From 65b4fb840ed7ae80fdca5d2c92dd647590d99686 Mon Sep 17 00:00:00 2001 From: Tim Perry <1526883+pimterry@users.noreply.github.com> Date: Thu, 5 Sep 2024 16:15:01 +0200 Subject: [PATCH] crypto: return a clearer error when loading an unsupported pkcs12 PR-URL: https://github.com/nodejs/node/pull/54485 Reviewed-By: Luigi Pinca --- src/crypto/crypto_context.cc | 10 ++++++++++ test/fixtures/keys/legacy.pfx | Bin 0 -> 1058 bytes test/parallel/test-tls-legacy-pfx.js | 27 +++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 test/fixtures/keys/legacy.pfx create mode 100644 test/parallel/test-tls-legacy-pfx.js diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc index 48fecc82c15..aa5ba34c761 100644 --- a/src/crypto/crypto_context.cc +++ b/src/crypto/crypto_context.cc @@ -1148,6 +1148,16 @@ done: if (!ret) { // TODO(@jasnell): Should this use ThrowCryptoError? unsigned long err = ERR_get_error(); // NOLINT(runtime/int) + +#if OPENSSL_VERSION_MAJOR >= 3 + if (ERR_GET_REASON(err) == ERR_R_UNSUPPORTED) { + // OpenSSL's "unsupported" error without any context is very + // common and not very helpful, so we override it: + return THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION( + env, "Unsupported PKCS12 PFX data"); + } +#endif + const char* str = ERR_reason_error_string(err); str = str != nullptr ? str : "Unknown error"; diff --git a/test/fixtures/keys/legacy.pfx b/test/fixtures/keys/legacy.pfx new file mode 100644 index 0000000000000000000000000000000000000000..66fa746fa5e573d2e7cded1632863f4294736c97 GIT binary patch literal 1058 zcmXqLVv%EFWHxAGe!|A7)#lOmotKfFaX}OFRhA~^i$LMC22G4_5K?Rlni%f_g>Eu2 zG61Pd2pL8LPdJB_*TBX=4#DLy5M<%#l6n>(cGBh|6B7pm6Cpf9%f4EI^wC}l~H*|O@h-RD>9 z{gxN^IrB!dzBnp)HHxX_TGWu`9>&P53UVn#6OI%no|~y7%cMtq1J( z_qQ+w{=M29I-&UL<8K_>=hnnoDXf}SbnVFWxYvcDvAMq&B_%k#e#E_bNA0G0zk~ET z62B(2_0CqRe4+T(Y4^ITi)|Et@-YW*Hec5mB@=nR>3Nfd^HzyprQi8pFNwZzRM*U%Idnjd;?0nEm-uAU$i|h!BcZW`0k?K zS|6i~bAh3+c<*hSb$+I$S-_NptGcGV9n1_iujJnQoSgLPgw6y*=KtqsUEP{_1QfaO zm;)sR##1a!jK_e&hk$q=8#gqS@Nh9Q0VUgjf=vc8Y+Nv5U}EB9;b7POXZOP8@L5n~ z1GOh`ta*@Pt#!!Meqzj?39W4_rbqL+AL)2!e&d9X&hfd05yn%c9OPE<-RW@CJD%Xa zc%57TyQuLh3xW2HTYmrcEZKDQtLjICtmcX)=XXcVO>JtDEvIY$(iVSr{g%R}s~;oN zqsx9s=yP=CJMt906StgrU3|s6H5<>QY>B*h!+2u zfqlu;Bdp@HzRfl3Z1`&2JpFXj%Lk8tnU}Tj{$4ZZrtREwrm=6k=j)lh(wk!=?KP`> z^4D{=dd&slKa0BVEUfxAEt=`-s*55q>=vaz)D50rlCFB}G$rVs_PYAA>(guA#NP7c z&p*3=k#11lzTdLSe74>CANF*#YDcb;OucZs#L2Gf!F7g^tp8kbp#kf8c4-`6Tf_BZ z#Vf}4>*k$CPv7_@N?mbc>0I*Y#pU)h4eS5ZPQG1i zZ8W{tx505w>P$mb17&!uaf%v>v544~9y0N6Q@b%+>W2h-c}h_5X8sTZLjy$vPBvC; vK4vB { + assert.strictEqual(e.code, 'ERR_CRYPTO_UNSUPPORTED_OPERATION'); + assert.strictEqual(e.message, 'Unsupported PKCS12 PFX data'); + cleanup(); +}));