fix(ext/node): compute pem length (upper bound) for key exports

Fixes denoland#26188
littledivy · Oct 14, 2024 · d13b135 · d13b135
1 parent 64c304a
commit d13b135
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/ext/node/ops/crypto/keys.rs b/ext/node/ops/crypto/keys.rs
@@ -2024,7 +2024,9 @@ pub fn op_node_export_public_key_pem(
     _ => unreachable!("export_der would have errored"),
   };
 
-  let mut out = vec![0; 2048];
+  let pem_len = der::pem::encapsulated_len(label, LineEnding::LF, data.len())
+    .map_err(|_| type_error("very large data"))?;
+  let mut out = vec![0; pem_len];
   let mut writer = PemWriter::new(label, LineEnding::LF, &mut out)?;
   writer.write(&data)?;
   let len = writer.finish()?;
@@ -2063,7 +2065,9 @@ pub fn op_node_export_private_key_pem(
     _ => unreachable!("export_der would have errored"),
   };
 
-  let mut out = vec![0; 2048];
+  let pem_len = der::pem::encapsulated_len(label, LineEnding::LF, data.len())
+    .map_err(|_| type_error("very large data"))?;
+  let mut out = vec![0; pem_len];
   let mut writer = PemWriter::new(label, LineEnding::LF, &mut out)?;
   writer.write(&data)?;
   let len = writer.finish()?;

diff --git a/tests/unit_node/crypto/crypto_key_test.ts b/tests/unit_node/crypto/crypto_key_test.ts
@@ -656,3 +656,24 @@ z6TExWlQMjt66nV7R8cRAkzmABrG+NW3e8Zpac7Lkuv+zu0S+K7c
   assertEquals(publicKey.type, "public");
   assertEquals(publicKey.asymmetricKeyType, "rsa");
 });
+
+// https://github.com/denoland/deno/issues/26188
+Deno.test("generateKeyPair large pem", async function () {
+  const passphrase = "mypassphrase";
+  const cipher = "aes-256-cbc";
+  const modulusLength = 4096;
+
+  generateKeyPairSync("rsa", {
+    modulusLength,
+    publicKeyEncoding: {
+      type: "spki",
+      format: "pem",
+    },
+    privateKeyEncoding: {
+      type: "pkcs8",
+      format: "pem",
+      cipher,
+      passphrase,
+    },
+  });
+});