Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: expose certificate decoding function #30675

Closed
wants to merge 1 commit into from
Closed

crypto: expose certificate decoding function #30675

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions lib/crypto.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@ const pendingDeprecation = getOptionValue('--pending-deprecation');
const { fipsMode } = internalBinding('config');
const fipsForced = getOptionValue('--force-fips');
const { getFipsCrypto, setFipsCrypto } = internalBinding('crypto');
const { parseX509 } = internalBinding('crypto');
const {
isArrayBufferView,
} = require('internal/util/types');
const {
randomBytes,
randomFill,
Expand Down Expand Up @@ -150,6 +154,13 @@ function createVerify(algorithm, options) {
return new Verify(algorithm, options);
}

function parseCert(cert) {
if (!isArrayBufferView(cert)) {
throw new ERR_INVALID_ARG_TYPE('cert', 'ArrayBufferView', buf);
}
return parseX509(cert);
}

module.exports = {
// Methods
createCipheriv,
Expand Down Expand Up @@ -190,6 +201,7 @@ module.exports = {
setFips: !fipsMode ? setFipsDisabled :
fipsForced ? setFipsForced : setFipsCrypto,
verify: verifyOneShot,
parseCert,

// Classes
Certificate,
Expand Down
36 changes: 35 additions & 1 deletion src/node_crypto.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1145,7 +1145,6 @@ static void IsExtraRootCertsFileLoaded(
return args.GetReturnValue().Set(extra_root_certs_loaded);
}


Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unintended change?

void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
SecureContext* sc;
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
Expand Down Expand Up @@ -2176,6 +2175,39 @@ static Local<Object> X509ToObject(Environment* env, X509* cert) {
}


static void ParseX509(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);

CHECK(args[0]->IsArrayBufferView());
ArrayBufferViewContents<unsigned char> buf(args[0].As<ArrayBufferView>());
const unsigned char* data = buf.data();
unsigned data_len = buf.length();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of width/sign issues here: buf.length() returns a size_t, d2i_X509 takes an int. Suggestion:

size_t data_len = buf.length();
CHECK_LE(data_len, INT_MAX);


ClearErrorOnReturn clear_error_on_return;
BIOPointer bio(LoadBIO(env, args[0]));
if (!bio)
return ThrowCryptoError(env, ERR_get_error());

X509Pointer pem(PEM_read_bio_X509_AUX(
bio.get(), nullptr, NoPasswordCallback, nullptr));

if (!pem) {
// Try as DER, but return the original PEM failure if it isn't DER.
MarkPopErrorOnReturn mark_here;

X509Pointer der(d2i_X509(nullptr, &data, data_len));
if (der) {
args.GetReturnValue().Set(X509ToObject(env, der.get()));
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/local consistency: no braces, ditto on line 2219.

}
if (!pem) {
return ThrowCryptoError(env, ERR_get_error());
}

args.GetReturnValue().Set(X509ToObject(env, pem.get()));
}


static Local<Object> AddIssuerChainToObject(X509Pointer* cert,
Local<Object> object,
StackOfX509&& peer_certs,
Expand Down Expand Up @@ -7358,6 +7390,8 @@ void Initialize(Local<Object> target,
// Exposed for testing purposes only.
env->SetMethodNoSideEffect(target, "isExtraRootCertsFileLoaded",
IsExtraRootCertsFileLoaded);
env->SetMethodNoSideEffect(target, "parseX509",
ParseX509);

env->SetMethodNoSideEffect(target, "ECDHConvertKey", ConvertKey);
#ifndef OPENSSL_NO_ENGINE
Expand Down