-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto.generateKeyPair generates error ERR_OSSL_CRYPTO_MALLOC_FAILURE in node 17.2.0 #41428
Comments
Not sure if it's intended or not, but the error only occurs when the private key encryption passphrase is empty, when one is provided this works as expected, likewise when no encryption is requested it's fine. cc @nodejs/crypto |
I'm using this in my test suite, setting |
I think this is a bug in OpenSSL, so I sent a report with my findings: openssl/openssl#17506 |
My fix landed in the OpenSSL repo: openssl/openssl#17507! Will cherry-pick it to https://github.com/quictls/openssl tomorrow. |
@RaisinTen was this cherry picked over? |
@mhdawson I had sent the cherry-pick PR to the quictls repo - quictls/openssl#75 but I'm yet to get a review from the maintainers. |
Thanks for the update, was just wondering if it was progressing., |
openssl/openssl@59ccb72: ``` commit 59ccb72cd5cec3b4e312853621e12a68dacdbc7e Author: Darshan Sen <raisinten@gmail.com> Date: Fri Jan 14 16:22:41 2022 +0530 Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey() When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size allocation, which resulted in malloc failures. Fixes: openssl/openssl#17506 Signed-off-by: Darshan Sen <raisinten@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl/openssl#17507) ``` openssl/openssl@1d28ada: ``` commit 1d28ada1c39997c10fe5392f4235bbd2bc44b40f Author: Darshan Sen <raisinten@gmail.com> Date: Sat Jan 22 17:56:05 2022 +0530 Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid() Signed-off-by: Darshan Sen <raisinten@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl/openssl#17507) ``` Refs: openssl/openssl#17507 Fixes: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com>
Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com>
Sent a cherry-pick pr to Node.js anyways because my change has already landed in the openssl repo - #42319 |
Refs: openssl/openssl#17507 Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com>
Refs: openssl/openssl#17507 Refs: #41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Refs: openssl/openssl#17507 Refs: #41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Refs: openssl/openssl#17507 Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: nodejs#42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Refs: openssl/openssl#17507 Refs: #41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Refs: openssl/openssl#17507 Refs: #41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Refs: openssl/openssl#17507 Refs: #41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Refs: openssl/openssl#17507 Refs: nodejs#41428 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: nodejs#42319 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Version
17.2.0
Platform
Linux raynos-Precision-5530 5.4.0-91-generic #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Subsystem
crypto
What steps will reproduce the bug?
Run the following script in node 17.2.0 and node 16.
Node 16 has no error, node 17 has an err
The err is
How often does it reproduce? Is there a required condition?
every time on linux and mac.
What is the expected behavior?
I expected node 17 to not have a regression
What do you see instead?
I see an error.
Additional information
No response
The text was updated successfully, but these errors were encountered: