crypto function call unstable behaviour, node crushes #19655
Labels
crypto
Issues and PRs related to the crypto subsystem.
Comments
|
I can't reproduce this on Linux. I get the 'Trying to add data in unsupported state' error every time. |
|
@eduardbcom Can you test with the latest v9.x release? I've fixed several bugs in the last months that might cause that. |
|
MacBook-Pro:enigma admin$ ~/Documents/opensource/node/out/Debug/node -v Error: Trying to add data in unsupported state Pulled latest master. Does it contain these changes ? @bnoordhuis |
|
BTW, does node support this algorithm ? No idea why I receive 'Error: Trying to add data in unsupported state.' In case of createCipher/createDecipher (without IV) receives Error: error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode not allowed. Thanks! |
|
It seems like on Linux no errors are emitted, but Valgrind shows some invalid reads/writes: |
|
@eduardbcom
Assuming that you build the node.js with the I tried to run your script in my ubuntu 16.04 env, I found it would work if you skip You can verify my finding in your env. If it works on your env, then we can discuss how to handle the 'jAfaFg**';
const cipher = crypto.createCipheriv('id-smime-alg-CMS3DESwrap', key, iv);
let ciph = cipher.update(plaintext, 'utf8', 'buffer');
- ciph = Buffer.concat([ciph, cipher.final('buffer')]);
const decipher = crypto.createDecipheriv('id-smime-alg-CMS3DESwrap', key, iv);
let txt = decipher.update(ciph, 'buffer', 'utf8');
- txt += decipher.final('utf8');
console.log(txt);
} |
|
@yhwang I'm seeing invalid memory access even with the following reduced test case: const crypto = require('crypto');
function testCipher(key, iv) {
// Test encryption and decryption with explicit key with aes128-wrap
const plaintext =
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' +
'jAfaFg**';
const cipher = crypto.createCipheriv('id-smime-alg-CMS3DESwrap', key, iv);
let ciph = cipher.update(plaintext, 'utf8', 'buffer');
// ciph = Buffer.concat([ciph, cipher.final('buffer')]);
// const decipher = crypto.createDecipheriv('id-smime-alg-CMS3DESwrap', key, iv);
// let txt = decipher.update(ciph, 'buffer', 'utf8');
// txt += decipher.final('utf8');
//
// console.log(txt);
}
testCipher(Buffer.from('0123'.repeat(6)), Buffer.alloc(0)); |
|
@TimothyGu sorry for the late response. I will try to investigate the invalid memory access. |
|
@TimothyGu finally, I have some spared time to look at this issue today. I guess I found the root cause of the invalid read. In this case, the output buff that we allocated for |
3 tasks
MylesBorins
pushed a commit
that referenced
this issue
May 4, 2018
For key wrapping algorithms, calling EVP_CipherUpdate() with null output could obtain the size for the ciphertext. Then use the returned size to allocate output buffer. Also add a test case to verify des3-wrap. Signed-off-by: Yihong Wang <yh.wang@ibm.com> PR-URL: #20370 Fixes: #19655 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins
pushed a commit
that referenced
this issue
May 8, 2018
For key wrapping algorithms, calling EVP_CipherUpdate() with null output could obtain the size for the ciphertext. Then use the returned size to allocate output buffer. Also add a test case to verify des3-wrap. Signed-off-by: Yihong Wang <yh.wang@ibm.com> PR-URL: #20370 Fixes: #19655 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
tniessen
pushed a commit
to tniessen/node
that referenced
this issue
May 13, 2018
For key wrapping algorithms, calling EVP_CipherUpdate() with null output could obtain the size for the ciphertext. Then use the returned size to allocate output buffer. Also add a test case to verify des3-wrap. Signed-off-by: Yihong Wang <yh.wang@ibm.com> PR-URL: nodejs#20370 Fixes: nodejs#19655 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
addaleax
pushed a commit
that referenced
this issue
May 14, 2018
For key wrapping algorithms, calling EVP_CipherUpdate() with null output could obtain the size for the ciphertext. Then use the returned size to allocate output buffer. Also add a test case to verify des3-wrap. Signed-off-by: Yihong Wang <yh.wang@ibm.com> Backport-PR-URL: #20706 PR-URL: #20370 Fixes: #19655 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Node behavior is unstable during processing crypto function (listed at the bottom).
Have ran this code three times via lldb and each time I have different output.
MacBook-Pro:enigma admin$ lldb /Users/admin/Documents/opensource/node/out/Debug/node test
(lldb) target create "/Users/admin/Documents/opensource/node/out/Debug/node"
Current executable set to '/Users/admin/Documents/opensource/node/out/Debug/node' (x86_64).
(lldb) settings set -- target.run-args "test"
(lldb) r
Process 64817 launched: '/Users/admin/Documents/opensource/node/out/Debug/node' (x86_64)
Process 64817 stopped
frame #0: 0x0000000100f53937 node`v8::internal::LocalArrayBufferTracker::Add(v8::internal::JSArrayBuffer*, unsigned long) [inlined] std::__1::pair<std::__1::__hash_iterator<std::__1::__hash_node<v8::internal::JSArrayBuffer*, void*>>, bool> std::__1::__hash_table<v8::internal::JSArrayBuffer, v8::internal::LocalArrayBufferTracker::Hasher, std::__1::equal_tov8::internal::JSArrayBuffer*, std::__1::allocatorv8::internal::JSArrayBuffer* >::__emplace_unique_key_args<v8::internal::JSArrayBuffer*, v8::internal::JSArrayBuffer* const&>(this=0x0000000105806ab8, __k=0x00007fff5fbfce48, __args=0x00007fff5fbfce48) at __hash_table:1963
1960 __nd = _bucket_list[__chash];
1961 if (__nd != nullptr)
1962 {
-> 1963 for (__nd = __nd->_next; __nd != nullptr &&
1964 (__nd->__hash() == __hash || __constrain_hash(__nd->__hash(), __bc) == __chash);
1965 __nd = __nd->_next)
1966 {
Target 0: (node) stopped.
(lldb) r
There is a running process, kill it and restart?: [Y/n]
Process 64817 exited with status = 9 (0x00000009)
Process 64821 launched: '/Users/admin/Documents/opensource/node/out/Debug/node' (x86_64)
internal/crypto/cipher.js:110
const ret = this._handle.update(data, inputEncoding);
^
Error: Trying to add data in unsupported state
at Decipheriv.update (internal/crypto/cipher.js:110:28)
at testCipher5 (/Users/admin/Documents/work/enigma/test.js:139:24)
at Object. (/Users/admin/Documents/work/enigma/test.js:145:3)
at Module._compile (module.js:666:30)
at Object.Module._extensions..js (module.js:677:10)
at Module.load (module.js:577:32)
at tryModuleLoad (module.js:517:12)
at Function.Module._load (module.js:509:3)
at Function.Module.runMain (module.js:707:10)
at startup (bootstrap_node.js:196:16)
Process 64821 exited with status = 1 (0x00000001)
(lldb) r
Process 64825 launched: '/Users/admin/Documents/opensource/node/out/Debug/node' (x86_64)
node(64825,0x7fffa8d573c0) malloc: *** error for object 0x10581ea30: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
Process 64825 stopped
frame #0: 0x00007fff9ff69d42 libsystem_kernel.dylib
__pthread_kill + 10 libsystem_kernel.dylib__pthread_kill:-> 0x7fff9ff69d42 <+10>: jae 0x7fff9ff69d4c ; <+20>
0x7fff9ff69d44 <+12>: movq %rax, %rdi
0x7fff9ff69d47 <+15>: jmp 0x7fff9ff62caf ; cerror_nocancel
0x7fff9ff69d4c <+20>: retq
Target 0: (node) stopped.
The text was updated successfully, but these errors were encountered: