Skip to content

Commit

Permalink
crypto: clear OpenSSL error queue after calling X509_check_private_key()
Browse files Browse the repository at this point in the history
Fixes: #45485
PR-URL: #45495
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Yagiz Nizipli <[email protected]>
  • Loading branch information
panva authored and ruyadorno committed Nov 21, 2022
1 parent 496912d commit bd3accc
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 4 deletions.
2 changes: 2 additions & 0 deletions src/crypto/crypto_x509.cc
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,8 @@ void X509Certificate::CheckPrivateKey(const FunctionCallbackInfo<Value>& args) {
ASSIGN_OR_RETURN_UNWRAP(&key, args[0]);
CHECK_EQ(key->Data()->GetKeyType(), kKeyTypePrivate);

ClearErrorOnReturn clear_error_on_return;

args.GetReturnValue().Set(
X509_check_private_key(
cert->get(),
Expand Down
17 changes: 13 additions & 4 deletions test/parallel/test-crypto-x509.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ if (!common.hasCrypto)
const {
X509Certificate,
createPrivateKey,
generateKeyPairSync,
} = require('crypto');

const {
Expand Down Expand Up @@ -186,10 +187,18 @@ const der = Buffer.from(
code: 'ERR_INVALID_ARG_VALUE'
});

// Confirm failure of X509Certificate:verify() doesn't affect other functions that use OpenSSL.
assert(!x509.verify(x509.publicKey));
// This call should not throw.
createPrivateKey(key);
{
// https://github.com/nodejs/node/issues/45377
// https://github.com/nodejs/node/issues/45485
// Confirm failures of X509Certificate:verify() and X509Certificate:CheckPrivateKey()
// do not affect other functions that use OpenSSL.
// Subsequent calls to e.g. createPrivateKey should not throw.
const keyPair = generateKeyPairSync('ed25519');
assert(!x509.verify(keyPair.publicKey));
createPrivateKey(key);
assert(!x509.checkPrivateKey(keyPair.privateKey));
createPrivateKey(key);
}

// X509Certificate can be cloned via MessageChannel/MessagePort
const mc = new MessageChannel();
Expand Down

0 comments on commit bd3accc

Please sign in to comment.