From ce3e203e090ad14bb6b9eba8738b10193cf02868 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sun, 26 Apr 2026 16:46:35 +0200 Subject: [PATCH 1/2] crypto: reject unintended raw key format string input Signed-off-by: Filip Skokan --- lib/internal/crypto/keys.js | 2 +- test/parallel/test-crypto-key-objects-raw.js | 44 ++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index 595b9c2b1e849a..0e39e9a1640eaa 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -659,7 +659,7 @@ function prepareAsymmetricKey(key, ctx, name = 'key') { return { data, format: kKeyFormatJWK }; } else if (format === 'raw-public' || format === 'raw-private' || format === 'raw-seed') { - if (!isStringOrBuffer(data)) { + if (!isArrayBufferView(data) && !isAnyArrayBuffer(data)) { throw new ERR_INVALID_ARG_TYPE( `${name}.key`, ['ArrayBuffer', 'Buffer', 'TypedArray', 'DataView'], diff --git a/test/parallel/test-crypto-key-objects-raw.js b/test/parallel/test-crypto-key-objects-raw.js index f301cc1942fd9a..01b177dbf9db40 100644 --- a/test/parallel/test-crypto-key-objects-raw.js +++ b/test/parallel/test-crypto-key-objects-raw.js @@ -32,6 +32,50 @@ const { hasOpenSSL } = require('../common/crypto'); } } +// Raw key imports do not support strings. +{ + const pubKeyObj = crypto.createPublicKey( + fixtures.readKey('ed25519_public.pem', 'ascii')); + const privKeyObj = crypto.createPrivateKey( + fixtures.readKey('ed25519_private.pem', 'ascii')); + + const rawPub = pubKeyObj.export({ format: 'raw-public' }); + const rawPriv = privKeyObj.export({ format: 'raw-private' }); + + for (const encoding of ['hex', 'base64']) { + assert.throws(() => crypto.createPublicKey({ + key: rawPub.toString(encoding), + encoding, + format: 'raw-public', + asymmetricKeyType: 'ed25519', + }), { code: 'ERR_INVALID_ARG_TYPE' }); + + assert.throws(() => crypto.createPrivateKey({ + key: rawPriv.toString(encoding), + encoding, + format: 'raw-private', + asymmetricKeyType: 'ed25519', + }), { code: 'ERR_INVALID_ARG_TYPE' }); + } +} + +// Raw seed imports do not support strings. +if (hasOpenSSL(3, 5)) { + const privKeyObj = crypto.createPrivateKey( + fixtures.readKey('ml_dsa_44_private.pem', 'ascii')); + + const rawSeed = privKeyObj.export({ format: 'raw-seed' }); + + for (const encoding of ['hex', 'base64']) { + assert.throws(() => crypto.createPrivateKey({ + key: rawSeed.toString(encoding), + encoding, + format: 'raw-seed', + asymmetricKeyType: 'ml-dsa-44', + }), { code: 'ERR_INVALID_ARG_TYPE' }); + } +} + // Key types that don't support raw-* formats { for (const [type, pub, priv] of [ From 2682a822a20ac6e7d7007588f6a94973b2a42fad Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sun, 26 Apr 2026 17:16:27 +0200 Subject: [PATCH 2/2] Update test/parallel/test-crypto-key-objects-raw.js Co-authored-by: Nikita Skovoroda --- test/parallel/test-crypto-key-objects-raw.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/parallel/test-crypto-key-objects-raw.js b/test/parallel/test-crypto-key-objects-raw.js index 01b177dbf9db40..5658be6825823f 100644 --- a/test/parallel/test-crypto-key-objects-raw.js +++ b/test/parallel/test-crypto-key-objects-raw.js @@ -42,7 +42,7 @@ const { hasOpenSSL } = require('../common/crypto'); const rawPub = pubKeyObj.export({ format: 'raw-public' }); const rawPriv = privKeyObj.export({ format: 'raw-private' }); - for (const encoding of ['hex', 'base64']) { + for (const encoding of ['hex', 'base64', 'utf8', 'latin1', 'ascii']) { assert.throws(() => crypto.createPublicKey({ key: rawPub.toString(encoding), encoding,