Skip to content

crypto.createPrivateKey no longer throws TypeError for missing passphrase #48881

New issue
New issue
Closed
Closed
crypto.createPrivateKey no longer throws TypeError for missing passphrase#48881
Labels
confirmed-bugIssues with confirmed bugs.cryptoIssues and PRs related to the crypto subsystem.opensslIssues and PRs related to the OpenSSL dependency.
@westrik

Description

@westrik
westrik
opened on Jul 21, 2023

Version

v17.9.1

Platform

Darwin mattw-2.local 21.6.0 Darwin Kernel Version 21.6.0: Thu Jun 8 23:56:13 PDT 2023; root:xnu-8020.240.18.701.6~1/RELEASE_ARM64_T6000 arm64

Subsystem

crypto

What steps will reproduce the bug?

const key = `-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIgREdlRIrWeoCAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCHRQNOtlWEzBLuFqR+vOFWBIIE
0IschnCj+ult6XpikcATM43YQPqf7m4OS3o8bsxC2Qb8pFwNbgjN5m9hem8JQnUA
336QVhwrRSkuFy4TCv6rRH5UCUEjNMeuGF0N0036AMqVzkw7KAXm/cecBb62nngz
K/r4Fw4/YIyfmFLILQVnxZ622+XF2WAOtu2VWRP6GGMFO71fZ4CGs+kcn8AN50lh
wOcGGhgeJaN249fhOfUZKSJmvyyneYc5Kzd/9SqVLEt2B5954Ivdqz/HjtQe3jVB
14yOAm3D5c4lkK5qe37LYo9NsI864oH1nt26burUaNMm1AwmPP12/+WSqhS5/o1G
zqSE/PAE16Uh4LgdlzCTgj+yQzJpNmBSePTYxJD5b7EYPAVNQrOIyL8p9d0HXU7b
VVA3PeFRdhGCg6YX4RpjVTyddpm9XuKpXm2xTSGCA/spictEuO9Py2iXH9Uf8VfT
fyK4Sm2TX1+6XtvAv0XMEocJ1lkoB99EuGIbg9zguFTE55hJyfsOlpQPRnlzfvK2
JyeXnLGzyU5g1vCjEJiT6OcLZcRC3u2FyCYnqg1Bgr4RVi9pOaul50GVDUFK2Crn
0lqCS5pPoXGlcoKmPES6/oCV9VEEH9C6BU2N6J+vjcyO/kP7VylbOT33nOkDgkjy
/y8/w/3PqFFLnEyGtIEbVu3oNGepy25WQzkSft2ROUzbCX3puAJpHFPBxcapBHaD
bOWbNc3YITxa9VtRBS/Ws3Lg07siepuBFKx1BF+qTrm3YzKzvov0ijFRDUuVH5sA
A+ggcoms/rjoN5Ubt57lY0cStm1Ot/W52Q/OWoWZj+ZHCNnnAYL7fOqsggPW0Ijb
YDjAs/VkX/cx+QaULNu/wpAOlNPLq+fSSpS1KNh2ajdK0al6FmOdG2OkiaLoJDUo
sV2bSkaMQDmdNjBAr/agyv8K0X9XrMM8ExebARXMOxXClrbZSu+Xy5nu9qxau/nq
u/WDFd561WTp2doHcsTPCALIjAZEDxzLeetPpV7neih1I8KZYQ+8Xve9AEumra7w
+XK2SK0Z1LX4JRG1pPJtEHAqPJ62TtiPONCcZaZTw6hARrm+mnIqTaGDsBEIHaHa
m7hM4E7qmkxn7pRZmkkSckpeBIeuliP444Y/vFKHPOHzdHBKir/QYf8MzfVQ5/1R
H7KvDS+hBDmTtFdRz5qsIRsMtRZfPE9F5chxI2035AsTCBB0WKlJadol7BpJDFjP
FY9AiH+PZF4gJOPnUSt89lnhLh/q6i4q6vYXySTjAV04+sdw+GXBEo3R331MtvRv
HS1LR+xd+uCmtcUfLdGEf6CT706Opd6j9kUtbgF3d1nX8/mE6U/Z5GB+4HPbzZsd
9oTBgMBdNWYKxKMJVfY4G5DE9nLtRd6CZxi6YGU1Jf5wfnkRrlGcv/pKznhcrc9f
UnxcixunUzblTH/9abg3QuvcbdJ+Lt/ACxzh/RVGXemwzwGIaeQs61g5jp9/dmHt
Fviy/kmRB1ktKTVwf8yIvZbMN4ax8W8q0jQa/vHSDToWeCEyRNH+M8OHWRMN1FjP
I23ef66np+xau/KUCZ7Er+POq9NlGHOSgIIiw4vwpiKgFup+EplztAqGdqn6AJBI
m0nlxSfszO2PZ44HYMJAQBZ++tuENwyhYPrs5YW3XV3K
-----END ENCRYPTED PRIVATE KEY-----`

require('crypto').createPrivateKey({ key })

Private key generated with:

  • openssl genrsa -aes256 -out key.pem -passout pass:password 2048

How often does it reproduce? Is there a required condition?

This issue seems to happen for any encrypted key with a missing passphrase.

What is the expected behavior? Why is that the expected behavior?

Expected createPrivateKey to throw TypeError: Passphrase required for encrypted key (ERR_MISSING_PASSPHRASE).

This is the error thrown by Node 16.14.2 when running that code:

node:internal/crypto/keys:620
    handle.init(kKeyTypePrivate, data, format, type, passphrase);
           ^

TypeError: Passphrase required for encrypted key
    at Object.createPrivateKey (node:internal/crypto/keys:620:12)
    at Object.<anonymous> (/Users/matt/repro.js:38:19)
    at Module._compile (node:internal/modules/cjs/loader:1191:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1245:10)
    at Module.load (node:internal/modules/cjs/loader:1069:32)
    at Function.Module._load (node:internal/modules/cjs/loader:904:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
    at node:internal/main/run_main_module:22:47 {
  code: 'ERR_MISSING_PASSPHRASE'
}

What do you see instead?

createPrivateKey throws ERR_OSSL_CRYPTO_INTERRUPTED_OR_CANCELLED instead of ERR_MISSING_PASSPHRASE .

node:internal/crypto/keys:618
    handle.init(kKeyTypePrivate, data, format, type, passphrase);
           ^

Error: error:07880109:common libcrypto routines::interrupted or cancelled
    at Object.createPrivateKey (node:internal/crypto/keys:618:12)
    at Object.<anonymous> (/Users/matt/repro.js:38:19)
    at Module._compile (node:internal/modules/cjs/loader:1099:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:975:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
    at node:internal/main/run_main_module:17:47 {
  opensslErrorStack: [
    'error:04800068:PEM routines::bad password read',
    'error:07880109:common libcrypto routines::interrupted or cancelled',
    'error:1C80009F:Provider routines::unable to get passphrase',
    'error:07880109:common libcrypto routines::interrupted or cancelled'
  ],
  library: 'common libcrypto routines',
  reason: 'interrupted or cancelled',
  code: 'ERR_OSSL_CRYPTO_INTERRUPTED_OR_CANCELLED'
}

Node.js v17.9.1

Same thing happens with Node.js v18.17.0.

Additional information

The code path that should be throwing the TypeError still exists: https://github.com/nodejs/node/blob/v18.17.0/src/crypto/crypto_keys.cc#L828C26-L828C49, so it seems like maybe the OpenSSL upgrade changed which ParseKeyResult gets returned.

Metadata

Metadata

Assignees

No one assigned

    Labels

    confirmed-bugIssues with confirmed bugs.cryptoIssues and PRs related to the crypto subsystem.opensslIssues and PRs related to the OpenSSL dependency.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions