Skip to content

Commit

Permalink
src: turn SSL_CTX_new CHECK/segfault into JS exception
Browse files Browse the repository at this point in the history
These operations do not usually fail, but can do so when OpenSSL
is not configured properly (I ran into this while dynamically linking
against OpenSSL with FIPS). JS exceptions are way more useful
than CHECK failures or plain segfaults.

PR-URL: nodejs/node#42799
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
addaleax authored and guangwong committed Oct 10, 2022
1 parent 5690fe8 commit a721aef
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/crypto/crypto_cipher.cc
Original file line number Diff line number Diff line change
Expand Up @@ -198,10 +198,14 @@ void CipherBase::GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);

SSLCtxPointer ctx(SSL_CTX_new(TLS_method()));
CHECK(ctx);
if (!ctx) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new");
}

SSLPointer ssl(SSL_new(ctx.get()));
CHECK(ssl);
if (!ssl) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_new");
}

STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl.get());

Expand Down
3 changes: 3 additions & 0 deletions src/crypto/crypto_context.cc
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,9 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
}

sc->ctx_.reset(SSL_CTX_new(method));
if (!sc->ctx_) {
return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new");
}
SSL_CTX_set_app_data(sc->ctx_.get(), sc);

// Disable SSLv2 in the case when method == TLS_method() and the
Expand Down

0 comments on commit a721aef

Please sign in to comment.