../common/crypto');
3232
}
3333
}
3434

35+
// Raw key imports do not support strings.
36+
{
37+
const pubKeyObj = crypto.createPublicKey(
38+
fixtures.readKey('ed25519_public.pem', 'ascii'));
39+
const privKeyObj = crypto.createPrivateKey(
40+
fixtures.readKey('ed25519_private.pem', 'ascii'));
41+
42+
const rawPub = pubKeyObj.export({ format: 'raw-public' });
43+
const rawPriv = privKeyObj.export({ format: 'raw-private' });
44+
45+
for (const encoding of ['hex', 'base64', 'utf8', 'latin1', 'ascii']) {
46+
assert.throws(() => crypto.createPublicKey({
47+
key: rawPub.toString(encoding),
48+
encoding,
49+
format: 'raw-public',
50+
asymmetricKeyType: 'ed25519',
51+
}), { code: 'ERR_INVALID_ARG_TYPE' });
52+
53+
assert.throws(() => crypto.createPrivateKey({
54+
key: rawPriv.toString(encoding),
55+
encoding,
56+
format: 'raw-private',
57+
asymmetricKeyType: 'ed25519',
58+
}), { code: 'ERR_INVALID_ARG_TYPE' });
59+
}
60+
}
61+
62+
// Raw seed imports do not support strings.
63+
if (hasOpenSSL(3, 5)) {
64+
const privKeyObj = crypto.createPrivateKey(
65+
fixtures.readKey('ml_dsa_44_private.pem', 'ascii'));
66+
67+
const rawSeed = privKeyObj.export({ format: 'raw-seed' });
68+
69+
for (const encoding of ['hex', 'base64']) {
70+
assert.throws(() => crypto.createPrivateKey({
71+
key: rawSeed.toString(encoding),
72+
encoding,
73+
format: 'raw-seed',
74+
asymmetricKeyType: 'ml-dsa-44',
75+
}), { code: 'ERR_INVALID_ARG_TYPE' });
76+
}
77+
}
78+
3579
// Key types that don't support raw-* formats
3680
{
3781
for (const [type, pub, priv] of [

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.