From 4776784204a3e41178b8dd961eb26f1cd53f447e Mon Sep 17 00:00:00 2001 From: Jonathan Date: Tue, 21 Apr 2026 13:15:14 -0300 Subject: [PATCH 1/3] crypto: reject inherited key type names Use an own-property check when dispatching generateKeyPair's NID-only algorithm table Fixes: https://github.com/nodejs/node/issues/62874 Signed-off-by: Jonathan Lopes --- lib/internal/crypto/keygen.js | 3 ++- test/parallel/test-crypto-keygen.js | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js index d1c14e547fd640..93c20a6f40c797 100644 --- a/lib/internal/crypto/keygen.js +++ b/lib/internal/crypto/keygen.js @@ -3,6 +3,7 @@ const { FunctionPrototypeCall, ObjectDefineProperty, + ObjectPrototypeHasOwnProperty, SafeArrayIterator, } = primordials; @@ -356,7 +357,7 @@ function createJob(mode, type, options) { ...encoding); } default: { - if (nidOnlyKeyPairs[type] === undefined) { + if (!ObjectPrototypeHasOwnProperty(nidOnlyKeyPairs, type)) { throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type'); } return new NidKeyPairGenJob(mode, nidOnlyKeyPairs[type], ...encoding); diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js index e0515c15776fc6..7911520af34481 100644 --- a/test/parallel/test-crypto-keygen.js +++ b/test/parallel/test-crypto-keygen.js @@ -55,6 +55,20 @@ const { hasOpenSSL3 } = require('../common/crypto'); code: 'ERR_INVALID_ARG_VALUE', message: "The argument 'type' must be a supported key type. Received 'rsa2'" }); + + for (const type of ['toString', 'constructor']) { + assert.throws(() => generateKeyPairSync(type, {}), { + name: 'TypeError', + code: 'ERR_INVALID_ARG_VALUE', + message: `The argument 'type' must be a supported key type. Received '${type}'` + }); + + assert.throws(() => generateKeyPair(type, {}, common.mustNotCall()), { + name: 'TypeError', + code: 'ERR_INVALID_ARG_VALUE', + message: `The argument 'type' must be a supported key type. Received '${type}'` + }); + } } { From 3351caa211e7eec6d10e2f6c8089d6db04a15feb Mon Sep 17 00:00:00 2001 From: Jonathan Date: Tue, 21 Apr 2026 13:37:56 -0300 Subject: [PATCH 2/3] crypto: add __proto__ null to nidOnlyKeyPairs Signed-off-by: Jonathan Lopes --- lib/internal/crypto/keygen.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js index 93c20a6f40c797..b44c7e81e305fb 100644 --- a/lib/internal/crypto/keygen.js +++ b/lib/internal/crypto/keygen.js @@ -3,7 +3,6 @@ const { FunctionPrototypeCall, ObjectDefineProperty, - ObjectPrototypeHasOwnProperty, SafeArrayIterator, } = primordials; @@ -182,6 +181,7 @@ function parseKeyEncoding(keyType, options = kEmptyObject) { } const nidOnlyKeyPairs = { + __proto__: null, 'ed25519': EVP_PKEY_ED25519, 'ed448': EVP_PKEY_ED448, 'x25519': EVP_PKEY_X25519, @@ -357,7 +357,7 @@ function createJob(mode, type, options) { ...encoding); } default: { - if (!ObjectPrototypeHasOwnProperty(nidOnlyKeyPairs, type)) { + if (nidOnlyKeyPairs[type] === undefined) { throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type'); } return new NidKeyPairGenJob(mode, nidOnlyKeyPairs[type], ...encoding); From 1704281c7786a8ce5c000f0559a7d267602ac4a7 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Tue, 21 Apr 2026 13:48:12 -0300 Subject: [PATCH 3/3] crypto: fix lint errors Signed-off-by: Jonathan Lopes --- lib/internal/crypto/keygen.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js index b44c7e81e305fb..e6e787c39f512a 100644 --- a/lib/internal/crypto/keygen.js +++ b/lib/internal/crypto/keygen.js @@ -181,7 +181,7 @@ function parseKeyEncoding(keyType, options = kEmptyObject) { } const nidOnlyKeyPairs = { - __proto__: null, + '__proto__': null, 'ed25519': EVP_PKEY_ED25519, 'ed448': EVP_PKEY_ED448, 'x25519': EVP_PKEY_X25519,