Skip to content

Commit

Permalink
src: turn SSL_CTX_new CHECK/segfault into JS exception
Browse files Browse the repository at this point in the history
These operations do not usually fail, but can do so when OpenSSL
is not configured properly (I ran into this while dynamically linking
against OpenSSL with FIPS). JS exceptions are way more useful
than CHECK failures or plain segfaults.

PR-URL: #42799
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
addaleax authored and juanarbol committed May 31, 2022
1 parent 374c278 commit a6bceae
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/crypto/crypto_cipher.cc
Original file line number Diff line number Diff line change
Expand Up @@ -197,10 +197,14 @@ void CipherBase::GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);

SSLCtxPointer ctx(SSL_CTX_new(TLS_method()));
CHECK(ctx);
if (!ctx) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new");
}

SSLPointer ssl(SSL_new(ctx.get()));
CHECK(ssl);
if (!ssl) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_new");
}

STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl.get());

Expand Down
3 changes: 3 additions & 0 deletions src/crypto/crypto_context.cc
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,9 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
}

sc->ctx_.reset(SSL_CTX_new(method));
if (!sc->ctx_) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new");
}
SSL_CTX_set_app_data(sc->ctx_.get(), sc);

// Disable SSLv2 in the case when method == TLS_method() and the
Expand Down

0 comments on commit a6bceae

Please sign in to comment.