Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: fix rsa key gen with non-default exponent #27092

Closed

Conversation

sam-github
Copy link
Contributor

@sam-github sam-github commented Apr 4, 2019

EVP_PKEY_CTX_set_rsa_keygen_pubexp() accepts ownership of the exponent
on success, so do not free it.

Fixes: #27087

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

EVP_PKEY_CTX_set_rsa_keygen_pubexp() accepts ownership of the exponent
on success, so do not free it.

Fixes: nodejs#27087
@sam-github sam-github requested a review from tniessen April 4, 2019 22:09
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Apr 4, 2019
@nodejs-github-bot
Copy link
Collaborator

Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Good catch.

@@ -146,7 +146,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);

// Now do the same with an encrypted private key.
generateKeyPair('rsa', {
publicExponent: 0x10001,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we keep this exponent in both tests (here and the change above) as an additional test parameter?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mscdex exponent 0x10001 is tested 4 times in test-crypto-keygen.js, I don't mind copy and pasting the tests with non-default exponents, but don't think it will increase coverage. Can you confirm you want me to do this? For your reference:

core/node (fix-non-default-exp-rsa-keygen $%) % grep publicExponent test/parallel/test-crypto-keygen.js
    publicExponent: 3,   // I changed this from 0x0001
    publicExponent: 0x10001,
    publicExponent: 0x1001,   // I changed this from 0x0001
    publicExponent: 0x10001,
    publicExponent: 0x10001,
    publicExponent: 0x10001,

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, either way is fine then.

Copy link
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't release return the pointer? I am not sure, maybe it doesn't :)

@sam-github
Copy link
Contributor Author

yes, release both returns the pointer, and nulls it (so the auto ptr doesn't own it). But its the only function to use (I think).

@sam-github
Copy link
Contributor Author

Landed in 0911e88

@sam-github sam-github closed this Apr 8, 2019
@sam-github sam-github deleted the fix-non-default-exp-rsa-keygen branch April 8, 2019 16:44
sam-github added a commit that referenced this pull request Apr 8, 2019
EVP_PKEY_CTX_set_rsa_keygen_pubexp() accepts ownership of the exponent
on success, so do not free it.

Fixes: #27087

PR-URL: #27092
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@mscdex
Copy link
Contributor

mscdex commented Sep 4, 2019

FWIW this fixes a crash that currently exists on latest v10.x.

BethGriggs pushed a commit that referenced this pull request Oct 18, 2019
EVP_PKEY_CTX_set_rsa_keygen_pubexp() accepts ownership of the exponent
on success, so do not free it.

Fixes: #27087
Fixes: #29433

PR-URL: #27092
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@BethGriggs BethGriggs mentioned this pull request Oct 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

certain exponents cause generateKeyPair to hang
7 participants