-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: don't crash on unknown keyObject.asymmetricKeyType #26786
Conversation
I'd welcome hints and key material other than (ed/x25519 or ed/x448) for adding tests to this. |
Maybe take an unencrypted X488 key and damage the curve OID so it will always be invalid? Or perhaps that will refuse to import? |
I'm not sure if we should use 'unknown' or 'unsupported', I'd probably lean towards the latter since the type must be known (otherwise OpenSSL would probably throw an error), but node does not support/know about it yet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess flat-out removing the asymetricKeyType isn't an option? We are returning this string, but it doesn't appear to have any purpose in our API, am I missing something?
Having the key type is useful, I don't think we should get rid of it. |
No. The information we have about a key is scarse as-is. So, |
definitely not ' @mscdex What use is the asymetricKeyType? Its not accepted as input by any API, it can't be switched on to decide what API to pass a key too. Not too push too hard, but the numeric equivalent in openssl can actually be used (must be used) to do things, not so in our API. I know we hate to take things out, but this is the time to pull it if its problematic, while its still only in 11.x. @panva I'm super sympathetic to the lack of key data, and support that data being made available, but keeping this around doesn't get you that. You still don't know what kind of DH or DSA key it is, what the EC curve is, etc, etc. |
@sam-github the API is already in use by libraries today. To begin with, it's a decent way to ignore keys that are not useful in any context, e.g. jose library having no use for DSA keys, keys that do not have asn1.js implementation yet, etc.
Indeed it is. If this got removed we must consider a stable replacement. E.g. #26709, we didn't land that one because the information it provided was already delivered by |
The key type may not be utilized within node core, but it's certainly helpful in userland when you're accepting arbitrary keys in your application/module. |
It'll refuse to import.
Edit: tests added. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am working on support for RSA-PSS so testing this might become a bit trickier soon.
I was hoping you'd miss that |
I am afraid a rebase is necessary. |
@tniessen done |
Is there a reason why we do not just throw an error while running |
That's debatable, but certainly also a valid approach. The only upside I see of throwing is that people will notify us when we forget to add a key type. However, even if |
@tniessen thanks for clarifying this. I guess in that case both approaches seem legit. What about adding a warning in case I personally have a slight preference for |
@BridgeAR, we went back and forth on the appropriate value to use. As this crash makes the use of KeyObjects impossible with third-party inputs, could we move forward with it as-is? The ✅ are there. |
Personally, I prefer |
The thing about 'unsupported' is that I think it is supported, in the the key can be re-encoded as PEM, and used (possibly) in sign/verify, etc. Isn't that the case? How about we just encode the numeric key id as a string? Which argues for a |
Here’s the thing. If we return a constructed string it might look intentional and someone might start using it thinking it’s final. But then we add a string for the type later and it’ll be breaking for the developer. |
I share this concern. We could choose something inbetween such as
Ref #26709. I think we should avoid using NIDs since they are specific to OpenSSL IIRC. Each key type must have an associated OID, though, since OIDs are used to identify key types when encoded as PKCS#8 / DER etc. |
Its in-between, but has the exact same problem as Anything, other than an actual string specific to the key id will eventually change, and be semver-major when we start to support the numeric type. This argues strongly against returning any string for the (EDIT: I rewrote the above slightly, sorry, I think the old text was confusing). I can think of a couple solutions:
|
Sounds good to me, and also to @tniessen , so yes, please. |
Ref #26996 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ping @nodejs/crypto
Landed in 7c1fc93. |
PR-URL: #26786 Fixes: #26775 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
PR-URL: #26786 Fixes: #26775 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
Fixes #26775
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes