-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src: fix error handling for CryptoJob::ToResult #37076
src: fix error handling for CryptoJob::ToResult #37076
Conversation
Big +1 to this. It's been on my todo list for a while. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM but you're 100% correct that the error handling in the entire subsystem needs a good audit
This comment has been minimized.
This comment has been minimized.
CI is failing on |
This comment has been minimized.
This comment has been minimized.
49a1a79
to
313002a
Compare
CI: https://ci.nodejs.org/job/node-test-pull-request/35753/ (Unrelated OSX failure.) |
We're currently using OpenSSL 1.1.1g in the sharedlibs container in the CI: https://github.com/nodejs/build/blob/90e726898ac71c9c19690cd15b5b0027901c79cb/ansible/roles/docker/templates/ubuntu1804_sharedlibs.Dockerfile.j2#L51 |
Thanks @richardlau, test should pass now. |
It's the same as in V8: We use But it matters that we do, because this is the way that the V8 API and our code use to tell programmers "this is a method that may throw a JS exception", and a plain |
313002a
to
10956b0
Compare
This comment has been minimized.
This comment has been minimized.
10956b0
to
c542548
Compare
@addaleax Thank you for the explanation and sorry about the delay. I tried to fix this based on your feedback :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM :)
CI is green, but GitHub is not picking it up. |
PR-URL: nodejs#37076 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Rich Trott <rtrott@gmail.com>
c542548
to
feb60f8
Compare
Landed in feb60f8 |
PR-URL: #37076 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Rich Trott <rtrott@gmail.com>
PR-URL: #37076 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Rich Trott <rtrott@gmail.com>
The added test case crashes in recent versions of Node.js 15 due to a change in OpenSSL and improper error handling in node core.
The first problem is that
ManagedEVPPKey::ToEncodedPublicKey
andManagedEVPPKey::ToEncodedPrivateKey
returnedJust(false)
to indicate that an exception was thrown, butKeyPairGenTraits::EncodeKey
only checksIsNothing()
and notFromJust()
. This leads to JavaScript handles being empty, and, consequently, to a crash in V8.The next problem is that some code paths in
ToResult
throw exceptions whereas others leave error handling toCryptoJob::AfterThreadPoolWork
. In the test case added here, the functionWritePublicKey
throws an exception because the curve does not have an OID.I am not entirely sure why these functions use
Maybe<bool>
as their return type. Overall, I am pretty sure we need to rework substantial parts of the error handling logic in the crypto subsystem. Hopefully, this PR can still provide a reasonable workaround to avoid crashes for now.I tried to keep the existing behavior of ignoring any results that are equal to
Just(false)
, meaning that returningJust(false)
fromToResult
causes the operation to never complete or fail.When
ToResult
returnsNothing<bool>()
, theAfterThreadPoolWork
function now assumes that an exception was thrown, and passes it to the job callback.In synchronous mode, both
Just(false)
andNothing<bool>()
are ignored, which leads to exceptions being propagated to JavaScript correctly.@jasnell I'd love to hear your opinion. I am happy to implement and test another solution. We should clarify the semantics of the tristate
Maybe<bool>
.